f frly

Legal

Privacy Policy

Last updated: May 2026

Frly is operated by Frly Pty Ltd (ABN 55 697 943 490, ACN 697 943 490), based in Melbourne, Australia. This policy explains what information we collect, how we use it, and your rights under the Australian Privacy Act 1988.

Short version: We collect only what we need to lodge your BAS. We don't sell your data. We don't share it with anyone except the ATO and the services required to run Frly.

What we collect

When you sign up or use Frly, we may collect:

How we use your information

We use your information to:

We do not use your information for advertising, profiling, or sale to third parties.

Who we share it with

We only share your information with:

We do not sell, rent, or trade your personal information.

Identity verification

Our registered BAS agent is required by the Tax Practitioners Board (TPB) to verify your identity before lodging your first BAS. You will be asked to complete this once. You will need a current Australian driver's licence or passport, and you will be asked to take a selfie to confirm it's you.

We use Stripe for identity document verification. Stripe collects identity document images, facial images, ID numbers and addresses as well as advanced fraud signals and information about the devices that connect to its services. Stripe shares this information with us and also uses this information to operate and improve the services it provides, including for fraud detection. You may also choose to allow Stripe to use your data to improve Stripe's biometric verification technology. You can learn more about Stripe and read its privacy policy at stripe.com/privacy.

Data storage and security

Your data is stored with reputable cloud infrastructure providers using industry-standard encryption in transit (TLS) and at rest. We have data processing agreements in place with all providers. Access to your data is restricted to authorised Frly personnel only.

While we take reasonable steps to protect your information, no system is completely secure. If we become aware of a data breach that is likely to cause serious harm, we will notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

Retention

We retain your tax records for 7 years, as required by the ATO. You can request deletion of your account and non-tax data at any time by emailing us.

Your rights

Under the Australian Privacy Act, you have the right to:

Cookies

We use minimal cookies - to keep you logged in and to support PostHog analytics (to understand how people use the site). We don't use advertising or tracking cookies.

Changes to this policy

We may update this policy from time to time. If we make material changes, we'll notify you by email. The current version is always available at frly.com.au/privacy.

Contact us

If you have questions about this policy or want to exercise your privacy rights, email us at [email protected]. We'll respond within 5 business days.