gates/afsa-clauses.md in this repository.The short version
PPSR General Conditions §1.8 prohibits collecting, storing, or using PPSR data for any information-service purpose. There is no automatic carve-out for de-identified data. The only exits are: (a) something the Personal Property Securities Act 2009 specifically authorises, or (b) AFSA approves in writing. Hoist Assets is pursuing option (b). We are not currently claiming any carve-out.
Two things called "NPII" — and why it matters
Before reading the clause itself, the terminology needs untangling. Two completely unrelated concepts share the acronym "NPII" in Australian register and insolvency contexts.
AFSA's NPII: the National Personal Insolvency Index
AFSA operates a register called the National Personal Insolvency Index (NPII). This is a publicly available electronic record of personal insolvency proceedings in Australia — bankruptcy, debt agreements, personal insolvency agreements, and certain court proceedings — maintained under the Bankruptcy Act 1966 (Cth). According to AFSA's published description, the NPII contains full name, aliases, date of birth, residential address, occupation, proceeding type, administration start date, and trustee details for every person who has entered a personal insolvency proceeding in Australia since August 1928. It is a personally identifying register.
This NPII is entirely separate from the Personal Property Securities Register (PPSR). It is a different register, administered under different legislation, and accessible through different AFSA products. Commercial operators — Confirm, Equifax, InfoTrack, Encompass — resell NPII (bankruptcy) searches under an AFSA Account Customer Terms carve-out for "B2G Clients that sell NPII searches".
Hoist Assets's old "NPII" shorthand: deprecated
Hoist Assets previously used "NPII" internally as shorthand for non-personally-identifying PPSR searches — organisation searches by ACN, and serial-number searches (VIN, chassis, aircraft serial) — where the returned registrations identify an organisation as grantor, not a natural person. This usage has been deprecated and renamed to "org-only" (Bead ha-ju8, 2026-05-16). The rename was made specifically to eliminate the collision with AFSA's NPII acronym and to prevent any reader from inferring a connection between Hoist's search scope and the AFSA bankruptcy carve-out.
The internal codebase, gates, and documentation now use "org-only" throughout. If you encounter "NPII" in any Hoist Assets material predating 2026-05-16, the Hoist internal meaning (non-PII search scope) was intended, not the AFSA meaning (bankruptcy records). See /glossary/npii/ for the full disambiguation.
What §1.8 of the PPSR General Conditions says
The relevant restriction is in Section 1.8 of the PPSR General Conditions of Use. The following is verbatim text as retrieved from the confirm.com.au commercial mirror (a licensed PPSR operator with direct interest in accurate T&C reproduction; canonical AFSA direct-fetch deferred per internal finding ha-bx4 DF-1, as ppsr.gov.au timed out from our execution environment):
"Except as may be specifically authorised by the Act or approved by us in writing, you must:
(a) only access and use the PPSR and PPSR Information exclusively for your own purposes (or if your use is in the capacity of a representative of an organisation, exclusively for the purposes of that organisation);
(b) not collect, store or use PPSR Information for any purpose associated with the provision, or potential provision of, an information service to any person; and
(c) not use (or condone or be involved with the use of) the PPSR for Unauthorised Purpose."
PPSR General Conditions, Section 1.8 — source: confirm.com.au/legal/terms-and-conditions/ppsr/ (commercial mirror; canonical AFSA-published version at ppsr.gov.au)
Key observations on the text
The prohibition in §1.8(b) applies to all PPSR Information without qualification. It does not distinguish between personally-identifying data and non-personally-identifying data. It does not carve out organisation searches or serial-number searches. The earlier Hoist claim that de-identified org-only searches were exempt from §1.8(b) was not supported by the clause's text.
§1.8 has a written-approval exit in the header. The phrase "Except as may be specifically authorised by the Act or approved by us in writing" (before sub-clauses (a)–(c)) means AFSA has the power to grant written approval for information-service use on a case-by-case basis. This is the pathway Hoist is pursuing.
The B2G channel does not change this. The B2G Channel Terms incorporate the General Conditions by reference. §1.8 applies to B2G channel users, not just web-interface users.
Why the AFSA Account Customer Terms carve-out does not apply
The AFSA Account Customer Terms contain the following clause (sourced via Google search snippet of the afsa.gov.au page; confirmed by two independent search queries returning consistent verbatim text):
"You must (unless you are a B2G Client that sells NPII searches, or we approve otherwise in writing): only use your Account exclusively for your own purposes [...]; not collect, store or use information obtained from using your Account for any purpose associated with the provision, or potential provision of, an information service to any person."
