Privacy Policy
Understanding how virelonquira handles information you provide through our financial control platform
virelonquira operates as your personal finance management partner. When you engage with our platform, certain details about your financial habits, account preferences, and usage patterns become visible to us. This document addresses what happens to that information — from the moment it reaches our systems until it eventually leaves them.
We've structured this around practical questions rather than legal categories. The goal isn't to impress lawyers but to give you actual answers about data stewardship.
What Gets Recorded
Information flows into our infrastructure through three distinct channels: deliberate submission, automatic capture, and external sources.
Details You Deliberately Share
Account registration requires your name, email address, and chosen authentication credentials. Setting up budgets means you'll specify income sources, expense categories, and financial goals. If you reach out through support channels, we keep records of those conversations alongside any attachments you send.
Payment processing for premium features captures billing addresses and transaction identifiers. We don't store complete card numbers — that responsibility sits with our payment processor who maintains PCI compliance standards.
Automatically Gathered Records
Your interaction with the platform generates logs: which features you access, how long sessions last, what device and browser combination you're running. IP addresses get recorded for security monitoring. Error reports capture technical failures to help us fix problems before they affect more users.
Financial institution connections: When you link bank accounts or credit cards, we receive transaction histories, account balances, and institution details through secure APIs. This data remains encrypted both during transmission and while stored on our servers.
Information From External Sources
Third-party services occasionally supplement our records. Financial data aggregators provide standardized transaction formats. Analytics providers offer demographic insights that help us understand user segments without identifying individuals.
Why We Gather This Information
Every piece of data serves specific operational requirements. Nothing gets collected "just in case" or for undefined future possibilities.
- Service delivery: Your budget calculations need accurate transaction data. Spending insights depend on categorized expense history. Goal tracking requires baseline information and progress measurements.
- Platform improvement: Usage patterns reveal which features work intuitively and which create confusion. Error logs identify bugs we need to fix. Performance metrics show where response times need optimization.
- Security maintenance: Login histories detect unusual access patterns. IP monitoring identifies potential account compromises. Failed authentication attempts trigger protective measures.
- Communication: Email addresses let us send transaction confirmations, security alerts, and educational content relevant to your financial management approach.
- Compliance obligations: Australian financial regulations require specific record-keeping for certain transaction types and user activities.
How Information Moves Through Our Systems
Data handling involves multiple processing stages. Understanding these flows clarifies where your information goes and what transformations it undergoes.
Internal Processing Activities
Transaction records get analyzed by categorization algorithms that assign expenses to budget categories. Spending patterns feed into predictive models that forecast upcoming bills and identify unusual activity. Aggregated statistics — stripped of identifying details — inform product development decisions.
Customer support staff access account records when investigating reported problems. Access gets logged and limited to personnel directly handling your case. Financial data remains masked in support interfaces unless specifically required for troubleshooting.
Technical Infrastructure
Cloud hosting providers store encrypted database records and application files. These vendors operate under strict contractual terms that prohibit accessing content. Server locations remain within Australian data centers to satisfy local data residency requirements.
Specialized Service Providers
Email delivery platforms transmit notifications and educational messages. Payment processors handle billing transactions without our systems touching complete card details. Financial data aggregators maintain secure connections to banking institutions.
When Data Leaves Our Direct Control
We disclose information under specific circumstances that balance user privacy against legitimate external needs.
- Legal requirements: Court orders, subpoenas, and regulatory investigations may compel disclosure of specific account records. We examine each request for legal validity and scope limitation before responding.
- Security incidents: Suspected fraud or terms violations might require sharing relevant details with law enforcement. Account compromise situations could involve coordinating with financial institutions to prevent unauthorized transactions.
- Business transfers: Mergers, acquisitions, or asset sales would transfer user data to successor entities who'd remain bound by these privacy commitments.
Marketing partnerships don't exist in our business model. Your financial records never flow to advertisers, data brokers, or analytics companies beyond the specific service providers mentioned above.
Protection Measures We've Implemented
Security architecture combines technical controls with operational procedures. No system achieves perfect invulnerability, but layered defenses significantly reduce risk.
Technical Safeguards
All financial data gets encrypted using AES-256 standards before storage. Database access requires multi-factor authentication and gets restricted to specific personnel roles. Network traffic between your browser and our servers travels through TLS 1.3 encrypted connections.
Regular security audits examine code for vulnerabilities. Automated monitoring detects unusual access patterns and triggers alerts. Database backups maintain separate encryption keys and geographic distribution to prevent single-point failures.
