1. Overview

The Client Data Hub (the Service) is provided by Risk Hub to assist financial advisers in collecting, organising, and using client information to support advice conversations and recommendations.

The Service supports advisers in collecting and managing client information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. What Information We Collect

We may collect and store personal and sensitive information relating to clients of advisers using the Service.

Personal information

• Name, contact details (email, mobile, address), date of birth
• Employment and financial details (occupation, income, assets, liabilities — approximate)
• Family and dependant information
• Existing insurance details and superannuation information (approximate)
• Business interests (yes/no flag and brief details where applicable)

Sensitive information (health pre-screen)

The Client Data Hub includes a health pre-screen section. Clients are asked to select one of three responses:

• No known health conditions
• Brief notes only (a short description of any relevant conditions)
• Detailed health profile (more detailed information for adviser review)

This pre-screen is designed to support early advice preparation only. It does not constitute a full medical history or underwriting assessment. Health information is classified as sensitive information under the Privacy Act 1988 (Cth) and is subject to a higher level of protection.

The Client Data Hub does not collect identity documents (such as passports or driver licences), banking credentials, or tax file numbers.

3. How Information Is Collected

Information is collected via:

• Directly from advisers
• From clients via secure online forms provided through the Service
• From documents uploaded by advisers or clients (such as existing policy schedules or superannuation statements — optional)

By submitting information, you consent to its use for the purposes outlined in this policy.

4. Purpose of Collection

Information is collected and used to:

• Assist advisers in understanding client circumstances
• Support insurance needs analysis and recommendations
• Facilitate pre-assessment and insurer engagement (where applicable)
• Improve the functionality and usefulness of the Service

We do not sell personal information.

5. Data Storage and Security

We take reasonable steps to protect personal and sensitive information held within the Service.

Infrastructure

The Client Data Hub operates across two separate infrastructure layers:

• Client and adviser data is stored in a managed database hosted within Australian infrastructure (Amazon Web Services, Sydney region). Data at rest does not leave Australia.
• The application layer is hosted via a US-based cloud platform (Google Cloud Platform). Client requests are processed via this layer before being written to the Australian database. Data is not retained in the application layer beyond the duration of a request.

Encryption and access controls

• Data in transit is protected by TLS 1.2+ encryption
• Data at rest is encrypted using AES-256
• Sensitive fields (including health information) are subject to field-level encryption within the application
• Adviser access requires email and password authentication
• Client access is via unique, tokenised links that expire automatically and become single-use after submission
• The platform operator does not have access to individual client records or adviser submissions

Payment processing

Subscription payments are processed by Stripe, a PCI DSS Level 1 compliant payment processor. Payment card details are handled entirely by Stripe and do not enter Risk Hub systems at any point.

6. Data Sovereignty and Location

Client and adviser data is stored in Australia. Specifically:

• Data at rest is held in the Amazon Web Services Sydney region
• There is no offshore replication of production data
• The application layer operates via US-based cloud infrastructure (Google Cloud Platform). Client data is processed via this layer during a session but is written to and stored in Australian infrastructure

Some third-party service providers supporting the platform (such as hosting and infrastructure providers) may operate globally. Where data is processed outside Australia, we take reasonable steps to ensure it is handled in accordance with Australian privacy standards.

7. Disclosure of Information

We may disclose information to:

• The relevant adviser
• Insurance providers (in anonymised or identifiable form, as determined by the adviser)
• Service providers supporting the platform (hosting, infrastructure, payment processing)

We only disclose information where reasonably necessary for the purposes outlined above.

8. Data Retention

We retain information only for as long as required to:

• Provide the Service
• Support advice processes
• Meet legal and compliance obligations

Advisers can archive and permanently delete client records from within the Service. Advisers are responsible for determining appropriate retention of client information in line with their licensee requirements.

9. Access and Correction

Requests for access or correction of personal information should generally be directed to the adviser who collected the information.

Risk Hub may assist with such requests where appropriate. Requests can be made via: info@riskhub.com.au

10. Adviser Responsibilities and Consent

By using the Client Data Hub, you (the Adviser) confirm that:

• You have obtained all necessary consents from your clients to collect, use, and disclose their personal and sensitive information (including health information)
• You are authorised to input or facilitate the input of client information into the Service
• You will use the Service in accordance with your professional, legal, and privacy obligations
• Where client information is collected directly via the Service, you have ensured clients are aware of how their information will be used

11. Adviser Privacy Policy Requirement

Advisers using the Client Data Hub should ensure they provide a current and accessible privacy policy to their clients that covers the collection and use of personal and sensitive information, including health information, via digital tools and platforms.

12. Changes to This Policy

Risk Hub may update this policy from time to time to reflect changes in the Service, infrastructure, or regulatory requirements. Continued use of the Service following any update constitutes acceptance of the revised policy. Material changes will be communicated to active users where practicable.

13. Contact

For questions about this policy or data handling practices, contact Risk Hub at info@riskhub.com.au.

Last updated: April 2026