Skip to content

Privacy Policy

Mist is a financial and lifestyle services platform, developed in Australia, that serves and supports students no matter where they are coming from or the destination they are going to.

At Mist, we care about the privacy of your data and are committed to protecting it.

We recognise that sharing sensitive information with Mist is important and we want you to feel reassured that we have implemented industry-leading security practices and that this privacy policy guides how our organisation protects your information. We operate in line with the principles of the international information security standard (ISO 27001).

This Privacy Policy explains what information we collect about you and why, what we do with that information, and how we handle that information. We will also explain what choices you have with respect to the information.

Mist Financial Pty Ltd is an Australian registered company (645 778 767) and complies with the Privacy Act (1988). When we collect and use personal information about you, we manage that personal information under this privacy policy, the Privacy Act, the Australian Privacy Principles (APPs) in the Act and any APP Code, law or rule we follow.

If you have any feedback on this policy, or you wish to contact us, please email us at We look forward to hearing from you.

How we treat privacy

In this Privacy Policy, 'us' 'we' or 'our' means Mist Financial Pty Ltd and our subsidiaries hereby referred to as “Mist”. We are committed to respecting your privacy. Our Privacy Policy sets outs out how we collect, use, store and disclose your personal information.

By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy. Personal information includes information or an opinion about an individual that is reasonably identifiable.

What personal information do we collect?

We may collect the following types of personal information:

  • name, residential address, email address, date of birth, gender, telephone numbers;
  • details of your interactions with us;
  • location information (country of origin);
  • information about the type of device and operating system used by you;
  • bank account details or debit card details;
  • Driver Licence, Passport, Medicare number;
  • any other relevant information that you give to us for the purpose of providing you with our products (via opt-in); and
  • any additional information relating to you that you provide to us directly through our website or app or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information.

We may collect this information from you directly or from third parties, including:

  • Someone acting on your behalf, such as a parent or guardian, agent, or authorised operator of your account
  • Third party service providers who capture data when you use our platforms on our behalf

We may collect this information when you:

  • register on our website or app;
  • communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites;
  • interact with our sites, services, content and advertising; or
  • invest in our business or enquire as to a potential purchase in our business.

In addition, when you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract. This Privacy Policy does not apply to acts and practices in relation to employee records of our current and former employees, which are exempt from the Privacy Act.

Other information

As you use Mist and interact with us, we may request to collect other information that we believe can help us, to help you. We will always ask your permission and tell you what we are doing.

When you use our website, we may also use cookies to collect information about you. We do this to help us improve the security and performance of the website, as well as improve the efficiency of our marketing campaigns.

While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.

You can disable cookies through your internet browser but our website may not work as intended for you if you do so.

How do we collect this information?

We collect information when you register and provide your consent to connect with your personal data. This information is used to power the features of the App and allow us to communicate with you for notifications, alerts, technical messages.

We also collect information about how you use the App and our website and we aggregate this with all other users to find ways to improve the user experience and make it easier to use our features

We also collect information when you contact us with an enquiry or request, so that we can ensure that we provide the best customer service. We may also use aggregated and de-identified information to improve customer service for everybody. When you participate in a survey we may collect your answers to help us improve the App.

Collection of Information from Children

Our products and services are directed at adults aged 18 years and over, and not intended for children. We do not knowingly collect data from this age group. Any data collected from a child before their age is determined will be deleted.

If you are under the age of 18, please do not submit any personal information through the Site and/or Products and Services. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce this Policy by instructing their children never to provide personal information through the Sites and/or Products without their permission.

Why do we collect, use and disclose personal information?

We may collect, hold, use and disclose your personal information for the following purposes:

  • to enable you to access and use our website, App and our other services;
  • to operate, protect, and optimise our services, business and our users' experience, such as to perform analytics, conduct research and for advertising and marketing;
  • to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
  • to send you marketing messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
  • to administer rewards, surveys, or other promotional activities or events sponsored or managed by us or our business partners;
  • to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
  • to consider your employment application.

We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.

To whom do we disclose your personal information?

We may disclose personal information for the purposes described in this privacy policy to:

  • our employees, contractors and subsidiaries;
  • third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
  • professional advisers, dealers and agents;
  • payment system operators
  • our existing or potential agents, business partners or partners;
  • our sponsors or promoters of any competition that we conduct via our services;
  • anyone to whom our assets or businesses (or any part of them) are transferred;
  • specific third parties authorised by you to receive information held by us; and/or
  • other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
  • Disclosure of personal information outside Australia

We may disclose personal information outside of Australia to third party suppliers | cloud providers located in Australia.

