Privacy Policy

Solution

Pricing

Contact

Privacy Policy

SignPay Pty Ltd T/A Admiin

(Last edited 22 May 2026)

What is this policy about?

Who does this policy apply to and what does it cover?

This policy describes how SignPay Pty Ltd (operating as Admiin) collects, uses, discloses and holds personal information from individuals.

What is our privacy commitment to you?

SignPay Pty Ltd commits to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles by protecting the privacy and confidentiality of your personal information. As an administrative and finance company, we also comply with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and the supporting Anti-Money Laundering and Counter-Terrorism Financing Rules 2007 (Cth).

When we collect, use, disclose, store, access, destroy or correct your personal information, our actions will comply with the Privacy Act, including the Australian Privacy Principles, the AML/CTF Act and the AML/CTF Rules.

Information collection

What kinds of personal information do we collect and hold?

We collect and hold:

Contact details (name, previous names or aliases, email addresses, residential address, phone numbers, office address)
Date and place of birth
Bank account details, banking information and transaction history
Copies or electronic verification of primary identification documents (passport, driver’s licence, birth certificate, Medicare card, citizenship certificate)
Browsing history on the Admiin website
Records of communications and interactions with us
Identity-verification and biometric information — images of government-issued ID documents, a selfie taken at the time of verification, and a biometric facial-comparison template generated by our identity-verification provider. This is “sensitive information” within the meaning of the Privacy Act, and we collect it only with your express consent at the time of verification.
Usage and device information — IP address, device identifiers, event metadata, and (for support and bug-reporting) session-replay data captured by our in-app support tool.

From time to time, we may collect additional information related to surveys, specific promotions, services or activities. Wherever practicable, we will advise you of the information being collected and provide you with an opportunity to refuse the collection of the information.

How does Admiin collect your information?

Admiin generally collects your personal information directly from you or when you use the Admiin website or complete Admiin forms. However, there are certain instances where we will collect information about you from third parties where it is unreasonable or impracticable to collect it directly from you. We will of course obtain your consent to do this.

Will I be notified that my personal information is being collected?

When we collect information from you, we will take reasonable steps to notify you (or otherwise ensure you are aware) of:

Our identity and contact details
The facts and circumstances of the collection
Details of any laws that require or authorise the collection
The purposes of collection
The consequences if we do not collect the information
How you can access or correct your information or make a complaint about Admiin (as set out in this policy)
Whether we are likely to disclose the information overseas (and if so to which countries)

One way to notify you of the above is by making you aware of this policy. If you give us personal information about others, we expect you will tell them about this privacy policy.

Purposes and use

For what purposes does Admiin collect, hold, use and disclose your personal information?

We collect, hold, use and disclose personal information to carry out certain activities, provide products and services to customers and to comply with our legal obligations. Some of the purposes include:

Enabling us to establish your identity and process your application, process any changes to your account or continue to offer our services to you
Sending you emails to confirm receipt and to confirm that we have processed your account request
Contacting you by phone or email if we have any questions in relation to any relevant documentation
Maintaining or updating your account records
Administering our products or services
Managing our relationship with you
Managing our risks and helping identify any illegal activity such as fraud
Improving our business and services to you
Complying with our legal obligations including by providing information to government bodies, regulatory bodies such as the Australian Taxation Office (ATO) or to AUSTRAC and law enforcement agencies
Providing information to third parties as required or as authorised or provided by law

We use your personal information to send you service messages — for example, account, billing, identity-verification, and security communications. We also use your business contact information to send you marketing communications about Admiin (for example, product updates, offers and event invitations), where we have your consent or are otherwise permitted to do so under the Spam Act 2003 (Cth). You can opt out of marketing messages at any time using the unsubscribe link in any message we send, or by contacting hello@admiin.com. Our marketing is delivered through our CRM and marketing-communications provider — see “Does Admiin share your information with third parties?” for details.

Is Admiin required by law to collect personal information?

Another reason we collect personal information is to comply with our legal obligations, such as anti-money laundering laws. The AML/CTF Act imposes a number of obligations on Admiin to collect specific personal information prior to providing certain financial services and to identify, manage and mitigate any potential risk of money-laundering or of financing terrorist activity. The legislation also imposes certain reporting obligations on Admiin.

How does Admiin use your information?

We use your personal information primarily to allow us to carry out the activities, functions and purposes listed above. We also use your personal information for secondary purposes related to those activities or when allowed under the Privacy Act.

Can I refuse to give Admiin my personal information (including sensitive information)?

You can refuse to provide us with your personal (including sensitive) information. However if you refuse to provide us with this information, we may not be able to provide our services to you. You have the option of not identifying yourself or using a pseudonym when dealing with us. However, this will be limited to enquiries of a very general nature only. It is impracticable and, in some circumstances, it is unlawful for us to deal with individuals who have not identified themselves or who have used a pseudonym when providing our services because of our obligations under the AML/CTF Act and the AML/CTF Rules.

Information sharing

Does Admiin share your information with third parties?

