Trust & Security

The funds you pay into a BuildFair project go into a regulated account with our banking partner Kobble, which operates under AFSL 545391 (Yondr Money Pty Ltd). Kobble is the regulated counterparty for the funds in your project. BuildFair is the layer above that determines when funds release and to whom, based on the project rules.

In practical terms: when you pay a deposit or a progress payment into your project, that money sits in a regulated Australian account with Kobble (operating under AFSL 545391, Yondr Money Pty Ltd). It isn't in the builder's general operating account. It isn't in BuildFair's operating account. It's held externally until the conditions for its release have been met.

Three controls, layered.

The first is architectural. BuildFair doesn't have direct access to project funds. Kobble does. Our role is to authorise releases when the project rules say a release is due, for example when a progress milestone has been met, a subcontractor invoice has been approved, the project has completed, or the funds need to be returned to you. We can't authorise a release that isn't covered by the project rules.

The second is the ledger. Every transaction on the platform is recorded in a double-entry ledger, the same accounting model banks use. Every dollar in has a corresponding dollar out, and the books have to balance to the cent at all times. The ledger is the source of truth. If a release was authorised, it's recorded. If a release happened that wasn't authorised, the books wouldn't balance, and the system would flag it.

The third is tamper-evidence. The ledger is protected by a hash chain. Every entry includes a cryptographic fingerprint of the entries that came before it. If anyone tried to alter a past entry to cover their tracks, every subsequent entry's fingerprint would no longer match, and the alteration would be visible. The technology is the same as the one that secures cryptocurrency networks. We use it because it makes the audit trail tamper-evident in a way that traditional databases aren't.

It's a fair question to ask of any payments company, and the answer is that your money would still be safe.

BuildFair doesn't hold customer funds. Our banking partner Kobble does. If BuildFair as a company failed tomorrow, the funds in your project account would still be held in regulated custody, recoverable through the relevant regulatory framework. BuildFair's operational failure would mean you'd need to find another way to manage the release of those funds, potentially through Kobble directly or through a court-supervised process, but the funds themselves would not be at risk.

This is the central reason BuildFair is built the way it is. We don't hold the cash. We hold the rules and the records. Kobble holds the money.

When a builder, subcontractor, owner, or supplier joins BuildFair, they go through Know Your Customer and Know Your Business verification. We use Sumsub, an established global identity verification provider, to confirm identities, business registrations, and beneficial ownership. This isn't optional. It's how we make sure the people on each side of a project transaction are who they say they are, and that the businesses receiving funds are real, registered, and accountable.

KYC on BuildFair isn't a regulatory requirement we're forced to meet under our current architecture. We do it anyway because verifying everyone on the platform is part of making the platform trustworthy. It also makes the audit trail meaningful: every transaction is between identified, verified parties.

BuildFair is an Australian company, BuildFair Pty Ltd, ACN 682 829 045. We're based in Australia, we serve Australian residential construction, and we operate under Australian law.

The regulated payments infrastructure under BuildFair is provided by our banking partner Kobble, which operates under AFSL 545391 (Yondr Money Pty Ltd). We are not currently required to hold our own AFSL because we don't hold customer funds. We are not currently required to be an AUSTRAC reporting entity because the architecture doesn't make us a designated service provider under the relevant legislation. Both positions have been confirmed and are documented.

Compliance and security work for a fintech is continuous, and we're always adding to our baseline. The platform is built around a double-entry, hash-chained, tamper-evident ledger and external identity verification through Sumsub, with project funds held by our regulated banking partner Kobble rather than in BuildFair's own accounts. As our compliance program matures, the detail will be published on this page.