Gusto Cash Logo
Apply Now
Log In
Gusto Cash Logo
APPLY NOW
Gusto Cash Logo
Get a FREE Quote
Speak to an Expert

Privacy Policy

1. Purpose and scope

Gusto Money Pty Ltd (referred to as Gusto Money, Gusto Cash, we, us, our) is committed to protecting your privacy. This Policy explains how we collect, hold, use and disclose personal information (including credit-related information) in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), Part IIIA of the Privacy Act and the Privacy (Credit Reporting) Code 2014 (CR Code), as well as other applicable laws including the National Consumer Credit Protection Act 2009 (Cth) and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

This Policy applies to all dealings with us (online and offline), including applicants, customers, guarantors, referees, job applicants, contractors and website users. It also applies to our staff and third parties who handle personal information on our behalf.

2. Key definitions

  • Personal information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable.
  • Sensitive information: A subset of personal information (e.g., health information, criminal history).
  • Credit information: Includes identification details, type and amount of credit, repayment history, default information, financial hardship information, court proceedings information, personal insolvency information and publicly available information relevant to creditworthiness.
  • Credit eligibility information: Credit reporting information we obtain from a credit reporting body (CRB) and information we derive from it (e.g., our credit scores/assessments).
  • Disclosure: Sharing of information to persons outside Gusto Money.
  • Third Parties: Customers, suppliers, sub-contractors, agents or other people having a commercial relationship with Gusto Money, or associated entities.


3. What we collect

Depending on your dealings with us, we may collect:

  • Identification and contact: name, DOB, addresses, email, phone, IP address and device information.
  • Government identifiers (used only as permitted by law): driver licence, passport, Medicare number.
  • Financial and employment: income, employment status/history, bank account details and statements, expenses, assets and liabilities.
  • Credit-related: application details, repayment history, defaults, hardship information, court and insolvency information, information from CRBs, and information we derive from it.
  • Verification materials: documents or certified copies, biometrics where you choose a digital verification method, and notes of verification checks.
  • Interactions: call recordings, chat/email/SMS, website/app usage (including cookies/tags/pixels), marketing preferences.
  • Hardship: limited sensitive information (for example, health or employment circumstances) where relevant to a hardship request.
  • Any other information that is relevant to the services that we provide.

You may choose to deal with us using a pseudonym or anonymously for general enquiries where lawful and practicable. We must identify you before providing regulated credit services.

4. How we collect information

  • Directly from you: applications, forms, calls, emails, SMS, chat, social messaging, uploads to our portal/website.
  • Automatically: via our website/app using cookies, pixels, tags and similar technologies (e.g., to remember preferences, measure performance and prevent fraud). You can control cookies in your browser; some features may not function without them.
  • From third parties (where lawful): CRBs, employers, payroll/HR, referees, your bank (e.g., via bank-statement aggregation tools you authorise), identity service providers, brokers/referrers, other credit providers, publicly available sources, government registers and analytics/anti-fraud vendors.
  • Unsolicited information: If we receive personal information we did not request, we will promptly assess and delete or de-identify it unless we are legally permitted to retain it.


5. Why we collect, use and disclose information

We collect, use and disclose personal and credit-related information to:

  • identify you and verify your identity (including AML/CTF checks);
  • assess credit applications (including guarantors) and manage credit products;
  • obtain and exchange information with CRBs and other credit providers as permitted by law;
  • verify employment, income and financial position;
  • administer accounts, process payments, detect and prevent fraud and financial crime;
  • manage arrears, collections and enforcement;
  • consider hardship and vary payment arrangements where applicable;
  • handle complaints and disputes (internal and external);
  • conduct analytics, product improvement and quality assurance (including de-identified or aggregated data);
  • comply with laws, directions and regulatory requests; and
  • conduct marketing (see Section 12) and customer communications, where permitted.

If you do not provide requested information, we may be unable to assess your application or provide our products/services.

6. Credit reporting—how we handle your credit information

We may:

  • request your credit reporting information from one or more CRBs;
  • exchange information with CRBs and other credit providers as permitted by law (e.g., to assess applications, manage credit, report defaults/serious credit infringements, record financial hardship information, and perform account management);
  • derive and use credit eligibility information (e.g., internal credit scores and risk assessments).

Common CRBs in Australia include Equifaxillion, and Experian (see their websites for current contact details and policies).

Notifiable matters

If you fail to meet payment obligations or commit a serious credit infringement, we may disclose this to a CRB as permitted by law. We may also disclose financial hardship information in accordance with the Privacy Act and CR Code.

We do not use credit-related information for direct marketing.

7. To whom we disclose information

We may disclose information to:

  • our related entities and service providers (IT/cloud hosting, data storage, cyber security, KYC/AML, statement aggregation, analytics, printing and mail, customer support, call centres, marketing platforms acting on our instructions, website operations, auditors, consultants and professional advisers);
  • CRBs and other credit providers (as permitted by law);
  • brokers/referrers, introducers and agents involved in your application (with your authority or as permitted by law);
  • your representatives (lawyer, accountant, financial counsellor) and authorised third parties you nominate;
  • payment processors, debt collectors, enforcement agents and mercantile agents;
  • identity and anti-fraud service providers;
  • prospective funders, investors, trustees, rating agencies, insurers, assignees or parties considering an acquisition, restructure or securitisation (subject to confidentiality safeguards);
  • government agencies and regulators (e.g., AUSTRAC, ASIC, OAIC, ACCC, AFCA, police) as authorised or required; and
  • any other third party where you consent or the law permits/compels disclosure.

