Last updated: 27 May 2026

1. Our commitment

Rebus Finance handles sensitive personal and financial information every day. We take seriously our obligation to protect that information against unauthorised access, loss, misuse or disclosure. This statement summarises the technical and organisational measures we use to keep your data safe.

2. Encryption

• In transit, all communication with our website uses HTTPS with TLS 1.2 or higher. Our enquiry forms, calculator submissions and login pages are end-to-end encrypted between your browser and our server.
• At rest, your client file is held in our broker management platform on encrypted storage. Backups are encrypted before they leave the production environment.
• Email, where we exchange sensitive documents by email, we use password-protected attachments or a secure document exchange channel.

3. Access controls

• Access to client records is restricted on a need-to-know basis.
• Strong, unique passwords are enforced for all systems handling client data.
• Multi-factor authentication is enabled on our broker management platform, email and administrative accounts.
• Privileged actions on the website (publishing, settings changes) are limited to a small number of named admin accounts.

4. Staff and contractor training

• Privacy and information security obligations are part of our standard onboarding.
• Any third party who handles client information on our behalf is bound by confidentiality and security obligations equivalent to the Australian Privacy Principles.

5. Hosting and infrastructure

• Our website and primary databases are hosted with reputable Australian-based providers.
• Infrastructure providers undergo independent security audits (e.g. ISO 27001, SOC 2 where applicable).
• The web server is patched on a regular schedule and runs a web application firewall to block common attacks.

6. Notifiable Data Breaches (NDB)

If a data breach occurs that is likely to result in serious harm to an individual, we will:

• Investigate and contain the breach as quickly as possible
• Notify affected individuals with a description of what happened and recommended steps
• Notify the Office of the Australian Information Commissioner (OAIC) as required by the NDB scheme

We maintain a documented incident response process so that breaches are detected, assessed and reported promptly.

7. Data retention

We retain client records for the period required by the National Consumer Credit Protection Act, our aggregator’s compliance manual, and AML/KYC obligations. Generally, this means seven years after the end of our service to you, unless a longer period is required by law. After the retention period, records are securely destroyed.

8. Anonymous website analytics

Where our website calculators collect anonymous usage data (see our Cookie Policy), only bucketed (range) values are sent, not exact figures, and the data is associated only with a random session identifier stored in your browser. Even in the unlikely event of unauthorised access to that analytics table, the data could not be traced back to an individual.

9. Reporting a security concern

If you believe there is a security issue with our website or services, please contact us immediately:

• Email, david@rebusfinance.com.au
• Phone, 0417 676 191

We appreciate responsible disclosure and will respond promptly to validated reports.

10. Continuous improvement

Information security is not a one-off task. We review our practices regularly and update this statement to reflect material changes.