We may exchange personal information with:

Agents, contractors and external service providers (mail delivery, courier services, technology support)
Credit reference organisations and credit providers
Third party account aggregation services
Debt collectors
Legal and financial advisors and auditors
Financial institutions
Australian regulators and entities identifying illegal activity (AUSTRAC, ATO)
Law enforcement agencies
External dispute resolution schemes
Referenced individuals (trade references, landlords)
Nominated guarantors or appointed representatives (agents, brokers, power of attorney holders, legal advisers, accountants, financial advisers)

We will not sell or pass on your details to any non-associated business.

We disclose personal information to service providers in the following categories, and only to the extent needed to deliver the service to you:

Cloud infrastructure — hosting, identity, storage, OCR, transactional email and secrets management. Production data is held in Australia.
Identity verification and biometric matching — KYC/AML screening, document and selfie matching, live-video capture during verification, and device-fingerprint signal for fraud and risk scoring. Recipients are located in Australia, the United Kingdom, the European Union, the United States and Mexico.
Payments and payouts — card and bank payments, business KYC, and bill payment routing. Recipients are located in Australia and the Hong Kong group of one of our payment partners.
Accounting and practice-management integrations — where you connect them, to sync invoices, contacts, documents and corporate-compliance workflows. Recipients are located in Australia, New Zealand and the United Kingdom.
Error monitoring and product analytics — to detect, diagnose and improve. Personal data is redacted before transmission to our error monitoring provider. Recipients are located in the United States and the European Union.
In-app support and session replay — to power support chat and bug reports. Session replays are scrubbed of sensitive form input. Recipient is located in Germany.
Transactional email delivery — to send service messages (account, billing, verification, security). Recipient is located in the United States.
CRM and marketing communications — to manage our relationship with you and to send marketing communications about Admiin where permitted. Recipient is located in the United States.

A current, dated list of the specific service providers in each category — including identity-verification sub-processors — is published at admiin.com/sub-processors. We update that list when sub-processors change. You can subscribe to changes by emailing hello@admiin.com.

Where we send personal information overseas, we take the steps required by Australian Privacy Principle 8.1 to ensure the recipient handles it consistently with the Australian Privacy Principles, including by entering into contractual data-protection terms with each provider.

We will disclose your personal information if we are required or authorised to do so by law enforcement agencies, court order, the Office of the Australian Information Commissioner, the Australian Electoral Commission, the Department of Social Services or the Australian Taxation Office.

Identity verification, KYC and biometrics

To verify your identity, we use specialist identity-verification and biometric-matching providers. The verification flow may capture images of your government-issued ID, a selfie, and a biometric facial-comparison template, and check your details against PEP, sanctions, and adverse-media data sources. The result is used to decide whether to enable transactional features for you. The specific providers are listed at admiin.com/sub-processors.

Some of this information is “sensitive information” under the Privacy Act. We collect it only with your express consent, given at the time you start the verification flow. We retain identity-verification records for the period required by Australian anti-money-laundering law.

Automated decisions

Admiin uses automated processing in some places that may significantly affect you, including:

Identity verification — automated comparison of your ID, selfie, and personal information against external data sources, used to decide whether to enable transactional features for you.
Beneficial-owner matching — automated lookup against business registries to identify the natural persons who control or own a verified business.
Document analysis — automated extraction of structured data from invoices and bills you upload.
Automatic billing capture — automated payment capture when a firm’s outstanding balance reaches the configured threshold.

If you have a question about an automated outcome that affects you, contact hello@admiin.com.

Children’s privacy

Admiin is not intended for children under 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided personal information to us, please contact hello@admiin.com and we will delete it.

Recipients and other non-account-holders

If you receive a payment, signing, or verification link from an Admiin user, we collect limited personal information about you (such as your email, IP address, the actions you take on the linked page, and any document you sign or pay). We use that information to deliver the requested action and to comply with our legal obligations.

Frequently asked questions

How does Admiin protect your personal information (including credit related personal information)?

We take reasonable steps to ensure that your personal information is safe and secure from unauthorised use and disclosure whether such information is stored electronically or in hard copy. We enter your personal information into our secure online portal and your information is securely stored on the cloud. All information stored electronically is password protected, encrypted, protected by firewalls and other protective software and very limited access is granted to that information.

All hard copy files are kept securely and files which are no longer current are archived in a secured storage area.

How does Admiin dispose of personal information?

We keep personal information only for as long as needed for the purposes for which it was collected, and as required by law. Some categories are subject to specific legal retention periods — for example, identity-verification records under Australian anti-money-laundering law, and tax-related records under Australian tax legislation.

You can request access to, correction of, or deletion of your personal information at any time by contacting hello@admiin.com. We will action your request to the extent permitted by our legal retention obligations.

What happens if my personal information or credit related personal information is involved in a data breach?

Admiin has various security measures in place to protect your personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. In the unlikely event that Admiin’s security measures are compromised and your information is the subject of a data breach, Admiin will comply with its obligations for responding to data breaches outlined in the Privacy Act.

