Legal

Privacy Policy

Last updated 11 June 2026

This Privacy Policy explains how Zupo Pty Ltd (ABN 64 697 282 554) (“Zupo”, “we”, “us”) collects, uses, discloses and protects your personal information when you use our website or enquire about business funding. We handle personal information in accordance with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth).

Information we collect

When you enquire or apply through us, we may collect:

Your name, contact details and role in the business (for example, director or owner)
Business details, including ABN or ACN, trading name, industry, time in business and turnover
Financial information about the business, including business bank statements and details of existing finance or debts
Identity information needed to verify who you are, such as your driver licence or passport details
Records of our communications with you, including phone calls, SMS and email
Technical data such as your IP address, device type and how you use our site

How we collect it

We collect information directly from you through our website forms, by phone, SMS and email, and through documents you provide. With your consent, business bank statement data is retrieved securely through illion Open Data Solutions (bankstatements.com.au). We may also collect publicly available business information, such as ASIC and ABN registry records.

How we use your information

We use your information to:

Assess, prepare and progress your funding enquiry
Connect you with our funding partner and support your application with them
Verify your identity
Communicate with you about your enquiry by phone, SMS and email
With your consent, send you marketing about funding products and services that may be relevant to your business (you can opt out at any time)
Improve our website and services
Meet our legal and regulatory obligations

We do not run a credit check to provide an indicative offer. Any credit check is conducted later by the funding partner, with your consent, if you choose to proceed.

Who we share it with

As a finance broker, we share your information with:

Our funding partner, so they can assess your application and make a funding decision. The funding partner handles your information under its own privacy policy.
Service providers who help us operate, including illion (bank statement retrieval), our customer relationship management platform, our phone and messaging platform, identity verification providers, and IT, hosting and analytics providers.
Professional advisers such as lawyers and accountants, where reasonably required.
Government bodies, regulators or courts, where required or authorised by law.

We do not sell your personal information.

Overseas disclosure

Some of the service providers we use store or process data outside Australia. This includes our customer relationship management, communications, analytics and advertising platforms, which may process data in the United States and the European Union. Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles it in a way consistent with the Australian Privacy Principles.

Bank statement data

If you choose to share business bank statements, the data is retrieved securely through illion Open Data Solutions using bank-grade encryption. We do not see or store your internet banking login credentials. Bank statement data is used solely to assess and progress your funding enquiry and is shared with our funding partner for that purpose. You may withdraw your consent to our continued use of this data at any time by contacting us.

Call recording

Calls with Zupo may be recorded for training, quality and record-keeping purposes. Where a call is recorded, you will be told at the start of the call. If you do not wish to be recorded, let us know and we can continue by email or SMS instead.

Cookies, analytics and advertising

With your consent, we use cookies and similar technologies for analytics and advertising. When you first visit, a banner lets you accept or decline these. Nothing non-essential runs until you accept, and declining is honoured for the rest of your visit. The tools we use are:

Google Analytics, to understand how visitors use the site (pages viewed, general location, device). It sets cookies and processes technical data such as your IP address.
Meta (Facebook) Pixel, to measure the performance of our advertising and reach relevant audiences. It sets cookies and records actions such as page views and enquiry submissions.

You can change your choice at any time by clearing this site's cookies and site data in your browser, which brings the consent banner back. You can also use your browser's privacy settings or an ad blocker to limit tracking.

Marketing and opting out

If you submit an enquiry, we may contact you by phone, SMS and email about that enquiry. With your consent, we may also send you marketing communications. Every marketing email and SMS we send includes a way to unsubscribe, and you can opt out at any time by replying STOP to an SMS, using the unsubscribe link in an email, or contacting us directly. Opting out of marketing does not affect communications about an active enquiry.

How long we keep your information

We keep personal information only as long as it is needed for the purposes above or as required by law:

Records relating to funded deals are retained for up to 7 years to meet legal, tax and record-keeping obligations.
If your enquiry does not proceed, bank statements and identity documents are securely deleted or de-identified within 12 months, unless you ask us to keep them for a future enquiry.

When information is no longer required, we take reasonable steps to securely destroy or de-identify it.

Security

We use reasonable technical and organisational measures to protect your information against loss, misuse and unauthorised access, including encryption in transit, access controls and reputable cloud providers. No method of transmission is completely secure, but we take protecting your data seriously. If a data breach occurs that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

Access and correction

You can request access to, or correction of, the personal information we hold about you by contacting us using the details below. We will respond within 30 days. There is no charge to make a request, though a reasonable fee may apply to cover the cost of providing access in some cases.

Complaints

If you believe we have mishandled your personal information, contact us using the details below and mark your message for the attention of the Privacy Officer. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.

Changes to this policy

We may update this policy from time to time. The latest version will always be available on this page, with the date of the last update shown at the top.

Contact us. Privacy Officer, Zupo Pty Ltd. Email hello@zupo.com.au or call 1300 043 192.