SMSFcentral Logo

Login

Privacy Policy

Home / Privacy Policy

Last updated: 25 April 2026

This is the privacy policy of SMSFcentral. We handle a lot of personal and financial information in the course of administering self managed super funds, and this page sets out what we collect, why we collect it, who we share it with and what your rights are.

We follow the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). As a registered tax agent we also have specific obligations under the Tax Agent Services Act 2009 and the Tax Agent Services (Code of Professional Conduct) Determination 2024.

1. Who we are

SMSFcentral is a trading name of SMSFcentral Pty Ltd, a division of the Orbit Group.

Legal entity SMSFcentral Pty Ltd
ABN 81 611 115 505
Tax Agent registration 25410256 (TPB)
Registered office Level 4, 1 James Place, North Sydney NSW 2060
Postal address PO Box 1335, Randwick NSW 2031
Phone 02 8412 0086
Email [email protected]

2. Scope of this policy

This policy applies to:

  • The smsfcentral.com.au website and any forms, calculators or downloads on it
  • Any service we provide to you, whether you come to us directly or through a financial adviser
  • Communications with us by phone, email or post

SMSFcentral does not hold an Australian Financial Services Licence. We don’t give financial product advice, and we don’t recommend whether an SMSF is right for you, what to invest in, or how to allocate fund assets. We provide tax, compliance and SMSF administration services. Where this policy talks about our services, that’s what it means.

3. What information we collect

The information we hold falls into a few buckets.

Identity and contact information

  • Name, date of birth, residential and postal address
  • Phone number and email address
  • Identity documents we collect at onboarding — typically driver licence, passport or Medicare card. We need these to verify trustees and members and to meet our regulatory obligations.

Tax and fund information

  • Tax File Numbers (TFNs) of members and the fund
  • Australian Business Number (ABN) of the fund and any related entities
  • Trustee and member details — including roles, contributions, balances, pension phase status and beneficiary nominations
  • Trust deed, corporate trustee constitution and ASIC records
  • Investment records — bank accounts, broker accounts, property holdings, valuations, dividend statements, distribution statements
  • Bank account and broker account details, accessed via read-only data feeds through Class

Adviser information

If your SMSF is administered through a financial adviser, we’ll also hold your adviser’s name, firm, AFSL/authorisation details and contact information so we can communicate with them about your fund.

Website usage data

  • IP address, browser type and device information
  • Pages visited, time on site, referring URL — collected via Google Analytics 4
  • Search queries that brought you to the site (in aggregate, via Google Search Console and Bing Webmaster Tools)
  • Cookies (see section 11 below)

4. How we use your information

We use the information we collect to:

  • Set up and administer your SMSF
  • Prepare the SMSF Annual Return, financial statements, member statements and other tax documents
  • Coordinate the annual independent audit of your fund
  • Lodge returns and reports with the ATO — including the SAR, TBAR (Transfer Balance Account Report) and any other reporting we’re responsible for
  • Communicate with you, your adviser, your auditor and other professionals involved in your fund
  • Meet our obligations as a registered tax agent — including the Code of Professional Conduct and TPB record-keeping rules
  • Respond to enquiries submitted through our website or by phone
  • Improve the website and understand which content is useful

We don’t sell your information. We don’t use it for marketing without your consent.

5. Who we share it with

To administer an SMSF we need to share information with a number of third parties. Here’s the full list, what each one receives, and why.

Recipient What they receive Why
Australian Taxation Office SMSF Annual Return, TBAR events, member contribution data, rollover information Lodgments and reporting required by tax law
Independent SMSF auditor (changes annually or as appointed) Full fund records — financial statements, bank statements, investment evidence, member files, trust deed Annual SMSF audit. The auditor is independent of SMSFcentral and signs the audit report.
Class Super (Class Limited) All fund administration data — members, balances, transactions, investments, documents Primary SMSF administration platform. Hosted in Australia.
BGL Corporate Solutions Fund administration data for funds we administer on BGL Secondary SMSF administration platform used for some funds
NowInfinity Trustee names, member names, fund details, ASIC details Generation of trust deeds, deed updates, corporate trustee constitutions and ASIC company changes
Your financial adviser (where applicable) Fund records relevant to advice — balances, contributions, pension status, reports So your adviser can give you advice about your super
Australian banks and brokers Authorisation to access read-only data feeds Daily transaction feeds into Class so we can keep records current
SuperStream gateway (where applicable) Member contribution and rollover data Required for processing employer contributions and rollovers
Macquarie CMA (where applicable) Fund and signatory details for cash management accounts Cash management and payment processing for funds using a Macquarie CMA
Cloudflare Network metadata, IP addresses CDN, DNS and security; Cloudflare Access secures admin login on this website
Google (Analytics 4 and Search Console) Website usage data, aggregated search performance Site analytics and SEO measurement
Microsoft Bing Webmaster Tools Aggregated search performance for Bing SEO measurement
Gravity Forms (form plugin) Contact form submissions Capturing and routing enquiries from the website
FluentSMTP / Gmail Email contents and metadata Sending transactional emails — engagement letters, requests for information, lodgment confirmations
WordPress hosting (LiteSpeed) Website content and any data submitted via the site Hosting the smsfcentral.com.au website
UpdraftPlus Encrypted website backups Disaster recovery for the website

We may also share information with our professional advisers (lawyers, our own accountants, insurers) where it’s necessary, and with regulators or law enforcement where we’re legally required to.

