Last updated: 5 July 2026
Status: Omnidash does not yet offer open banking via the Consumer Data Right. We are preparing to offer CDR-powered bank connections through an accredited data recipient, and this policy will take effect — and be updated with final accreditation details — when that service launches. It is published now so you can see how we intend to handle CDR data.
This Consumer Data Right Policy (“CDR Policy”) explains how VYLA TECH PTY LIMITED (ABN 16 683 366 538), trading as Omnidash (“we”, “us”, “our”), manages CDR data — the banking data you choose to share with us under Australia’s Consumer Data Right.
It supplements our Privacy Policy, which covers all other personal information we handle. Where this policy and the Privacy Policy overlap in relation to CDR data, this policy applies.
We are required to have this policy under rule 7.2 of the Competition and Consumer (Consumer Data Right) Rules 2020, and we will provide a copy in an alternative format (for example, a printed or accessible copy) on request, free of charge.
The Consumer Data Right (CDR), often called open banking in the banking sector, is an Australian Government initiative that gives you the right to share data your bank holds about you — securely, with your consent, and only with accredited or authorised recipients.
Unlike older approaches such as screen-scraping, CDR data sharing never requires you to hand over your bank login details. Your bank sends the data directly through regulated, encrypted channels, and you can see and manage every sharing arrangement from your bank’s app.
The CDR regime is overseen by the Australian Competition and Consumer Commission (ACCC) and the Office of the Australian Information Commissioner (OAIC). You can learn more at cdr.gov.au.
Omnidash intends to access CDR data as a CDR representative of an unrestricted accredited data recipient (ADR) — our CDR principal. Under this model:
When our representative arrangement commences, this section will be updated with our principal’s legal name, accreditation number, and a link to their entry on the CDR provider register.
We follow the principle of data minimisation: we only ask for the data needed to power the features you use, and nothing more. If you choose to connect a bank account, we may collect the following classes of CDR data through our principal:
We do not collect CDR data about anyone other than you (for example, joint account holders’ separate accounts), and we do not request data clusters we don’t need — such as direct debits, scheduled payments, or payee lists.
We use CDR data only for the purposes you consent to, which are:
We will never:
CDR data sharing only ever happens with your express, informed consent. When you connect a bank account you will be shown exactly:
You can withdraw your consent at any time — from within Omnidash, via the consumer dashboard provided through our CDR principal, or from your own bank’s data-sharing settings. Withdrawing consent stops all further data sharing, and we will then delete or de-identify the CDR data we hold, as described in Section 9.
Withdrawing consent does not affect your Omnidash account — features that rely on bank data will simply stop updating, and you can keep using manual imports and receipt scanning.
CDR data is subject to the Privacy Safeguards in the Competition and Consumer Act 2010 (Cth) — a stricter regime than standard privacy law. Our protections include:
Our CDR data is stored in Australia. If that changes, we will update this policy to list the countries where CDR data may be held before any overseas storage occurs.
The following parties may access CDR data in the course of providing our service:
Outsourced service providers may only use CDR data to provide their services to us, under contractual obligations consistent with the CDR Rules. We do not disclose CDR data to any other third party unless you direct us to or the law requires it.
When your consent expires or is withdrawn, or when CDR data is no longer needed for the purposes you consented to, we will delete the redundant CDR data (or, where permitted and appropriate, de-identify it so it can no longer be associated with you).
You can also elect at any time to have your CDR data deleted rather than de-identified — just tell us at support@omnidash.app or use the deletion controls in the app. Records derived from your CDR data that we are legally required to keep (for example, records of the consents themselves) are retained only as long as the law requires.
You can ask us at any time, free of charge:
We will acknowledge correction requests and respond within 10 business days, either by making the correction or explaining why it was not needed, along with a notice of your right to complain.
If you have a question, concern, or complaint about how we handle CDR data, please contact us first at support@omnidash.app with “CDR complaint” in the subject line. We will:
If you are not satisfied with our response, you can escalate your complaint externally:
We will update this policy when our CDR representative arrangement commences (adding our principal’s accreditation details), and whenever our CDR data practices change. Material changes will be notified by email or in-app notification before they take effect. The “Last updated” date at the top of this page always reflects the current version.
For anything relating to this CDR Policy or your CDR data:
Omnidash
Operated by VYLA TECH PTY LIMITED (ABN 16 683 366 538)
Email: support@omnidash.app
Website: omnidash.app