Open Finance

Enquire Today

Stablecoin as a Service

Custody and Settlement

Compliance & Security (RegFirst)

Cross-Border Value Flows + Regulated On/Off Ramps

Privacy Policy

Effective Date: 13 January 2026 | Last Updated: 10 January 2026

1. Introduction

The FSCO Platform (the "Platform") is operated by Financial Services Co Pty Ltd (hereinafter referred to as "we", "us", "our", or the "Operator"). The Operator is committed to responsible privacy practices and to complying with the Privacy Principles contained in the Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs").

For users located in the European Economic Area ("EEA") or the United Kingdom, we also comply with the General Data Protection Regulation ("GDPR") and applicable UK data protection laws.

The purpose of this Privacy Policy is to set out how the Operator will deal with personal information gathered when you visit and use the FSCO website (including associated mobile applications), our blockchain infrastructure platform, payments and wallets services, tokenization services, and document processing capabilities (collectively, the "Services").

2. Operation of FSCO Platform

Important Notice Regarding Blockchain Data: Content submitted to the Platform may be made public on blockchain networks, where it will be accessible to anyone with access to the blockchain. Once documents, contracts, and transactions are published on blockchain networks, they become part of an immutable ledger. This means that the Operator cannot alter or delete this information. The nature of blockchain technology ensures that any data submitted to these networks remains permanent and cannot be removed or modified by the Operator or any other party.

By placing personal information on the FSCO Platform or submitting transactions to blockchain networks, you acknowledge and agree to this information being available in this way.

3. What is Personal Information?

We collect various forms of financial data essential for providing our payments, wallets, and asset tokenization services. This includes traditional financial identifiers like bank account details for wire and ACH transfers, as well as digital asset-specific information such as wallet addresses, custodial wallet identifiers, and detailed transaction histories for stablecoin and token operations. This information is processed to facilitate transactions, ensure regulatory compliance, and manage digital assets on the FSCO Platform.

4. The Kinds of Personal Information We Collect

4.1 Account and Profile Information

When you register for an Account or contact us, we may collect:

  • Your name, username, and login credentials
  • Mobile number, email address, and postal address

4.2 Identity and Verification Information (KYC/AML)

To comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements, we may collect:

  • Full legal name, date of birth, and nationality
  • Government-issued identification documents (passport, driver's licence, national ID)
  • Proof of address documentation (utility bills, bank statements)
  • Biometric data including facial recognition data for identity verification
  • Tax identification numbers and residency status
  • For business entities: registration documents, beneficial ownership information, and director details

4.3 Financial and Transaction Information

Through our Payments & Wallets and Wire Transfer services, we collect:

  • Wallet addresses and custodial wallet identifiers
  • Transaction histories including fiat-to-stablecoin conversions
  • Bank account details for ACH and wire transfer processing
  • Payment card information (processed through PCI-DSS compliant providers)
  • Stablecoin minting, burning, and transfer records
  • Asset tokenization records (ERC-20, ERC-721, ERC-1155 transactions)

4.4 Blockchain and Smart Contract Data

Our Chain Operations and Contract services process:

  • Smart contract deployment records and interaction logs
  • Multi-chain transaction data across supported networks
  • Gas fee calculations and abstraction records
  • On-chain asset balances and token holdings

4.5 Document AI Processing Data

Through our Document AI services, we process:

  • Uploaded documents including PDFs, identity documents, and financial records
  • Extracted data from document parsing and OCR processing
  • AI model outputs and structured JSON data derived from documents
  • Document metadata including file types, sizes, and processing timestamps

4.6 Site Visit Data

When visiting the FSCO website, a record of your visit is logged. The following information is supplied by your browser or recorded by our servers:

  • Your server address and IP address
  • Your operating system (for example Windows, Mac, etc.)
  • Your top level domain name (for example .com, .gov, .au, .uk, etc.)
  • The date and time of your visit to the site
  • The pages accessed and documents/data downloaded
  • Search terms used
  • The type of browser used
  • API usage logs, authentication tokens, and access patterns

Your IP address is a number which identifies the computer you use to access the site. FSCO stores this in order to track usage of the site and monitor abuse of the site. Unless we are required to do so by law or it is reasonable for us to do so as a result of a breach or suspected breach by you of the FSCO Terms of Use or this Privacy Policy, we will not attempt to identify your browsing activities.

This site visit data may be aggregated for analysis with identifiable characteristics removed.