Human Procedures
Staff training emphasizes data handling protocols and social engineering awareness. Background checks screen personnel with database access. Departing employees immediately lose system credentials and return any devices containing organizational data.
Known Limitations: Phishing attacks targeting your credentials bypass technical protections if successful. Device theft could expose locally cached data. Sophisticated attacks against infrastructure providers might compromise encrypted storage. We can't guarantee absolute security — only continuous effort to maintain strong defenses.
What Control You Maintain
Account ownership grants specific rights over stored information. These capabilities exist regardless of whether you actively exercise them.
Access and Review
Dashboard settings provide visibility into stored profile details, linked accounts, and transaction histories. Downloadable reports export your complete data in machine-readable formats. Request forms let you obtain copies of information not visible through standard interfaces — we respond within 30 days.
Correction and Updates
Profile editing tools let you modify contact information, adjust categorization rules, and update financial goals. Incorrectly categorized transactions can be manually reclassified. If automatic processes generate persistent errors, support staff can adjust underlying algorithms.
Deletion and Restriction
Account closure triggers deletion sequences that purge personal records and financial data within 90 days. Some information persists longer due to legal retention requirements — transaction logs for tax purposes, communication records for dispute resolution.
You can disconnect specific bank accounts without deleting your entire profile. Budget categories can be archived to stop processing related transactions while preserving historical records.
Objection Rights
If you believe data processing violates applicable privacy regulations, formal objections can be filed through our designated privacy contact. We'll review the claim, suspend contested processing during investigation, and provide detailed responses explaining our decision.
Portability Provisions
Export functions deliver structured data files containing your financial records in JSON format. These files enable migration to alternative platforms or personal archiving without vendor lock-in.
How Long Records Persist
Retention periods vary based on data category and regulatory requirements. Active accounts maintain full transaction histories. Closed accounts trigger staged deletion processes.
| Data Category | Active Account Duration | Post-Closure Period |
|---|---|---|
| Profile Information | Duration of account relationship | 90 days then purged |
| Transaction Records | Complete history maintained | 7 years for tax compliance |
| Communication Logs | 3 years for support quality | 1 year for dispute resolution |
| Security Event Logs | 2 years for threat analysis | 1 year then anonymized |
| Payment Records | Duration of subscription | 7 years for financial audits |
| Usage Analytics | Aggregated indefinitely | Individual records anonymized after 90 days |
Backup systems maintain older copies during standard rotation cycles — typically 60 days. Once aged out of backup retention, data becomes permanently unrecoverable.
Legal Framework and Geographic Scope
virelonquira operates under Australian jurisdiction and complies with the Privacy Act 1988 including subsequent amendments. The Australian Privacy Principles establish baseline requirements for data handling practices.
Cross-Border Data Flows
Primary infrastructure resides within Australian data centers. Limited information may reach overseas service providers — particularly cloud platform operators with global presence. These transfers occur only when providers demonstrate adequate privacy protections through contractual commitments or certification under recognized frameworks.
Regulatory Oversight
The Office of the Australian Information Commissioner maintains jurisdiction over privacy complaints involving Australian users. European users might invoke GDPR protections depending on the specific nature of service delivery and data processing arrangements.
Specific Situations Worth Addressing
Certain scenarios create unique privacy implications that deserve explicit clarification.
Joint Accounts and Shared Access
Multiple users connecting to shared financial accounts each see complete transaction histories regardless of who initiated specific expenses. Budget categories and spending limits apply universally. Individual privacy between co-account holders falls outside our technical capability to enforce — household financial transparency becomes a personal relationship matter.
Third-Party Application Integration
API connections to external budgeting tools or financial advisors operate under your explicit authorization. Connected applications receive defined data subsets — typically transaction histories and categorization results. You can revoke these connections anytime through account settings, immediately terminating data flow.
Educational Content and Personalization
Financial tips and resource recommendations draw from aggregated spending patterns and expressed goals. These suggestions don't involve human review of your specific transactions. Algorithms match general behavioral patterns against educational content libraries without exposing individual records to staff.
Reaching Our Privacy Team
Questions about specific data handling situations, requests to exercise privacy rights, or concerns about compliance practices can be directed to our designated privacy officer.
Postal Address: 317/17 Benjamin Way, Belconnen ACT 2617, Australia
Email Contact: help@virelonquira.com (subject line: Privacy Inquiry)
Phone: +61 402 912 683
We aim to respond within five business days for general inquiries and within 30 days for formal access or deletion requests.