Privacy and Platform Security Concerns

We understand your concerns regarding the security of your account and your data.

As per our privacy policy, we do send mobile notifications, marketing emails, newsletters, and invitations to our users to promote our services and free content (i.e., webinars and video series) but if you prefer not to receive any of those, you can always let us know and we will humbly unsubscribe your account so that you will not receive those kinds of promotions.

If you engage our parent company, Empower Wealth for their financial services such as mortgage broking, financial planning and tax accounting, we may disclose your personal information to prospective funders/lenders, lenders mortgage insurers, the ATO and credit reporting bodies or other intermediaries to ensure that we can deliver on our services.

In regards to your concern about security, the portal is secured with two options of 2-factor authentication to make sure that you and an authorized user can access your account securely. We currently employ Google Authenticator as well as an SMS authenticator to make sure that you can only log in to your account from a verified device and remove the risk of your account being hacked especially since you may have some sensitive information saved there.

 

Overview

Integrated Pathways Pty Ltd (parent company of Moorr and Empower Wealth Advisory services) is committed to the ongoing implementation, management and monitoring of security across the entire group of companies.

As an integrated business our goal is to facilitate and enhance security maturity across all the businesses within the group to ensure the ongoing protection of customer data, and to proactively manage and mitigate against information security risks.

Please note that Moorr acts as both a financial management application as well as a customer portal for users who wish to engage Empower Wealth Advisory services, as such some of the processes below regarding handling of customer data to facilitate advisory services will not be applicable to a Moorr user who has not decided to engage Empower Wealth.

 

Customer Data Management

From a data management and data handling perspective, management and security of personal data is our highest priority. As such customer data in Moorr along with all customer data handled and managed by our advisory services is encrypted at rest, transmitted via SSL (Secure Socket Layer) encryption and only processed on or accessed via company managed devices which are encrypted at rest and run endpoint protection. In addition to this, firewalls, network segregation and network access controls have been put in place to secure all the relevant infrastructure where customer data is hosted, stored or processed.

Access by staff to all systems holding customer data is governed by 2FA authentication and randomly generated secure passwords managed via password management software. Access controls are in place to manage and govern the information which staff have access to limit access to customer information relative to work tasks such as when providing financial advice or conducting a mortgage application.

As part of our ongoing security roadmap, access controls for customer data will be further enhanced over the next few months as we further restrict access to customer data to individual staff members working on a job task and move towards ‘Just in Time’ permission grants and access controls. These new controls will be accompanied by new data handling procedures and policies as we further strengthen our security management.

 

Secure Development, Hosting & Vulnerability Management

All code produced by our development team undergoes peer reviews and quality assurance to ensure the appropriate security, access and authentication controls have been implemented within the logic of our applications. All third-party libraries used within our application are regularly reviewed for vulnerabilities and upgraded as required. We periodically review our implementation against the OWASP security risks, whist factoring secure design practices from standards such as PCI-DSS.

Where possible we try to utilize serverless infrastructure to reduce the overhead of vulnerability management for the infrastructure hosting our systems. In the few cases where virtual machines or appliances are used these are appropriately patched and updated as required.

 

Compliance

We comply with all relevant data protection laws and regulations, including the Australian Privacy Principles (APPs). This compliance reflects our dedication to handling your personal information with the utmost care and responsibility.

 

Our Ongoing Commitment to Security

We understand and are committed to improving the security of our business, our customers and their data. As part of our security roadmap, we are committed to improving the security maturity within our business as we continue to grow. Within the current financial year, we are planning to appointment of a dedicated Security Operations Manager across the group of companies and commence the implementation of an ISMS (Information Security Management System) utilizing the ISO27001 framework as a guide. Our objective is to apply a coordinated program of Governance, Risk and Compliance with an internal audit function to focus on proactive risk management, monitoring and mitigation.

Once again, we’d like to emphasise that we, at Moorr, value our customer’s right to data privacy and we will continue to take all measures to protect and secure your account. Any changes that need to be done to your account will be only done with your consent and you can always opt-out from receiving any marketing notifications from us by letting us know through this link: https://www.moorr.com.au/support.

Last Updated July 2024

You might also be interested in

Try Moorr For Free Today

Spend money on the things you want without guilt and save for the future with confidence. You can have the best of both worlds. Achieve more, with Moorr

Let us know how to keep you in the loop!

Let us know how to keep you in the loop!

 
 

Privacy Policy

This following document sets forth the Privacy Policy for this website. We are bound by the Privacy Act 1988 (Crh), which sets out a number of principles concerning the privacy of individuals using this website.

Collection of your personal information

We collect Non-Personally Identifiable Information from visitors to this Website. Non-Personally Identifiable Information is information that cannot by itself be used to identify a particular person or entity, and may include your IP host address, pages viewed, browser type, Internet browsing and usage habits, advertisements that you click on, Internet Service Provider, domain name, the time/date of your visit to this Website, the referring URL and your computer’s operating system.

Free offers & opt-ins

Participation in providing your email address in return for an offer from this site is completely voluntary and the user therefore has a choice whether or not to disclose your information. You may unsubscribe at any time so that you will not receive future emails.

Sharing of your personal information

Your personal information that we collect as a result of you purchasing our products & services, will NOT be shared with any third party, nor will it be used for unsolicited email marketing or spam. We may send you occasional marketing material in relation to our design services.

What Information Do We Collect?

If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses.

Cookie Based Marketing

Some of our advertising campaigns may track users across different websites for the purpose of displaying advertising. We do not know which specific website are used in these campaigns, but you should assume tracking occurs, and if this is an issue you should turn-off third party cookies in your web browser.

How Do We Use Information We Collect from Cookies?

As you visit and browse Our Website, the Our Website uses cookies to differentiate you from other users. In some cases, we also use cookies to prevent you from having to log in more than is necessary for security. Cookies, in conjunction with our web server log files or pixels, allow us to calculate the aggregate number of people visiting Our Website and which parts of the site are most popular. This helps us gather feedback to constantly improve Our Website and better serve our clients. Cookies and pixels do not allow us to gather any personal information about you and we do not intentionally store any personal information that your browser provided to us in your cookies.

IP Addresses

P addresses are used by your computer every time you are connected to the Internet. Your IP address is a number that is used by computers on the network to identify your computer. IP addresses are automatically collected by our web server as part of demographic and profile data known as traffic data so that data (such as the Web pages you request) can be sent to you.

Sharing and Selling Information

We do not share, sell, lend or lease any of the information that uniquely identify a subscriber (such as email addresses or personal details) with anyone except to the extent it is necessary to process transactions or provide Services that you have requested.

How Can You Access and Correct Your Information?

You may request access to all your personally identifiable information that we collect online and maintain in our database by using our contact page form.

Changes to this Privacy Policy

We reserve the right to make amendments to this Privacy Policy at any time. If you have objections to the Privacy Policy, you should not access or use this website. You may contact us at any time with regards to this privacy policy.