4.7 Sensitive Information

If you disclose any sensitive information via FSCO or provide the Operator with sensitive information for any reason, you consent to the Operator collecting that information and using and disclosing that information for the purpose for which you disclosed it to us and as permitted by the Privacy Act and other relevant laws.

5. Collection, Use and Disclosure of Personal Information

5.1 How We Collect Information

Under the APPs, we collect personal information only where it is reasonably necessary for our functions and activities. We collect information:

  • Directly from you when you register, verify your identity, or use our Services
  • From third-party identity verification providers
  • From blockchain networks (public on-chain data)
  • From our business partners and API integrators with your consent

5.2 Purposes of Collection

The purposes for which we use and disclose your personal information will depend on the circumstances in which we collect it. Whenever practical, we will endeavour to inform you why we are collecting your personal information, how we intend to use that information, and to whom we intend to disclose it at the time of collection.

We use your information to:

  • Provide custodial wallet services and manage digital asset storage
  • Process fiat-to-stablecoin conversions and wire transfers
  • Deploy and execute smart contracts on your behalf
  • Tokenize assets and manage token lifecycle operations
  • Process and extract data from uploaded documents
  • Verify your identity and comply with AML/KYC obligations
  • Prevent fraud, money laundering, and terrorist financing
  • Maintain platform security and investigate suspicious activities
  • Monitor, develop and improve the quality of the FSCO Platform
  • Deal with your inquiries and requests
  • Compile usage statistics such as determining traffic through the server
  • Communicate with you about your account and our Services
  • Add you to a mailing list (you may opt-out at any time)
  • Comply with legal and regulatory requirements globally

5.3 Disclosure of Personal Information

We may disclose your personal information to:

Service Providers and Partners

  • Identity verification and KYC service providers
  • Banking partners for fiat on/off-ramp processing

Regulatory and Legal Authorities

  • AUSTRAC (Australian Transaction Reports and Analysis Centre)
  • Australian Securities and Investments Commission (ASIC)
  • Law enforcement agencies when legally required
  • Courts and tribunals in response to legal process

Blockchain Networks

Please note that transactions recorded on public blockchain networks are permanently visible and cannot be deleted. While we implement measures to protect your identity, on-chain transaction data (including wallet addresses and transaction amounts) is publicly accessible.

Business Transfers

Your personal information may be disclosed if the Operator sells or licenses FSCO to another operator.

5.4 GDPR Legal Bases (EEA/UK Users)

For users in the EEA and UK, we process personal data based on:

  • Contract performance: To provide our Services and process transactions
  • Legal obligation: AML/KYC compliance, tax reporting, regulatory requirements
  • Legitimate interests: Fraud prevention, security, service improvement
  • Consent: Marketing communications and optional data processing

6. How and Where is Personal Information Stored?

Your personal information may be provided from and stored in multiple geographic locations within cloud-based hosted services. This may include disclosure of personal information outside of Australia to related bodies corporate, service providers and other third parties including those located in the United States of America, Japan, Singapore, Hong Kong, the United Kingdom, and the European Union.

The information will be securely stored and transmitted from cloud hosted storage to your browser.

6.1 Australian Requirements (APP 8)

Before disclosing personal information to overseas recipients, we take reasonable steps to ensure they comply with the APPs or are subject to substantially similar privacy protections. We use contractual arrangements to protect your information when transferred internationally.

6.2 GDPR Transfer Mechanisms

For EEA/UK users, we rely on:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules where applicable
  • Your explicit consent for specific transfers

7. Security of Personal Information

We implement comprehensive technical and organisational measures to protect your personal information:

Technical Safeguards

All Personally Identifiable Information (PII) is encrypted at rest using industry-standard encryption protocols.

  • End-to-end encryption for data in transit (TLS 1.3)
  • AES-256 encryption for all PII and sensitive data at rest
  • Hardware Security Modules (HSMs) for cryptographic key management
  • Multi-party computation for custodial wallet operations
  • For security, FSCO does not store your password, but instead stores an encrypted version of it. This means that FSCO's Operator cannot read your password and cannot pass it on to other people.
  • ISO27001 certified infrastructure
  • Regular penetration testing and security audits

Organisational Measures

  • Role-based access controls and principle of least privilege
  • Employee background checks and security training
  • Incident response and disaster recovery procedures
  • Regular security awareness training for all staff

The Operator takes reasonable steps to provide a secure environment and a reliable system to protect your personal information from misuse, interference or loss and from unauthorized access, modification or disclosure, but you should be aware that there are inherent risks associated with the transmission of information via the Internet.

