Version 1.0

Privacy Policy

How we collect, hold, use, disclose and protect your personal information - and why we never hold anything capable of moving your digital assets.

This Privacy Policy explains how BlockByte Capital Pty Ltd (ACN 651 824 949, ABN 63 651 824 949) ("BlockByte", "we", "us", "our") collects, holds, uses, discloses, and protects your personal information. We are a specialist digital asset estate planning consulting firm based in Victoria, Australia.

We are bound by the Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs"), and we are a registered digital currency exchange provider with AUSTRAC (registration DCE100782823-001). This Policy applies to personal information we handle in the course of our business, including through our website at blockbyte.com.au, our client portal, and our dealings with clients, their advisers, and other individuals.

By using our website or engaging our services, you agree to your personal information being handled as described in this Policy.

1. What is personal information

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not. Sensitive information is a subset of personal information that receives higher protection under the Privacy Act, and includes health information and information about a person's racial or ethnic origin, among other categories.

2. The personal information we collect

The kinds of personal information we collect and hold depend on your dealings with us. They may include:

  • Identity and contact details - your name, date of birth, residential and postal address, email address, and telephone number.
  • Identification documents - copies of documents such as your driver licence or passport, collected for our identity and conflict checks.
  • Digital asset information - records of your digital asset holdings, exchange statements, public wallet addresses, and details of the entity that owns each holding (for example, an individual, self-managed superannuation fund, trust, or company). Public wallet addresses are not secret and do not permit access to your assets.
  • Estate and adviser information - details of your existing will (reviewed on a read-only basis), your nominated executor or attorney, and the contact details of your lawyer and accountant.
  • Engagement records - our correspondence with you, file notes, the deliverables we prepare for you, invoices, and payment information.
  • Website and technical information - your IP address, device and browser type, and information about how you use our website, collected through cookies and analytics (see clause 6).
  • Marketing preferences - your email address and preferences where you subscribe to our newsletter, The Digital Inheritance, or other updates.

3. What we never collect or hold

We will never ask for, collect, or hold your Access Credentials - your private keys, seed phrases (recovery phrases), wallet passphrases, hardware wallet PINs, exchange or account passwords, or two-factor authentication codes - or anything else capable of moving, spending, or recovering your digital assets. We do not take custody of your digital assets at any time.

Where the Executor Briefing Pack we prepare captures live access detail, you complete and seal that part yourself, and we never see, hold, or store the completed copy. Because we never hold anything capable of moving your assets, no security incident affecting our systems or records can result in the loss, theft, or movement of your digital assets.

We will never contact you asking for your seed phrases, private keys, passwords, or two-factor codes. If you receive any request appearing to come from us asking for these, treat it as fraudulent and contact us through a known channel.

4. How we collect personal information

We collect personal information in a number of ways:

  • Directly from you - when you contact us, complete our forms, use our client portal, or engage our services.
  • From your authorised advisers - such as your lawyer or accountant, or a referring law firm, where you have authorised us to communicate with them.
  • From publicly available sources - including public blockchain records, where relevant to verify the existence or location of holdings you have disclosed to us.
  • Automatically - when you visit our website, through cookies and analytics tools (see clause 6).

Where it is reasonable and practicable, we collect personal information directly from you. If we receive information about you that we did not request and did not need, we will deal with it in accordance with the APPs.

5. Why we collect, hold, use, and disclose your information

We collect, hold, use, and disclose personal information for purposes connected with our business, including to:

  • provide our consulting and documentation services and prepare your deliverables, being the Digital Asset Register, Valuation Report, Solicitor Briefing Pack, and Executor Briefing Pack;
  • carry out identity and conflict checks and meet any anti-money laundering and counter-terrorism financing obligations that apply to us;
  • communicate with you and your authorised advisers, and manage our engagement with you;
  • issue invoices and process payments;
  • provide annual review and stewardship, and, where engaged, support your executor or attorney on activation of your estate;
  • operate, maintain, and improve our website and services;
  • send you marketing communications where you have subscribed or where otherwise permitted (see clause 12); and
  • comply with our legal and regulatory obligations.

If we propose to use or disclose your personal information for a purpose other than the purpose for which it was collected, we will only do so where permitted under the APPs, including where you would reasonably expect it, where you have consented, or where required or authorised by law.

6. Cookies and website analytics

Our website uses cookies, which are small text files placed on your device. We use essential cookies that are necessary for the website to function, and analytics cookies (including Google Analytics) that help us understand how visitors use our website so we can improve it. Analytics tools may collect information such as your IP address, the pages you view, and the time and duration of your visit, and may process this information outside Australia.

You can control or disable cookies through your browser settings. If you disable some cookies, parts of our website may not work as intended. Our website does not respond to browser Do Not Track signals at this time.

7. How we hold and protect your information

We hold personal information in electronic and, occasionally, physical form. We take reasonable steps to protect it from misuse, interference, and loss, and from unauthorised access, modification, or disclosure. These steps include a secure client portal, access controls and restricted access on a need-to-know basis, encryption of information in transit, confidentiality obligations on our people, and secure destruction of records we no longer need.

