Tando.

Tando Privacy Policy

Last updated: 19 June 2026

Tando is a finance app for couples, made by Waycraft Holdings Pty Ltd (ACN 697 813 504), trading as Waycraft Studio, in Sydney, Australia. In this policy, "Tando", "we", "us" and "our" mean Waycraft Holdings Pty Ltd.

This policy explains what information Tando collects, how we use it, and the choices you have. We have written it in plain English. If anything is unclear, please contact us at the address at the end.

1. Information we collect

Account information. When you create an account, we collect your email address and name. Your sign-in is managed securely by our authentication provider, and we never see or store your sign-in credentials.

Bank and financial information. If you choose to connect a bank account, we receive your account details, balances, transactions, and (for credit accounts) your credit limit and available credit, through our open-banking provider. We do not see or store your bank login details. You connect your bank through the provider's secure flow, and you can disconnect at any time.

Information you create in the app. This includes the goals, bills, manual accounts, and household and partner details you add, and your visibility settings (what you choose to share with your partner versus keep to yourself).

Diagnostic information. We collect limited technical and error information (for example, crash reports) to keep the app working and to fix problems.

2. How we use your information

We use your information to:

  • Provide the app: show your accounts, balances, net worth, and transactions; detect recurring bills; and track your shared goals.
  • Let you share selected information with your partner within your household, according to your visibility settings.
  • Improve our bill detection (see section 4).
  • Keep Tando secure, diagnose problems, and improve the product.
  • Contact you about your account or important changes to the service.

We do not sell your personal information, and we do not use your bank data for advertising.

3. Bank data and open banking

When you connect a bank, we use Basiq, an Australian data-aggregation provider, to access your account information with your consent. Your bank credentials are handled by the secure connection flow and are never shared with us or stored by us. You can withdraw your consent and disconnect an account at any time, which stops us receiving further data from that account. Where this involves the Consumer Data Right, the relevant consent and data-handling protections apply.

4. AI and bill detection

To help you set up quickly, Tando detects recurring bills from your transactions and uses AI to tidy up the names and categories it suggests. When we use AI for this, we send only the detected bill candidates (such as a merchant label and amount), never your full transaction history, your account balances, or your bank credentials. The AI suggestions are just a starting point; the bills you keep are the ones you choose.

5. How we share your information

With your partner. Tando is built for two. Information you mark as shared is visible to the other member of your household. Information you mark as private is not.

With service providers. We use trusted providers to run Tando, and they only handle your information to provide their service to us. They are:

  • Clerk — account sign-in and authentication.
  • Basiq — secure bank-account connection and data aggregation.
  • Anthropic (Claude) — AI tidy-up of detected bill suggestions (candidates only, as described above).
  • Sentry — error and crash diagnostics.
  • Railway and Neon — secure hosting and database for the app's data.

For legal reasons. We may disclose information if required by law or to protect the rights, safety, or property of our users or others.

We do not sell your personal information.

6. Where your information is stored and how we protect it

Your information is stored with our hosting and database providers and is protected in transit using encryption. Some of our providers process data outside Australia (for example, in the United States); where that happens, we take reasonable steps to ensure your information is handled consistently with this policy and applicable Australian privacy law.

7. Keeping and deleting your information

We keep your information for as long as your account is active or as needed to provide the app. You can delete your account and its associated data from within the app, in the app's settings, or by contacting us. We will action your request unless we are required to keep some information by law.

8. Your rights

You can access and update much of your information directly in the app. Under the Australian Privacy Act and the Australian Privacy Principles, you also have the right to request access to the personal information we hold about you, to ask us to correct it, and to ask us to delete it. To make a request, or if you have a privacy concern, contact us using the details below. If we cannot resolve a concern, you can contact the Office of the Australian Information Commissioner (oaic.gov.au).

9. Children

Tando is not intended for anyone under 18, and we do not knowingly collect information from children.

10. Changes to this policy

We may update this policy from time to time. When we make a material change, we will update the date at the top and, where appropriate, let you know in the app.

11. Contact us

Waycraft Holdings Pty Ltd (trading as Waycraft Studio)
ACN 697 813 504
Sydney, Australia
privacy@waycraft.com.au