Prospo
Privacy Policy
ABN 31 619 654 803 Effective date: 20 May 2026 Last updated: 20 May 2026
1. Introduction
Prospo (ABN 31 619 654 803) operates a practice management platform for financial advice businesses in Australia. This Privacy Policy explains how we collect, use, store, and disclose personal information in connection with our platform and associated services. We are bound by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) contained in Schedule 1 of that Act. Where applicable, we also observe the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. By accessing or using the Prospo platform, you acknowledge that you have read and understood this policy.
2. Who This Policy Applies To
This policy applies to: Subscribers — financial advice licensees, practices, and individual advisers who contract with Prospo to use the platform. End users — employees, contractors, and other authorised users who access the platform on behalf of a subscriber. Clients — individuals whose personal information is stored or processed within the platform by subscribers. Visitors — individuals who visit our website at prospo.com.au. Prospo acts as a data processor in respect of client personal information held by subscribers. Subscribers remain the data controller for the personal information of their clients and are responsible for obtaining any necessary consents from those individuals.
3. Information We Collect
3.1 Information provided directly
When a subscriber registers an account or contacts us, we collect: Name, business name, email address, and phone number Billing and payment information (processed by our payment provider, we do not store card details) Communications and support requests
3.2 Information collected through platform use
As users interact with the platform, we automatically collect: Log data, including IP addresses, browser type, pages accessed, and timestamps Session activity and feature usage metrics Device identifiers and authentication tokens Error and diagnostic data
3.3 Client data uploaded by subscribers
Subscribers may upload or generate the following categories of client personal information through the platform's CRM, financial planning, meeting orchestration, document management, and communication features: Name, date of birth, contact details, and identification documents Financial position data, including income, assets, liabilities, and superannuation details Meeting recordings, transcripts, and AI-generated summaries Signed documents and e-signature records Communications including emails and SMS messages Prospo processes this information on behalf of subscribers in accordance with their instructions and this policy. Subscribers are responsible for ensuring they have lawful authority to upload and process their clients' personal information within the platform.
4. How We Use Personal Information
We use personal information for the following purposes: To provide, operate, and maintain the Prospo platform and its features To manage subscriber accounts and process billing To respond to support queries and resolve technical issues To monitor platform performance, reliability, and security To comply with our legal obligations, including under the Privacy Act and applicable financial services laws To improve the platform based on aggregated, de-identified usage data We do not use client personal information uploaded by subscribers for our own commercial purposes, including product improvement or model training, unless we have obtained explicit written consent from the relevant subscriber.
5. Disclosure of Personal Information
We may disclose personal information to third parties in the following circumstances:
5.1 Service providers
We engage sub-processors and service providers who assist us in delivering the platform. These include cloud storage providers, infrastructure vendors, payment processors, email delivery services, and analytics tools. We require all sub-processors to comply with applicable privacy laws and to process personal information only as directed by us. Our current primary sub-processors and infrastructure partners include cloud storage providers operating on Microsoft Azure and SharePoint infrastructure, consistent with subscriber configuration. A current list of sub-processors is available on request.
5.2 Integrations authorised by subscribers
The platform supports integrations with third-party tools, including Microsoft 365, Outlook, Zoom, Google Calendar, Calendly, Fireflies, AdviserLogic, Intelliflo, WorkSorted, Monday.com, Zoho, and DocuSeal. Where a subscriber enables an integration, personal information may be exchanged with that third-party system in accordance with the subscriber's configuration. Subscribers are responsible for reviewing the privacy practices of any integrated services they enable.
5.3 Legal obligations
We may disclose personal information where required or authorised by law, including to regulatory bodies such as ASIC or OAIC, or in response to a valid court order or subpoena.
5.4 Business transfers
If Prospo is acquired, merged, or transfers substantially all of its assets, personal information held at that time may be transferred to the acquiring entity, subject to equivalent privacy protections.
5.5 Subscriber consent
We may otherwise disclose personal information with the consent of the relevant subscriber or individual.
6. Data Storage and Security
Prospo stores personal information on infrastructure located in Australia. We do not routinely transfer client data outside Australia. Where a third-party sub-processor operates infrastructure outside Australia, we take steps to ensure that transfer complies with APP 8, including through the use of contractual protections. We implement administrative, technical, and physical safeguards to protect personal information from unauthorised access, disclosure, alteration, or destruction. These measures include: Role-based access controls and multi-factor authentication Encryption of data in transit (TLS) and at rest Comprehensive audit trails logging all platform actions with timestamps and IP address records Session tracking and monitoring Regular security assessments No method of electronic transmission or storage is entirely without risk. Subscribers and end users are responsible for maintaining the security of their own login credentials.
7. Data Retention
We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Subscriber account data is retained for the duration of the subscription and for a reasonable period thereafter to facilitate account reactivation, followed by secure deletion or anonymisation upon written request. Subscribers control the retention and deletion of client data within the platform. Subscribers may export or delete client records at any time through the platform's document management tools. Following termination of a subscription, Prospo will retain subscriber data for a period of 90 days to allow for data export, after which it will be securely deleted unless a longer retention period is required by law. Audit trail and compliance records may be retained for longer periods where required under applicable financial services legislation or ASIC regulatory guidance.
8. Access and Correction
Individuals have the right to request access to personal information we hold about them, and to request correction of inaccurate, incomplete, or out-of-date information. Requests from subscribers or end users should be directed to us using the contact details in section 12. We will respond within 30 days. In some circumstances, we may be unable to provide access — for example, where doing so would reveal the personal information of another person, or where an exception under the Privacy Act applies. We will explain any such limitations in our response. Requests relating to client personal information held within the platform should generally be directed to the relevant subscriber, as Prospo processes that information on the subscriber's behalf.
9. Notifiable Data Breaches
Prospo complies with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act. If we become aware of an eligible data breach — that is, a breach that is likely to result in serious harm to any of the individuals whose information is involved — we will: Conduct an assessment of the breach as quickly as practicable Notify the Office of the Australian Information Commissioner (OAIC) and affected individuals where required Notify affected subscribers promptly so they can fulfil any obligations they may have to their own clients
10. Cookies and Website Analytics
Our website uses cookies and similar technologies to support functionality and improve user experience. We use: Essential cookies required for secure login and session management Preference cookies that remember your settings across visits Analytics cookies that provide aggregated data on how visitors interact with our site You may manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the website. Our platform does not rely on third-party advertising cookies.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our practices or applicable law. Where changes are material, we will notify subscribers by email or through an in-platform notification prior to the changes taking effect. The current version of this policy is always available at prospo.com.au/privacy.
12. Contact and Complaints
For questions about this policy, to make a privacy request, or to raise a complaint about how we have handled personal information, please contact us at:
Privacy Officer
Prospo | ABN 31 619 654 803 Email: mike.boyd@cognitivo.com.au Website: prospo.com.au We take all privacy complaints seriously and will acknowledge receipt of your complaint within 5 business days. We aim to resolve complaints within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992. Prospo | ABN 31 619 654 803 | prospo.com.au/privacy