Privacy Policy
How Accountant OS handles firm, staff, client, usage, billing, and integration data across the platform.
How this policy applies
This policy explains how Accountant OS collects, uses, stores, and protects personal information across our websites, applications, portals, and related services.
It applies to firms, staff, clients, website visitors, and authorised users who interact with Accountant OS.
Accountant OS handles personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth).
Information we collect
We collect the information needed to operate workspaces, secure accounts, support compliance workflows, and deliver connected integrations.
Firm Data
Names, email addresses, firm name, ABN, TPB registration details where provided, role information, workspace settings, billing details, and support communications.
End-Client Data
Client records, uploaded documents, addresses, tax or identity details where uploaded, e-signature audit data, identity verification information, and connected integration data.
Usage and security data
Device details, log events, IP addresses, authentication activity, product usage, error reports, and security monitoring data.
How we use information
We use information to provide the product, authenticate users, process wallet usage, support integrations, and maintain platform reliability.
We also use information to respond to support requests, improve product performance, investigate suspicious activity, maintain audit logs, and meet legal obligations.
Client and firm data
Firms control the client data they upload or connect to Accountant OS. We process that data to provide the services requested by the firm.
Firm-controlled data
Your firm decides what client data is uploaded, connected, retained, exported, or deleted, subject to applicable law and platform controls.
Workflow processing
We process client data for document management, identity checks, open banking connections, e-signatures, audit logging, and workflow automation.
Data hosting and infrastructure
We prioritise Australian cloud regions for core platform infrastructure and data hosting where practical.
Australian cloud regions
Primary platform data is hosted in Australian cloud regions, including AWS Asia Pacific (Sydney), AWS Asia Pacific (Melbourne), and Microsoft Azure Australia East/Sydney where applicable.
Third-party locations
Some third-party processors may handle data in other locations where required to provide identity verification, banking, billing, messaging, support, or infrastructure services.
Storage and security
We use technical and organisational safeguards designed to protect information from unauthorised access, loss, misuse, and alteration.
Encryption
We use encryption in transit and at rest where supported by our infrastructure and service providers.
Access controls
We use workspace permissions, multi-factor authentication, role-based access controls, audit logging, and least-privilege internal access practices.
Tenant isolation
We design platform controls to separate firm workspaces and reduce the risk of cross-tenant access, including database-level controls where applicable.
Third-party sub-processors
We use vetted third-party providers to operate secure infrastructure and deliver optional integrations selected by your firm.
Cloud and infrastructure
Infrastructure providers may include AWS, Microsoft Azure, database hosting, storage, monitoring, and security tooling providers.
Payments and billing
Payment processors may be used to process subscriptions, wallet top-ups, invoices, and related billing activity.
Identity and banking integrations
Identity verification, document verification, open banking, and financial data providers may process data when your firm enables or triggers those integrations.
Communications and support
Email, SMS, analytics, and support providers may process limited information needed to deliver notifications, support, and service reliability.
Retention, access, and correction
We retain information for as long as needed to provide services, maintain audit records, resolve disputes, comply with law, and preserve platform security.
You may request access to, correction of, or deletion of personal information where permitted by law.
Because Accountant OS generally acts as a processor for firm client data, end-clients should contact their accounting firm first. We will assist the firm where required to respond to access, correction, deletion, or privacy handling requests.
Privacy questions?
Contact us about access, correction, deletion, or privacy handling requests.