SandboxTest environment. Sandbox providers, no real verifications, data may be reset at any time.

Privacy Policy

Last updated: 2026-05-01. This is a working draft for the V1 launch and will be finalised by legal counsel before public release.

1. Who we are

Agent ID Pty Ltd (“Agent ID”, “we”) operates the identity service at agent-id.com.au and sandbox.agent-id.com.au. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. What we collect (APP 3)

  • Account information: email, professional name, full name, mobile, headshot.
  • Agency context: trading name, ABN, role, branch.
  • Verification data (V2): identity document images, biometric checks via FrankieOne, state licence numbers.
  • Operational metadata: sign-in timestamps, IP addresses, user-agent strings, audit log entries.

3. How we use it (APP 6)

We use your information to authenticate you, propagate your identity and agency context to connected products you authorise via OAuth, verify your identity and licence status (V2), and meet our regulatory obligations under AML/CTF and the Privacy Act.

4. Disclosure (APP 6 / APP 8)

We share your information with connected products only to the extent you grant consent at the OAuth consent screen. We never sell your data. Sub-processors include Supabase (database + auth), Vercel (hosting), Resend (transactional email), FrankieOne (identity and AML verification), and Sentry (error tracking).

5. Storage and security

Personal information is stored in Australian Supabase regions (Sydney). All traffic is TLS 1.3. Database row-level security enforces that you can only read your own data. The audit log is append-only at the database trigger level.

6. Access and correction (APP 12)

You can export everything we hold on you as a JSON file from Settings. You can request deletion from the same page; we soft-delete immediately and hard-delete after 30 days, propagating revocation to every connected product.

7. Notifiable Data Breaches

If we suffer a data breach likely to result in serious harm, we notify the Office of the Australian Information Commissioner and affected individuals as required by Part IIIC of the Privacy Act.

8. Contact

Privacy enquiries: privacy@agent-id.com.au. Complaints not resolved at that address can be escalated to the OAIC.