Before disclosing overseas, we take reasonable steps to ensure recipients comply with privacy standards comparable to the APPs or we obtain your consent where required.

8. Overseas disclosure and cloud services

We primarily store data in Australia. Some service providers or cloud/backup systems may process or store information in other jurisdictions, which may include (subject to change): New Zealand, Singapore, the United States, the United Kingdom, the European Economic Area, India and the Philippines. Locations can change as our providers update their infrastructure.

We may disclose an individual’s personal information to overseas entities that provide support functions to us.

We will not send personal information to recipients outside of Australia unless we have taken reasonable steps to ensure the recipient does not breach the Privacy Act, the APPs and the Credit Reporting Privacy Code; the recipient is subject to an information privacy protection regime similar to that required by the Privacy Act; and the individual has consented to the disclosure.

9. Website, cookies and analytics

When you visit our website/app, we may collect: IP address, device and browser details, dates/times, referrers, session IDs, pages viewed, interaction data and coarse location. We use cookies/tags/pixels to:

  • enable core site functions (e.g., form persistence, security);
  • understand usage and improve performance;
  • deliver and measure advertising (including on third-party platforms, subject to your preferences and applicable law).

You can manage cookies via your browser. Some features may not function without them. Where analytics/advertising tools are used, we do not permit them to collect sensitive information.

10. AML/CTF and identification

To comply with AML/CTF obligations, we will verify your identity. We may do this manually (sighting originals or certified copies) or electronically via verification services you authorise. We record verification steps and retain evidence in accordance with law and our AML/CTF Program.

11. Security and retention

We maintain technical, organisational and physical safeguards appropriate to the sensitivity of the information we hold, including: access controls, encryption in transit and at rest where appropriate, network security, monitoring, secure destruction processes, employee training and vendor due diligence. We retain information only for as long as needed for lawful business purposes and legal/regulatory obligations, after which we de-identify or securely destroy it.

12. Direct marketing and preferences

We may use your personal information (but not your credit-related information) to keep you informed about relevant finance products, special offers, organisational updates, or new services provided by us or our associated entities, via SMS, email, mail, or other marketing channels. 

You can opt out at any time using unsubscribe links. Unsubscribing via a direct marketing communication will only affect that specific entity/brand and delivery method; please advise us if you wish to unsubscribe from all communications from Gusto Money, Gusto Cash, or its related entities by contacting us (see Section 17).

If you opt out, we’ll stop sending marketing messages but may still send essential service or legal notices.

13. Government identifiers

We do not use or disclose government identifiers (e.g., TFN, Medicare, driver licence numbers) except as permitted by law (such as required identity checks, verification with issuing authorities, or where necessary to prevent fraud).

14. Hardship information (sensitive information)

If you apply for a hardship variation, we may need limited sensitive information (e.g., health or employment details) to assess your request. We will only collect what is reasonably necessary, hold it securely, use it solely for hardship assessment and management, and not disclose it except as permitted by law or with your consent.

15. Access and correction

You have the right to request access to the personal information (including credit-related information) we hold about you, and to request correction if you believe it is inaccurate, out-of-date, incomplete, irrelevant or misleading.

  • How to request: contact us (Section 17). We may need to verify your identity and may charge a reasonable administration fee for providing copies.
  • Timeframes: we aim to respond within 30 days. If we refuse access or correction (for example, where providing access would unreasonably impact others’ privacy or is unlawful), we will give written reasons and how to complain.
  • CRB records: For information a CRB holds, please contact the CRB directly.
  • If we correct information previously disclosed: we will notify the relevant third party/CRB where practicable.


16. Data breaches

If we experience a data breach involving personal information, we will promptly investigate, contain and assess. Where the breach is likely to cause serious harm and cannot be mitigated, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the NDB scheme, and provide guidance on protective steps you can take.

Notifications will be made telephone call, email, SMS, physical mail, social media post, or in-person conversation. If we are unable to contact an individual (or nominated intermediary) by any of the above methods we will publish a statement on the front page of our website and place a public notice on our reception desk.

17. Contact, complaints and dispute resolution

If you have a question, wish to exercise your rights, or want to complain about privacy or credit reporting, please contact us first. We’ll acknowledge your complaint within 7 days and aim to provide a final response within 30 days.

Gusto Money Pty Ltd (trading as Gusto Cash)
Phone: 02 8551 4335
Email: feedback@gustocash.com.au
Mail: 1130 Kingsford Smith Dr, Eagle Farm QLD 4009

If you’re not satisfied, you may contact our external dispute resolution scheme or the privacy regulator:

  • Australian Financial Complaints Authority (AFCA)
    Website: www.afca.org.au • Phone: 1800 931 678 • Mail: GPO Box 3, Melbourne VIC 3001
  • Office of the Australian Information Commissioner (OAIC)
    Website: www.oaic.gov.au • Phone: 1300 363 992 • Mail: GPO Box 5218, Sydney NSW 2001


18. Changes to this Policy

We may update this Policy to reflect changes in law, technology or our practices. The latest version will be available on our website and takes effect when posted. You can request a copy in an alternative format at any time.

19. Acknowledgement and consents (applicants and customers)

By submitting an application or continuing to deal with us, you acknowledge that:

  • you have been provided with or had access to this Policy;
  • we may collect, use and disclose your personal and credit-related information as described;
  • we may obtain credit reporting information about you from CRBs and exchange permitted information with CRBs and other credit providers; and
  • if you do not consent to the collection of certain information, we may be unable to assess your application or provide services.