Except to the extent liability cannot be excluded due to the operation of statute, the Operator excludes all and any liability (including in negligence) for the consequences of any unauthorized access to, disclosure of, misuse of or loss or corruption of your personal information. Nothing in this Privacy Policy restricts, excludes or modifies or purports to restrict, exclude or modify any statutory consumer rights under any applicable law including the Competition and Consumer Act 2010 (Cth).

Please notify the Operator immediately if you become aware of any breach of security.

8. Data Retention

We retain personal information for as long as necessary to fulfil the purposes outlined in this Policy, unless a longer retention period is required by law:

Data CategoryRetention PeriodLegal Basis
KYC/Identity Documents7 years after relationship endsAML/CTF Act
Transaction Records7 years from transaction dateAML/CTF Act, Tax Law
Account InformationDuration of relationship + 7 yearsContract, Legal Obligation
API Logs and Access Records2 yearsLegitimate Interests
Document AI Processed Data90 days or as specified by clientContract
Site Visit Data2 yearsLegitimate Interests
Marketing PreferencesUntil consent withdrawnConsent

Please note that blockchain transaction records are immutable and cannot be deleted from public networks. We retain off-chain records in accordance with the retention periods above.

9. How to Seek Access and Correct Personal Information

9.1 Rights Under Australian Privacy Law

The Operator will, at your request, provide you with access to any information which the Operator has collected about you. Access to that information will be provided in accordance with the Privacy Act, subject to certain exemptions which may apply. You have the right to:

  • Access personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Complain about our handling of your personal information
  • Opt-out of direct marketing communications

The Operator may require that the person requesting access provide suitable identification and where permitted by law may charge an administration fee for granting access to your personal information.

To gain access, correct or update this information, you should contact tech@fsco.io. You can also change or delete your personal information yourself at any time, except for your IP address, by editing your account.

9.2 Additional Rights for EEA/UK Users (GDPR)

If you are located in the EEA or UK, you also have the right to:

  • Erasure ("right to be forgotten") where legally applicable
  • Restrict processing of your personal data
  • Data portability in a structured, machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with your local supervisory authority

9.3 Limitations on Rights

Certain rights may be limited where we have legal obligations to retain information (such as AML record-keeping requirements) or where data is recorded on immutable blockchain networks. We will inform you if limitations apply to your request.

10. Notifiable Data Breaches

In accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988, if we become aware of a data breach that is likely to result in serious harm to affected individuals, we will:

  1. Promptly assess the breach and take remedial action
  2. Notify the Office of the Australian Information Commissioner (OAIC)
  3. Notify affected individuals as required by law
  4. Provide recommendations for steps individuals can take

For EEA/UK users, we will also notify the relevant supervisory authority within 72 hours of becoming aware of a breach, as required under the GDPR.

11. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential functionality: Authentication, security, session management
  • Analytics: Understanding how our Services are used
  • Performance: Improving platform speed and reliability

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect platform functionality.

12. External Links and Third-Party Services

This site contains links to other sites. The Operator is not responsible for the privacy practices or the content of such websites or any third party sites. Our Services may integrate with third-party platforms, blockchain networks, and external APIs. We encourage you to review their privacy policies before providing personal information.

13. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Services. We will notify you of material changes by email or through our platform. Your continued use of our Services after such notification constitutes acceptance of the updated Policy.

15. How to Make a Complaint

If you have any questions, comments or complaints about the Operator's collection, use or disclosure of personal information, or if you believe that the Operator has not complied with this Privacy Policy or the Privacy Act, please contact:

Privacy Officer

Financial Services Co Pty Ltd Email: info@fsco.io Technical Support: tech@fsco.io

The Operator will take any privacy complaint seriously and any complaint will be assessed with the aim of resolving any issue in a timely and efficient manner.

If you are not satisfied with the outcome of our assessment of your complaint, you may contact:

Office of the Australian Information Commissioner (OAIC) Website: www.oaic.gov.au Phone: 1300 363 992

For EEA/UK Users:

You may also contact your local data protection supervisory authority.

This Privacy Policy is governed by the laws of Australia. For specific jurisdictional requirements, please refer to our supplementary regional privacy notices available on our website.