fafafinance.xyzYour balance sheet, audited
Legal

Privacy Policy

What data fafinance.xyz processes, on what legal basis, and how the Australian Privacy Act 1988 (APP), EU GDPR, CCPA/CPRA, and the IAB Europe TCF v2.3 apply.

Last updated:

1. Data controller

fafinance.xyz. Privacy correspondence: privacy@fafinance.xyz or via the contact page. Verifiable requests answered within 30 days, in line with APP 12 and GDPR Art. 12.

2. What we collect

The net worth calculator processes no personal data on our servers. Asset and liability figures stay in your browser. Verifiable via DevTools → Network.

  • Server access logs (IP, user-agent, URL, timestamp, status). 30 days.
  • Aggregated analytics (page views, country, device class), opt-in.
  • Advertising cookies (Google AdSense / DoubleClick), opt-in.
  • Contact-form submissions retained for 12 months.

3. Legal bases

  • Australian Privacy Principle 3 (collection of personal information) and APP 6 (use or disclosure) for contact-form data.
  • Legitimate interest (Art. 6(1)(f) GDPR) for security logging.
  • Consent (Art. 6(1)(a) GDPR; APP 6.1(a)) for analytics, advertising, and any non-essential cookie.

4. Cookies

Three categories detailed in the cookie policy: strictly necessary, analytics (opt-in), advertising (opt-in).

5. Google AdSense, DoubleClick and personalised advertising

With consent, Google may set and read __gads, __gpi, IDE, NID, DSID, and test_cookie; process IP, user-agent and approximate location for ad delivery, frequency capping and fraud prevention; build interest-based advertising profiles; and share data with TCF v2.3 vendors you authorise. Google's processing is governed by policies.google.com/privacy and policies.google.com/technologies/ads.

6. TCF v2.3 consent management

We use a TCF v2.3-compliant CMP. No non-essential cookie is set, and no third-party advertising script is loaded, until you grant or refuse consent on a per-purpose, per-vendor basis. Modify via the “Cookie preferences” footer link.

7. International transfers

Some third parties (notably Google) transfer personal data to the United States. Such transfers rely on the EU–U.S. Data Privacy Framework, Standard Contractual Clauses, and the APP cross-border disclosure rules where applicable.

8. Your rights

Under the APP, GDPR, and CCPA/CPRA you may access, correct, request erasure, restrict processing, port your data, and withdraw consent. Lodge complaints with the Office of the Australian Information Commissioner (OAIC), the Information Commissioner (UK), or the California Privacy Protection Agency.

California residents may opt out of “sale”/“sharing.” We honour the GPC signal.

9. Children

The Service is not directed at children under 16.

10. Changes

Material changes are flagged on the home page; the “Last updated” date above always reflects the most recent revision.