Compliance & Standards

Last updated:

1. Australian Privacy Act 1988

Tenovo fully complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Our commitment includes:

• Transparent collection and use of personal information
• Secure storage and protection of user data
• User rights to access, correct, and delete personal information
• Appropriate safeguards for data transfers
• Regular privacy impact assessments

2. Data Protection Standards

2.1 Security Measures

We implement enterprise-grade security measures including:

• End-to-end encryption for data transmission
• Secure hosting on Australian soil
• Regular security audits and penetration testing
• Multi-factor authentication for administrative access
• Comprehensive backup and disaster recovery procedures

2.2 Data Localization

All user data is stored and processed within Australia to ensure compliance with Australian data sovereignty requirements and to provide optimal performance for Australian users.

3. Financial Services Compliance

While Tenovo provides tools for financial planning, we maintain clear boundaries regarding financial advice:

• We do not provide financial advice or recommendations
• All calculations and forecasts are for informational purposes only
• Users are encouraged to seek professional financial advice
• We maintain appropriate disclaimers throughout our platform

4. ATO Integration Compliance

Our integration with ATO systems complies with:

• ATO's Digital Service Provider requirements
• Secure authentication protocols
• Data handling and privacy standards
• Regular compliance audits

5. Open Banking Compliance

Our Open Banking integrations adhere to:

• Consumer Data Right (CDR) standards
• ACCC and OAIC guidelines
• Secure API authentication and authorization
• User consent management
• Data minimization principles

6. Industry Standards

6.1 ISO Standards

We follow industry best practices aligned with:

• ISO 27001 (Information Security Management)
• ISO 27018 (Cloud Privacy Protection)
• ISO 27017 (Cloud Security Controls)

6.2 OWASP Guidelines

Our development practices follow OWASP (Open Web Application Security Project) guidelines to prevent common web application vulnerabilities.

7. Third-Party Compliance

We carefully select third-party service providers who maintain high compliance standards:

• CoreLogic - Property data and analytics
• ATO - Tax and compliance data
• Open Banking providers - Financial institution data
• Cloud infrastructure providers with Australian data centers

8. Regular Audits and Monitoring

We conduct regular compliance activities:

• Quarterly security assessments
• Annual privacy audits
• Regular penetration testing
• Compliance monitoring and reporting
• Staff training on privacy and security

9. Incident Response

We maintain a comprehensive incident response plan that includes:

• 24/7 monitoring and alerting
• Rapid incident detection and response
• User notification procedures
• Regulatory reporting requirements
• Post-incident analysis and improvement

10. User Rights and Transparency

We maintain transparency in our compliance practices:

• Clear privacy notices and policies
• Easy access to personal information
• Simple data deletion processes
• Transparent data usage practices
• Regular compliance reporting

11. Regulatory Updates

We actively monitor regulatory changes and update our compliance practices accordingly. This includes:

• Privacy law updates
• Financial services regulation changes
• Data protection standard updates
• Industry best practice developments

12. Contact Information

For compliance-related inquiries or to report concerns: