Privacy Policy

Last updated: 28 March 2026  ·  Tunny Cloud Services Pty Ltd (ABN 66 686 664 273)

CDRscanner is a product of Tunny Cloud Services Pty Ltd (ABN 66 686 664 273). This Privacy Policy describes how we collect, use, and handle information in connection with the CDRscanner service ("Service"). We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Information We Collect

We collect two distinct categories of information:

Personal information (users):

• Account information — name, email address, and organisation name when you register for or are invited to use the Service.
• Usage data — log data including IP addresses, browser type, pages visited, and actions taken within the dashboard.
• Payment information — billing contact details. Payment card data is processed directly by our payment provider and is not stored on our systems.
• Communications — emails or messages you send to us (e.g. support requests, demo inquiries).

Product monitoring data (not personal information):

CDRscanner monitors publicly available Consumer Data Right (CDR) product reference data sourced from bank Open Banking APIs, publicly accessible PDF rate schedules, and publicly accessible web pages. This data relates entirely to financial products — interest rates, fees, and product terms — not to individual consumers. We do not collect, process, or store any consumer CDR data.

Monitoring results (rate comparisons, discrepancy reports, screenshots) are retained for a maximum of 31 days, after which they are automatically deleted. This data is derived entirely from publicly available sources.

2. How We Use Your Information

• To provide, operate, and maintain the Service
• To manage your account and respond to your inquiries
• To send service-related notifications (e.g. mismatch alerts, billing receipts)
• To improve and develop the Service
• To comply with legal obligations

We do not sell your personal information to third parties.

3. Data Storage and Security

All data is stored on infrastructure located in Australia (Sydney region). We implement industry-standard security controls including encryption in transit (TLS), encryption at rest, and access controls limited to authorised personnel.

While we take reasonable steps to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

4. Disclosure of Information

We may share your information with:

• Service providers — third parties who assist us in operating the Service (e.g. cloud hosting providers, email notification services). These providers are bound by confidentiality obligations and may only use your information to provide services to us.
• Legal requirements — if required by law, court order, or government authority.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do not share information with the ACCC, OAIC, or any regulatory body except where required by law.

5. Cookies and Tracking

The CDRscanner marketing website (cdr.tunny.io) does not use tracking cookies or analytics at this time. The dashboard application uses session cookies for authentication purposes only. These are necessary for the Service to function and cannot be disabled.

6. Your Rights

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or out-of-date information
• Request deletion of your information (subject to legal retention obligations)
• Complain about a breach of your privacy rights

To exercise any of these rights, contact us at hello@tunny.io. We will respond within 30 days.

7. Complaints

If you believe we have handled your personal information in a way that breaches the Australian Privacy Principles, we ask that you contact us first at hello@tunny.io so we can investigate and attempt to resolve your concern. We will respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. Under the Privacy Act 1988 (Cth), the OAIC can investigate complaints and take action where a breach is found.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Continued use of the Service after changes are published constitutes acceptance of the updated policy.

9. Contact Us

For privacy-related questions or requests, contact us at:

Tunny Cloud Services Pty Ltd
ABN 66 686 664 273
hello@tunny.io