Last updated 4 July 2026 · Vertial Holdings Pty Ltd (ABN 72 629 494 926) trading as StatementIQ, Level 32, 101 Miller Street, North Sydney NSW 2060
This policy describes how StatementIQ manages data shared under the Consumer Data Right (CDR) — Australia's open-banking system — as required by rule 7.2 of the Competition and Consumer (Consumer Data Right) Rules 2020. It sits alongside our Privacy Policy; for CDR data, this policy prevails.
StatementIQ (a service of Vertial Holdings Pty Ltd, ABN 72 629 494 926) operates as a CDR Representative of Fiskil Pty Ltd, an Accredited Data Recipient (accreditation number ADRBNK000246). Fiskil is our CDR principal and is accountable for our handling of CDR data. When you share your banking data through StatementIQ, you are sharing it under the Consumer Data Right with the protections that regime provides.
Only with your express consent, and only for the accounts you choose to share: account names and details, balances, and transaction data for the period you agree to (by default, the last 6 months). We collect this directly from your bank through the CDR.
We never receive, request or store your banking login or password. Your bank verifies you directly with a one-time code.
We use your CDR data solely to prepare an income and expense summary for the firm you nominated (for example, your debt-management provider, lender or broker), for the purpose you consented to. Preparing the summary involves automatically categorising your transactions and reconciling account balances.
We do not use your CDR data for any other purpose. We do not sell it, use it for marketing, or use your identified data for benchmarking or analytics beyond the consented purpose.
We disclose the derived summary to the firm you nominated when you gave consent. We do not disclose your raw CDR data to that firm unless you specifically consent to it. Your CDR data is processed and stored in Australia (Sydney). Our use of service providers is described in our Privacy Policy.
We keep CDR data and the derived summary only as long as needed to provide the service. By default, we delete them 90 days after your summary is prepared, and our systems run this deletion automatically every day. A minimal audit record (that a request existed and what happened to it) is retained for compliance; it contains no banking data.
You can withdraw your consent at any time, free of charge, in any of these ways:
When you withdraw, we stop collecting your data immediately and delete the CDR data and derived report we hold. A summary that has already been provided to the firm you nominated is held by that firm under its own privacy obligations and is not deleted by your withdrawal. Full details: how to withdraw.
To exercise any of these rights, email privacy@statementiq.com.au. We respond within 30 days.
Please contact us first at complaints@statementiq.com.au. We acknowledge complaints within 1 business day and aim to resolve them within 30 days — our Feedback & Complaints policy sets out the full process.
If you are not satisfied, you can escalate at no cost to:
We protect CDR data with least-privilege access controls, encryption in transit and at rest, Australian data residency, and an audit log of every access to a report. We never store banking credentials, and our staff cannot see your bank login at any point in the process.
We will post updates on this page and change the “last updated” date. Material changes will be notified. Defined terms in this policy follow the Competition and Consumer (Consumer Data Right) Rules 2020.