Upon becoming aware of a data breach, Admiin will:

Take urgent steps to contain the breach and mitigate any risk of harm
Determine who may have been affected
Assess the breach, including any potential for harm
Determine whether the breach is likely to result in serious harm to any person whose data was involved

If Admiin has reasonable grounds to believe that the breach is likely to result in serious harm to you, Admiin will notify you of the breach as soon as possible. Admiin will also notify the Office of the Australian Information Commissioner. Following a breach, Admiin will conduct a review of its security measures and implement any additional measures it considers necessary to enhance the security of your information.

What does this policy mean?

By using our services you consent to the terms of this policy. From time to time, your additional consent will be sought for the collection, use or disclosure of information for purposes other than as set out in this policy. If you do not agree to any part of this policy please contact the privacy officer listed below.

How do I access and correct my personal information?

Should you wish to access or correct your personal information please contact us by phone, email or mail. You may request access to the personal information Admiin holds about you. You can also ask for corrections to be made. Admiin does not charge a fee for requesting that your personal information is corrected or for us to make the corrections. However, in processing your request for access to your personal information a reasonable cost may be charged to cover the cost of locating the information and staff time in compiling the information to give to you. For security reasons, before we can provide you with access to personal information we will need to confirm your identity. We will respond to your request as soon as reasonably practicable, in accordance with our obligations under the Privacy Act. If your request is taking longer than expected we will contact you with an update.

If we agree that our records need to be corrected and we have previously disclosed that information to a credit reporting agency or other person, we will tell them about the correction too.

In some circumstances, we have the right to deny your request for access to personal information, for example, if giving you the information would unreasonably affect someone else’s privacy, or pose a threat to someone’s life, health or safety, or prejudice an investigation of unlawful activity, or where the personal information relates to existing or anticipated legal proceedings and the information would not be accessible by the process of discovery in those proceedings. If this occurs we will notify you accordingly and specify the reason why any such request has been refused. If you do not agree with the refusal, you may lodge a complaint about the refusal. If we refuse your request to correct your personal information you have the right to request that a statement be associated with your personal information noting that you disagree with its accuracy.

What information is collected by using our website?

Each time you visit Admiin’s website we, or our Internet Service Provider (ISP), may collect information about you, including a record of the date and time of your visit, which pages you viewed and forms you completed and your IP address.

We use cookies and similar technologies to keep you signed in, to understand how Admiin is used, to detect and diagnose errors, and to power in-app support chat and bug-report session replays. The specific providers we use for these purposes are listed at admiin.com/sub-processors. You can manage cookies through your browser settings.

Our website may, from time to time, contain links to the websites of other organisations. Linked websites are responsible for their own privacy practices and you should check those websites for their respective privacy and credit reporting privacy statements.

How do I make a complaint about privacy to Admiin or contact Admiin’s Privacy Officer?

If you have any questions or feedback about privacy or wish to obtain a hard copy of this policy please do not hesitate to contact us. If you wish to make a complaint about the way in which we have handled your personal information (including credit related personal information) or believe we have breached the Privacy Act, the APPs or the CR Code, you may contact us as set out below:

Website: https://www.admiin.com

Email: hello@admiin.com

Address: Privacy Officer, SignPay Pty Ltd (ACN 667 797 828, ABN 66 667 797 828), Level 9, 151 Macquarie Street, Sydney NSW 2000.

References to “we”, “us”, and “our” in this Privacy Policy mean SignPay Pty Ltd.

We will acknowledge your complaint as soon as reasonably possible after receipt. We will also let you know if we need any additional information from you in order to resolve your complaint.

We always strive to resolve complaints as quickly as reasonably practicable. If your complaint is taking longer than expected to resolve we will contact you with an update. In the case of a credit information related complaint we may need to consult with other credit providers or credit reporting bodies which can take some time.

If you are not satisfied with the manner in which we have handled your complaint or with our response, you can seek an external review through:

Office of the Australian Information Commissioner (OAIC)

Website: www.oaic.gov.au

Email: enquiries@oaic.gov.au

Phone: 1300 363 992

Address: Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001

If your complaint relates to a payment processed through Admiin (rather than how we handle your personal information), please see the complaints clause of our Terms and Conditions for the external dispute resolution pathway available via our payments partner.

Changes to our Privacy and Credit Reporting Privacy Policy

Admiin may change the manner in which it handles personal information from time to time for any reason. If we make a change, this Policy will be updated accordingly.

Implementation Date

This policy is effective from 22 May 2026.

Key definitions

CP derived information means any personal information (other than sensitive information) about an individual that: is derived from credit reporting information about the individual that was disclosed to Admiin by a credit reporting body; has any bearing on the individual’s credit worthiness; and is used, or has been used, or could be used, in establishing the individual’s eligibility for consumer credit.

Credit eligibility information means information about an individual that is disclosed to Admiin by a credit reporting body; or CP derived information about an individual.

Personal information means information or an opinion about an individual (who can reasonably be identified), whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

Sensitive information means:

(a) information or an opinion about an individual’s:

(i) racial or ethnic origin; or

(ii) political opinions; or

(iii) membership of a political association; or

(iv) religious beliefs or affiliations; or

(v) philosophical beliefs; or

(vi) membership of a professional or trade association; or

(vii) membership of a trade union; or

(viii) sexual orientation or practices; or

(ix) criminal record; that is also personal information; or

(b) health information about an individual; or