Terms & Conditions
Version 1 — December 16th, 2025 to March 17th, 2026
Minor amendments addressing billing period language in section 5.1(b), indemnity text in clause 12.2, and typographical corrections. View archived version →
Version 2 — March 17th, 2026 to June 2nd, 2026
Major revisions included:
- Clause 1: Incorporated the Data Processing Agreement as a foundational document. Added conflict resolution stating the DPA "prevails on matters of Personal Information processing and protection; these Terms and Conditions prevail on commercial matters."
- Clause 7.2: Narrowed BNDRY's data licence scope to only what is "necessary to provide the Services," removing prior "irrevocable" and "worldwide" language. Licence now terminates with the Agreement (except where legally mandated retention applies). Sublicensing to sub-processors is now explicitly permitted under equivalent protections.
- Clause 16: Updated "Agreement" definition to include the DPA. Redefined "Personal Information" to align with the Privacy Act 1988 (Cth) statutory framework.
Version 3 — June 2nd, 2026 to July 3rd, 2026
Major revisions included:
- Clause 3 (heading): Renamed to "Customer Obligations and Shared Responsibility."
- New clause 3.4: Added a dedicated Shared Responsibility clause, explicitly setting out the boundary between BNDRY's role as a technology provider and the Customer's obligations as reporting entity under AML/CTF legislation. Cross-references clauses 4, 5, 6, 7, 8, 10, and 12 of the Data Processing Agreement. See also the Shared Responsibility summary.
- Clause 6.5: Heading updated to "Intellectual Property Rights Warranties" for clarity.
- Clauses 6.6 and 6.7: Infringement Claim procedure separated into its own clause (6.6); indemnity moved to clause 6.7.
- Clause 7.1: Updated privacy reference to the Identitii Privacy Policy at identitii.com/legal/governance.
- Clause 8: Expanded with five numbered subclauses (8.1 Protection of Confidential Information, 8.2 Permitted Disclosures, 8.3 Removal, 8.4 Return Exceptions, 8.5 Announcements).
- Clause 10.4: New "Preservation of Rights" clause added, confirming termination does not affect rights that arose before it.
- Clause 12.2: Renamed from "Customer Indemnities" to "Client Indemnities."
- Clause 13: Dispute resolution expanded with four subclauses (13.1 Dispute Resolution, 13.2 Mediation, 13.3 Bar to Proceedings, 13.4 Urgent Action Permitted).
- Clause 14: "Force Majeure" renamed to "Force Majeure Event" for consistency with the defined term.
- Data Breach definition: Updated to cover Customer Data generally, with a deemed cross-reference to Security Incident in the DPA for Personal Information breaches.
- New clause 16: Full Definitions section added.
- New clause 17: Interpretations section added.
- Clerical fixes: "BNDRY Ptd Limited" corrected to "BNDRY Pty Ltd"; "Competition and Consumer Act 2009" corrected to "Competition and Consumer Act 2010."
Data Processing Agreement
Version 1 — June 2nd, 2026 to July 3rd, 2026
First published version of the Data Processing Agreement, issued alongside Terms & Conditions Version 2. Replaced by Version 2 with the following changes:
- Clause 2: Definitions section expanded with full definitions of all key terms, including Applicable Data Protection Law, Eligible Data Breach, Personal Information, Sensitive Information, Security Incident, and Sub-processor.
- Clause 3 (heading): Renamed to "Relationship of the Parties, Roles and Precedence."
- Clause 3.2: Precedence rule clarified: this Agreement governs Personal Information processing; the Terms and Conditions govern commercial matters. Where there is a conflict on a matter of Personal Information processing, this Agreement prevails.
- Clause 7: Security and Breach Notification expanded with three subclauses (7.1 Notification to the Controller, 7.2 Cooperation and the Notifiable Data Breaches Scheme, 7.3 No Notification Without Instruction). Clause 7.2 updated to reflect that each party remains responsible for its own NDB obligations, with coordination so that a single assessment and notification may satisfy both where the Privacy Act permits.
- Clause 9: Fifth bullet updated — BNDRY holds verification records on the Controller's behalf during the service period only. Post-termination, the Controller is responsible for retaining records for the balance of any applicable period (including the seven-year AML/CTF period under clause 10).
- New clause 14: Severability.
- New clause 15: Term and termination.
Privacy Statement
Version 1 — December 16th, 2025 to April 14th, 2026
Added new Identity Verification section detailing document verification procedures, with a dedicated reference page at bndry.net/legals/identity-verification. View archived version →