As noted in clause 3, we never hold your Access Credentials, so no security incident affecting us can be used to access or move your digital assets. While we take security seriously, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Data breach notification

We comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act. If we suspect that a data breach involving your personal information has occurred and is likely to result in serious harm, we will assess the breach and, where it is an eligible data breach, notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law, and take steps to contain and remediate it.

9. When we disclose your information, and to whom

We treat your personal information as confidential. We may disclose it to:

  • your nominated lawyer, accountant, or other adviser, where you have authorised us to do so;
  • your executor, attorney, or beneficiaries, on activation of your estate, to the extent necessary to administer it;
  • our service providers who help us run our business (including information technology, hosting, customer relationship management, and electronic signature providers), on a confidential basis and only for the purposes for which we engaged them;
  • our own professional advisers, on a confidential basis;
  • Alpha Node Advisors Pty Ltd (AFSL 416956), where a licensed financial service is provided in connection with your estate, as disclosed in your engagement letter; and
  • government agencies, regulators, courts, or law enforcement, including AUSTRAC, where required or authorised by law.

We do not sell your personal information, and we do not disclose it to third parties for their own marketing purposes.

10. Overseas disclosure of your information

Some of the service providers we use store or process information outside Australia. In particular:

  • Google Workspace (email and document services), which may store information in data centres in various countries;
  • HubSpot (customer relationship management), located in the United States; and
  • Dropbox Sign (electronic signatures), located in the United States.

The most likely country in which your personal information may be held overseas is the United States. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles it in a way consistent with the APPs. However, you acknowledge that overseas recipients are subject to the laws of their own jurisdictions, and by providing your information you consent to its disclosure to these recipients on this basis.

11. Sensitive information, anonymity, and pseudonymity

We generally do not collect sensitive information. Where we do need to collect it (for example, health information relevant to an incapacity or enduring power of attorney context), we will only do so with your consent and where reasonably necessary, and we will handle it with additional care.

Where it is lawful and practicable, you may deal with us anonymously or using a pseudonym, for example when making a general enquiry through our website. However, to provide our services and to meet our identity and regulatory obligations, we need to know who you are, and anonymous or pseudonymous dealings will not be practicable in those cases.

12. Direct marketing

Where you have subscribed, or where otherwise permitted under the Privacy Act and the Spam Act 2003 (Cth), we may send you marketing communications, including our newsletter, The Digital Inheritance, and updates about our services. Every marketing message includes a simple way to unsubscribe. You can also opt out at any time by contacting us at contact@blockbyte.com.au. We will action your request promptly. We do not provide your personal information to other organisations for their marketing.

13. How long we keep your information

We keep personal information only for as long as we need it for the purposes described in this Policy and to meet our legal and record-keeping obligations. Generally, we retain client engagement records for at least seven years after the engagement ends, consistent with anti-money laundering and professional record-keeping requirements. When we no longer need to hold your personal information, we take reasonable steps to securely destroy it or to de-identify it.

14. Accessing and correcting your information

You may request access to the personal information we hold about you, and ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant, or misleading. To make a request, contact us using the details in clause 18. We will verify your identity before acting on a request.

We will respond within a reasonable time, usually within 30 days. There is no charge for making a request, though we may charge a reasonable fee to cover the cost of giving access in some cases. If we refuse access or correction, we will tell you why in writing and explain how you can complain. Australian law does not provide a general right to have your information erased, but you may ask us to delete information and we will consider your request where it is appropriate and lawful to do so.

15. Automated decision-making

We do not use computer programs or artificial intelligence to make, or to substantially and directly assist in making, decisions that could reasonably be expected to significantly affect your rights or interests. Our assessments, including valuations and conflict checks, are reviewed by our people. If this changes, we will update this Policy to include the information required by the Privacy Act before the automated decision-making transparency obligations commence on 10 December 2026.

16. How to make a complaint

If you have a concern or complaint about how we have handled your personal information, please contact us first, using the details in clause 18. We will acknowledge your complaint and respond within a reasonable time, usually within 30 days.

If you are not satisfied with our response, you can complain to the OAIC: by phone on 1300 363 992; online at oaic.gov.au; or by mail to GPO Box 5218, Sydney NSW 2001.

17. Third-party links and changes to this Policy

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites, and we encourage you to review their privacy policies.

We may update this Policy from time to time to reflect changes in our practices or the law. The current version is always available on our website, and we will update the effective date at the top when we make changes. We encourage you to review it periodically.

18. How to contact us

For any privacy enquiry, request, or complaint, please contact us:

  • BlockByte Capital Pty Ltd
  • 143 Ivanhoe Parade, Ivanhoe VIC 3079
  • Email: contact@blockbyte.com.au
  • Phone: +61 428 957 380

This Policy is governed by the laws of Victoria, Australia.

BlockByte Capital Pty Ltd (ACN 651 824 949 · ABN 63 651 824 949 · AUSTRAC DCE100782823-001).