The Basiq CDR solution provides consumers with greater access to, and control over their financial data, providing insights on spending and income in an easy to understand and structured form.
Why we need you to share your data
Basiq accepts requests directly from you (the consumer), to voluntarily share your banking data - to provide services as follows:
Data Aggregation and Enrichment: your shared financial data is aggregated, enriched and demystified to provide a single view of your finances - across each of your banks
Spending Insights: your shared financial data is analysed to provide insights into spending, including the category of spend
Income Insights: your shared data is analysed to identify your income steams including surfacing patterns around regularity and stability
Affordability Report: insights above are presented in an easy to read PDF report
What details you share with us
product category, account type and product name ( e.g. TRANS_AND_SAVINGS_ACCOUNTS, termDeposit, 90 Days Deposit)
BSB and account number / masked number
account holder / display name
account owner (true/false)
account meta data (e.g. credit cards, term deposits, loans)
status (pending / posted)
You are in control of your data
What we do with your data
Basiq will use your data for the purpose agreed - to provide Affordability insights, and will also ensure the following:
will not on-sell your data to anyone.
will not provide your data to any third party without telling you first and asking for permission.
You may be required under Australian Law to retain some de-identified data and data insights.
will delete your personally identifiable data once your consent expires.
will provide a dashboard for you to revoke your consent at any time remove data immediately.
In sharing your data with Basiq, you agree that:
data insights provided to you, may not be used to reverse engineer or replicate data attributes or data models including the enrichment and categorisation process or to create competing products.
your aggregated and de-identified bank transactions may be used to train and improve our machine learning models to provide better insights back to you.
Manage your data consent
Basiq provides a secure Dashboard where you can view and revoke the consent you have provided.
Manage your consent to share your data
Access it anytime via our Consumer Consent Dashboard will be available once Basiq is an active ADR.
You can go to Basiq’s Consent Dashboard at any time to revoke consent and stop us using your data for the agreed purpose.
Once your consent expires or you want to stop sharing your data then all personally identifiable data will be deleted.
Security of your data
Basiq’s approach to data security is designed to protect you as a consumer. The Basiq CDR solution is built and maintained to follow best practices in keeping your data secure when you have shared it with us. Basiq monitor every activity, and continuously invest in security upgrades, so we protect you and your data.
The Basiq physical infrastructure is hosted and managed in an ISO 27001, SOC 1 & SOC 2, PCI Level 1, FISMA Moderate and SOX certified data centre.
Two-factor authentication and strong password controls are required for administrative access to systems.
Restricted network access
Firewalls are utilised to restrict access to systems from external networks and between systems internally.
Basiq stores data at rest using 256-bit AES encryption and use an SSL/TLS secure tunnel to transfer data between your app and our API.
Secure development practises
Basiq development follows industry-standard secure coding guidelines, such as those recommended by OWASP.
Basiq conducts behavioural monitoring, vulnerability assessment, SIEM and intrusion detection to detect threats and keep our system safe and secure.
What happens if there is a security breach
Basiq maintains a Data Breach Response Plan - Basiq can provide a copy of this policy on request
If a security breach occurs we:
Contain the data breach to prevent any further leak of personal information.
Assess the data breach by gathering the facts. Then check the risks or potential harm to affected members and take action to reduce any risk of harm.
Review the incident and consider what actions we can take to prevent future breaches.
Basiq stores data security in AWS data centres in Sydney and Melbourne and data does not leave Australia.
Basiq does not use any overseas third party providers for CDR data.
Basiq uses third-party service providers to enrich the data, no personally identifiable data is shared with third parties without your permission