6. Where your information is stored

All administration work is performed onshore. Our team is based in Australia, our SMSF administration platforms (Class and BGL) host fund data in Australia, and we don’t outsource bookkeeping or processing offshore.

Some of the website infrastructure providers we use — Cloudflare, Google Analytics, Bing — operate global networks. Aggregated and anonymised analytics data may be processed outside Australia by these providers under their own privacy frameworks. None of your fund administration data sits on those networks.

7. How long we keep your information

The general rule is seven years. That’s the minimum retention period required by the ATO for tax records and by the TPB for tax agent client records under the Code of Professional Conduct.

Some records need to be kept for longer:

  • SMSF audit working papers — auditors’ professional standards typically require retention for seven years from the audit date, which can extend the effective retention beyond the tax-record window
  • Trustee meeting minutes and trust deed amendments — kept for the life of the fund plus ten years
  • Records relating to a complaint, investigation or dispute — kept until the matter is resolved plus the standard retention period

When information is no longer required and we’re not legally obliged to keep it, we securely destroy or de-identify it.

8. How we secure your information

Practical security beats theoretical security. Here’s what we actually do:

  • Encrypted backups. Website backups via UpdraftPlus are encrypted before they leave the server.
  • Cloudflare Zero Trust on admin access. The WordPress admin and tools sit behind Cloudflare Access — admin login requires identity verification and one-time codes, not just a password.
  • Named ownership. Each fund has a senior team member who owns the file. They know the trustees, the history and the moving parts. That avoids mistakes that come from unfamiliar staff handling a fund.
  • Least-privilege access. Staff only have access to systems and clients they need to do their job. New starters are onboarded carefully and access is removed promptly when people leave.
  • Secure credential storage. Passwords and access tokens are stored in a managed password vault — not in spreadsheets, sticky notes or shared docs.
  • Onshore processing. No offshore bookkeeping or processing. Your fund’s data isn’t sitting on a contractor’s laptop in another time zone.
  • Staff training. Our people are trained on data handling, phishing, and the obligations we have under the APPs and the TPB Code.
  • Multi-factor authentication. Required on all systems holding client data — Class, BGL, email, NowInfinity.

No system is impervious to a determined attack. If we ever have a data breach that’s likely to result in serious harm, we’ll notify you and the OAIC under the Notifiable Data Breaches scheme.

9. Your rights

Under the APPs you can:

  • Ask what we hold about you. Email [email protected] and we’ll provide a copy of the personal information we hold, usually within 30 days.
  • Ask us to correct it. If something we hold about you is wrong, out of date or incomplete, tell us and we’ll fix it.
  • Make a complaint. Start with us — see section 10. If we can’t resolve it, you can take the complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

There are limited situations where we can’t give you access — for example, where another person’s privacy would be compromised, or where the law requires us to withhold the information. If we refuse a request we’ll explain why.

10. How to contact us about privacy

The fastest route is email.

  • Email: [email protected]
  • Phone: 02 8412 0086
  • Post: Privacy Officer, SMSFcentral, PO Box 1335, Randwick NSW 2031

If you’d like to lodge a complaint, please mark it “Privacy complaint” so it gets handled by the right person. We aim to acknowledge complaints within five business days and resolve them within 30 days.

11. Cookies and analytics

The website uses cookies for two reasons. First, technical cookies that make the site work — session state, security checks via Cloudflare. Second, analytics cookies set by Google Analytics 4 to help us see which content is useful and which pages people drop off on.

You can block or delete cookies in your browser settings. The site will still work, but some features (like remembering your form input if you navigate away) won’t.

We don’t run advertising on the site, so we don’t set advertising or remarketing cookies.

12. Changes to this policy

We update this policy from time to time — usually when we add a new tool to our stack or when there’s a relevant change in the law. The “last updated” date at the top of this page tells you when the current version went live. Material changes will be flagged on the website. If you’re a current client and a change affects you specifically, we’ll email you.

13. Last updated

25 April 2026.

SMSFcentral Pty Ltd · ABN 81 611 115 505 · Tax Agent 25410256 · 1 James Place, North Sydney NSW 2060 · 02 8412 0086 · [email protected] · Tax, compliance and administration only — we do not provide financial advice.

Ready for us to handle the compliance detail while you focus on your fund?
02 8412 0086