Consumer Data Right Policy
PFinance CDR policy
This draft policy describes how PFinance intends to handle Australian Open Banking data under the Consumer Data Right. It is prepared for submission readiness and requires legal approval before lodgement.
Who provides the service
PFinance is operated by Gamma Systems Pty Ltd. The direct Accredited Data Recipient path is the target path for Australian Consumer Data Right Open Banking. Accreditation, Register onboarding, CTS, and production activation must be complete before production CDR data collection is enabled.
What CDR data is requested
The planned v1 Open Banking service is read-only and limited to consumer-consented banking account and transaction data. The draft scope set covers account discovery, account detail, and transaction history needed for personal finance management.
How CDR data is used
With consumer consent, PFinance will use CDR banking data to show account and transaction history, categorise spending, support budgets and insights, identify recurring payments, and create or review finance records in the user account.
Withdrawal and deletion
Consumers must be able to withdraw sharing. Collection stops immediately after withdrawal. PFinance will revoke the sharing arrangement with the data holder and delete or de-identify redundant CDR data according to the consumer election and applicable retention requirements.
Current status
This policy page is a draft implementation artifact for submission preparation. It requires legal and privacy approval before it is used as the official public CDR policy URL in the Participant Portal.
Contact and support
Consumer support, privacy, complaint, and correction channels must be finalised before this draft becomes the official public CDR policy. The companion API reference describes the implemented authentication and authorisation surfaces for engineering and conformance review.