AFSA Account Customer Terms and Conditions — source: afsa.gov.au (Google-indexed excerpt; direct fetch timed out)
The carve-out reads: "unless you are a B2G Client that sells NPII searches". In this clause, "NPII searches" means National Personal Insolvency Index searches — the bankruptcy register product. This is confirmed by AFSA's own product navigation (NPII sits under "Bankruptcy Register Search" at afsa.gov.au, not under the PPSR), and by the commercial operators (Confirm, InfoTrack, Equifax, Encompass) who hold this carve-out: they resell both PPSR and AFSA NPII/bankruptcy products.
Hoist Assets does not sell bankruptcy register searches. We run PPSR searches only. The B2G-Client-selling-NPII-searches carve-out does not apply to us.
What this means in plain terms
Without written approval from AFSA, §1.8(b) as written prohibits Hoist Assets from collecting or using PPSR search results for the purpose of providing an information service to customers — regardless of whether the searches target organisations or individuals. The previous version of this post asserted otherwise. That assertion was wrong and has been retracted.
To be explicit on what we are and are not claiming:
- We are not operating as a PPSR reseller under a claimed AFSA carve-out.
- We are not asserting any AFSA endorsement of our model.
- We are not claiming that de-identified or org-only search data is exempt from §1.8.
- Any earlier commercial copy asserting an "AFSA carve-out" has been retracted.
What Hoist Assets is actually doing
Both §1.8 of the PPSR General Conditions and the AFSA Account Customer Terms include "approved by us in writing" as an explicit exit from the information-service prohibition. Hoist Assets is pursuing this pathway: a written approval request to AFSA for a B2G operator to provide PPSR-derived (org-only, no individual-grantor data) search results to customers.
The S1-gate AFSA email (internal reference ha-bhd.1) asks AFSA directly: (1) whether written approval under §1.8 is available for the org-only customer-trigger model; (2) what the application process and assessment criteria are; and (3) whether AFSA has granted equivalent approvals previously.
In parallel, Hoist Assets is evaluating partner-intermediary options for S2-gate (30-day MVP launch). Established intermediaries such as InfoTrack, Confirm, and similar operators hold AFSA agreements that may allow Hoist to access PPSR data through their existing permissions. This is a standard commercial structure for PPSR-adjacent products and does not depend on Hoist holding its own §1.8 written approval. The S2-gate is not contingent on the §1.8 written-approval pathway resolving first.
Neither of these approaches is certain. We are not predicting outcomes. We are recording what the path forward actually is, now that we have read the terms accurately.
What the org-only scope does and does not change
The decision to restrict Hoist Assets to org-only searches (organisation searches by ACN, serial-number searches by VIN/chassis/aircraft serial) was made for product and consent-surface reasons, not because it creates a legal exemption. Those reasons remain valid:
- Organisation-grantor searches cover the majority of asset finance, SME lending, and equipment-dealing due-diligence use cases.
- There is no question of individual grantor consent when the search targets a company.
- An MCP-connected AI agent running searches on companies and VINs is a different product risk profile than one running searches on individuals by name and date of birth.
However, the org-only design is a product boundary, not a compliance carve-out. The §1.8 prohibition applies to org-only searches and individually targeted searches alike. Changing the grantor type does not change the legal position under §1.8.
Sources and confidence levels
- §1.8 text: verbatim from confirm.com.au/legal/terms-and-conditions/ppsr/ (successfully fetched 2026-05-16). Cross-checked against Google search snippets from ppsr.gov.au. CONFIDENCE: HIGH. Clause numbers require canonical AFSA-direct verification — ppsr.gov.au timed out in our execution environment.
- AFSA Account Customer Terms carve-out text: verbatim excerpt from Google-indexed afsa.gov.au page (afsa.gov.au direct fetch timed out; two independent search queries returned consistent text). CONFIDENCE: HIGH for verbatim text, clause number unconfirmed.
- AFSA NPII definition: sourced from AFSA's NPII product pages via Google snippet. CONFIDENCE: HIGH.
- Canonical AFSA-direct URLs: ppsr.gov.au and afsa.gov.au continue to time out from this execution environment. All clause text should be verified against canonical AFSA-published documents before external legal reliance.
- Full retrieval log:
gates/afsa-clauses.md
By HoistAI Pty Ltd · ABN 11 695 718 659 · Sydney, Australia · 2026-05-16. Changelog · Read "Why we built Hoist Assets" →