Thanks for trusting the Ratified Platform to verify your identity.
Your faith in us means everything to us. Without your trust we cannot operate our innovative Identity Service to our customers and clients.
We are setting up an ecosystem where you can verify your identity once with us, and then re-share your identity to our trusted customers who need to know who you are. This will allow a more streamlined experience for you.
In this Privacy Policy, ‘us’ ‘we’ or ‘our’ means Ratified Pty Ltd (trading under its business name Ratified). We are committed to respecting your privacy. Our Privacy Policy sets out how we collect, use, store and disclose your Personal Information.
By providing Personal Information to us, you consent to our collection, use and disclosure of your Personal Information in accordance with this Privacy Policy and any other arrangements that apply between us.
We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.
1.1 In this Privacy Policy, the following capitalised terms have the following meanings:
Data Protection Laws mean the Privacy Act.
DVS Access Policy means the policy issued by the Attorney-General’s Department that sets out the conditions of access to and use of the Document Verification Service.
DVS Service means the Australian governments service that allows verified organisations, such as us, to check that the identity information you give us matches government records (Commonwealth or state – usually the passport office or the state driver licence authorities).
Identity Verification Services Act (IVS Act) means the Identity Verification Services Act 2023 (Cth), which governs access to and use of the Document Verification Service and other identity-matching services operated by the Commonwealth.
Identity Service means the verification and authentication of your identity.
Non-personal Information means information that does not relate to a person and/or cannot be used to identify a person.
Ratified Platform means any website, application, platform, software, landing page, plugin, API or any other digital product, interface or service offered by us, and it includes the Identity Service.
Personal Information means any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.
Privacy Act means the Privacy Act 1998 (Cth).
2.1 Information you voluntarily provide to us: We collect information about you and your interactions with us when we provide the Identity Service, and when you call us, interact with any of our Ratified Platforms or otherwise visit our website. This usually includes (without limitation) the following Personal Information:
For the Identity Service
(a) your name;
(b) your address;
(c) your date of birth;
(d) your mobile number and device identifiers;
(e) images of identity documents you submit to us;
(f) location data that we can collect from your device, either with your consent or automatically;
(g) any identifying numbers on your identity documents (eg document number and licence number, plus expiry dates); and contact information such as email address and phone number;
(h) any other data on your document, eg place of birth;
(i) your selfie image if we collect that; and
(j) data that the DVS Service returns to us (eg flags that your identity document has been revoked or has expired).
For use of the Ratified Platform more generally
(a) name of your organisation (if applicable);
(b) history of use of the Identity Service and details of enquiries or complaints you make; and
(c) login credentials for third-party websites (if you use such third-party accounts to log in into our Ratified Platforms).
2.2 Information we automatically collect: We also automatically collect certain technical data that is sent to us from the computer, mobile device and/or browser through which you access the Ratified Platforms (Automatic Data). This includes IP address, statistics on your activities, and information about how you came to the Platforms based on your consent upon registration.
2.3 Information we obtain from others: We may also collect or receive Personal Information from third-party sources, such as other users, suppliers, social media or other third-party integrations.
2.4 Non-Personal Information: When you interact with the Platforms, we may collect Non-Personal Information. If associated with your Personal Information, we treat the combined data as Personal Information until it can no longer be associated with you.
3.1 We may collect, hold, use and disclose your Personal Information for the following purposes:
(a) To provide the Identity Service (including sending data to the DVS Service);
(b) We will send verified information about you to our third party clients, but only with your prior consent each time;
(c) To send service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
(d) To operate, protect, improve and optimise the Identity Service, business and our users’ experience, such as to perform analytics and conduct research;
(e) To administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners; and
(f) To comply with our legal obligations, resolve any disputes that we may have with any of our users or customers, and enforce our agreements with third parties.
3.2 The information we collect is not distributed, sold or leased to third parties for commercial purposes, except to provide the Identity Services or for other purposes when we have your permission or when we are obliged to do so.
The DVS Service
3.3 In using our Identity Services you confirm that you are authorised to provide your identity details to us for verification.
3.4 We handle your data in accordance with the Privacy Act 1988 (Cth), the Identity Verification Services Act 2023 (Cth), and the DVS Access Policy issued by the Attorney-General’s Department.
3.5 Information will be sent to the Australian DVS via our group company Caprock Merchant Pty Limited.
3.6 You give your express consent to the collection, use and disclosure of your personal information that you have provided to us.
3.7 Note: If you do not consent, we cannot verify your identity and you will not be able to use our Identity Services.
Biometrics
3.8 We may use biometric matching services to verify your identity and then to authenticate your identity again. We will only do this with your consent. 3.9 We will not keep your biometrics for longer than necessary. 3.10 We will never transfer or sell your biometric data to anyone else.
Automated Processing
3.11 Our verification process uses automated processing to verify your identity, including facial matching, DVS matching, and PEP/sanctions checklists to create a level of confidence in your identity.
We may disclose Personal Information for the purposes described in this Privacy Policy to employees, related bodies corporate, recipients of the Identity Service (with consent), third-party suppliers, professional advisers, and government agencies as required by law.
No. We will not use your personal information for any marketing purposes.
6.1-6.6 We may collect information about your use of our Platforms. We use cookies and web beacons to enhance your experience and understand usage patterns. You can choose whether or not to accept cookies through browser settings, though some features may be limited.
We hold your Personal Information in electronic form and take reasonable steps to protect it from misuse or unauthorised access, though absolute security cannot be guaranteed.
8.1-8.2 Your information is processed in Australia. We do not transfer DVS or IVS Act–regulated data outside Australia and ensure secure treatment in accordance with this Privacy Policy.
9.1 Verified Personal Information is retained for 12 months after your last use of the app. 9.2 If you close your account, information is deleted within one month. 9.3-9.4 Additional retention may occur if required by law or the DVS Service rules.
10.1-10.2 This Privacy Policy does not apply to third-party links or Personal Information you provide to other users through the Platforms or other means.
11.1-11.4 You can withdraw your consent (closing your account), access your Personal Information via the app, or request corrections to inaccurate data by emailing us.
12.1-12.2 If you believe we have breached privacy laws, contact us at the email below. If unsatisfied, you may contact the Office of the Australian Information Commissioner (www.oaic.gov.au).
Email: onboarding@ratified.com.au
Effective: 8 December 2025.
Version: v1.1. Published on 8 December 2025