When you provide your personal information to us, you consent to the disclosure of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with Australian Privacy Law. We will, however, take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the Australian Privacy Principles.

Do we use your personal information for direct marketing?

We and/or our carefully selected business partners may send you direct marketing communications and information about our services. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act.

You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g. an unsubscribe link).

Using our website and cookies

We may collect personal information about you when you use and access our website. While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.

We may also use 'cookies' or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.

We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.

If you would like more information about cookies in general, please visit Cookiepedia.


We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information.

We operate in line with the principles of the international information security standard (ISO 27001).

We use industry-standard encryption to protect your data in transit. This is commonly referred to as transport layer security (“TLS”) or secure socket layer (“SSL”) technology. Once we receive your data, we protect it on our servers using a combination of technical, physical, and logical security safeguards

Data Breach event

If, despite our best efforts, a data breach occurs, we will take immediate steps to determine the breach, its cause and how to fix it. We will advise you of the extent of the data breach (if known) and the most appropriate means of regaining control of that information. We will also notify the Office of the Australian Information Commissioner (OAIC) or any other regulator, if appropriate and comply with all other relevant legal requirements.


Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

Accessing or correcting your personal information

You can access the personal information we hold about you by contacting us using the information on the contact page of our website. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.

If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.

Cost for accessing my personal information

Depending on the amount of information you request, we may charge you a fee for organising the information you request from us. We will give you an estimate of the fee before we organise the information. Then, we can work with you to check whether you wish to limit your request to reduce the charges.

Additional rights under General Data Protection Regulation (GDPR) if you are located in the EEA

The General Data Protection Regulation (GDPR) regulates the way we process information, from which you can be identified or from which you are identifiable, that we collect about you while you reside in a country in the European Economic Area (EEA) or Switzerland. This policy refers to that information as “personal data”. The term “personal information” in this policy also includes that “personal data”. For GDPR purposes, we process personal data about you when we collect and use that personal data. Also, we are the controller of that personal data. When we collect personal data, we manage that personal data under this policy, the GDPR and any other law that applies to processing that personal data.

The EEA countries are: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the United Kingdom, Iceland, Liechtenstein and Norway.

The following explains how we comply with the GDPR for residents of the European Economic Area (EEA) or Switzerland. Note the following does not apply if you reside outside of the above countries.

We will retain personal data about you only for as long as is necessary for the purposes set out in this policy. We will retain and use that personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We may transfer personal data about you to, and maintain it on, computers located outside of your State, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

We may transfer that personal data to other jurisdictions and process it there. We will take all steps reasonably necessary to ensure that personal data about you is treated securely and in accordance with this policy and no transfer of that personal data will take place to an organization or a country, unless there are adequate controls in place including the security of that personal data.

If you are a resident of an EEA country or Switzerland, you have certain data protection rights with respect to personal data we collect about you while you reside in that country. We will take reasonable steps to allow you to correct, amend, delete, or limit the use of that personal data. If you wish to do so, please email us.

If you wish to know what personal data we hold about you and if you want us to remove that personal data from our systems, please contact us.

You have the right to complain to a data protection authority about our collection and use of personal data we hold about you. For more information, please contact your local data protection authority in the country (an EEA country or Switzerland) of which you were a resident when we collected personal data about you.

Closing my account

You may decide to close your Mist account. We ask that you kindly email to request an account closure.

Once you have requested to cancel your Mist account, to the extent reasonably possible, all information and credentials will be deleted from our systems, and nothing will be retained other than as required by law. However, portions of your information, consisting of aggregate data derived from your account information, may remain on our production servers indefinitely.

Your data may also remain on a backup server. We keep these backups to ensure our continued ability to provide the Services to you in the event of malfunction or damage to our primary production servers.

Please note that simply deleting the App will not give effect to termination and deletion of your information.

Making a complaint

If you have a concern or complaint about how we have handled your personal information, let the Mist team know and we'll try to fix it. We try to get things right the first time – but if we don't, we'll do our best to sort it out. If you are satisfied with how we respond to your complaint about how we've handled your personal information, there are other things you can do.

If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the information on the contact page of our website.

Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time.

However, if you feel that your complaint has not been satisfactorily addressed or that it is taking too long to resolve your complaint, you are entitled to contact the Office of the Australian Information Commissioner (OAIC), on 1300 363 992 or the other contact details on the OAIC's website (, who may investigate your complaint further.

Contact Us

For further information about our Privacy Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the using the information on the contact page of our website or email us at