Privacy Policy
How AccountantOS handles firm, staff, client, usage, billing, and connected Google Workspace, Microsoft, email, calendar, and document data.
How this policy applies
This policy explains how AccountantOS collects, uses, stores, protects, and shares personal information across our websites, applications, portals, integrations, and related services.
It applies to accounting firms, staff, contractors, clients, website visitors, authorised users, and anyone who connects a third-party service to AccountantOS.
AccountantOS handles personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth). Where a firm uses AccountantOS to manage client work, the firm normally controls the client data and AccountantOS processes that data to provide the services requested by the firm.
Information we collect
We collect the information needed to operate firm workspaces, secure accounts, support compliance workflows, provide integrations, and maintain the platform.
Firm and account information
Names, email addresses, firm name, business identifiers such as ABN, role and permission information, workspace settings, billing details, support messages, and authentication activity.
Client and work information
Client records, entity details, service requests, tasks, jobs, document requests, uploaded files, e-signature audit data, identity or tax information where uploaded, notes, and workflow history.
Usage and security information
IP addresses, device and browser details, login events, product usage, error reports, audit logs, diagnostics, and security monitoring information.
Connected integration information
Information received after an authorised user connects services such as Google Workspace, Microsoft Outlook, Gmail, calendars, cloud storage, email systems, accounting ledgers, identity providers, or payment providers.
Connected email, calendar, and storage data
AccountantOS only accesses connected workspace data after an authorised user or administrator grants consent through the relevant provider.
For Google Workspace integrations, AccountantOS may request access to Gmail, Google Calendar, and Google Drive data so that authorised users can manage email workspaces, folders and labels, drafts, replies, calendar follow-ups, document workflows, file browsing, uploads, downloads, and related practice work inside AccountantOS.
Depending on the permissions granted, this may include email messages, threads, labels, drafts, attachments, sender and recipient details, calendar lists, calendar metadata, events, reminders, Google Drive files, folders, file metadata, file content, and sharing metadata.
For Microsoft integrations, AccountantOS may request access to Outlook mail, shared mailboxes, mailbox folders, calendar data, and related Microsoft 365 account information for similar practice communication and workflow purposes.
User-controlled connection
A connection starts only after OAuth consent is completed. Users can disconnect an account, and administrators may restrict which users can connect personal or shared accounts.
Workspace boundary
Email, calendar, and storage data remains scoped to the connected firm workspace, mailbox, shared inbox, location, franchise, or team permissions configured in AccountantOS.
Operational use
We use connected data to provide visible product features such as inbox sync, email sending, labels and folder views, calendar event management, attachment import, Drive file access, audit logs, routing rules, and support diagnostics.
No advertising use
We do not sell connected workspace data, use it for advertising, use it for credit-worthiness decisions, or use it to train general-purpose AI models.
Google Workspace data and Limited Use
AccountantOS uses Google user data only to provide or improve user-facing features that are visible in the application and requested by the user or their firm.
AccountantOS use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We do not transfer Google user data to advertising platforms, data brokers, information resellers, or third parties for advertising, retargeting, personalised advertising, credit-worthiness, or lending purposes.
Our personnel do not read Google email, file, or calendar content unless the user or firm has given affirmative permission for support, the access is necessary for security or abuse investigation, the access is required to comply with law, or the content has been aggregated or de-identified for internal operations in accordance with applicable privacy requirements.
How we use information
We use information to provide the product, authenticate users, operate firm workflows, support integrations, maintain security, and improve platform reliability.
This includes creating and managing workspaces, processing service requests, routing inbox items, syncing authorised integrations, generating audit logs, sending notifications, handling billing, responding to support requests, diagnosing errors, preventing abuse, and meeting legal obligations.
We may use aggregated or de-identified information to understand product performance, improve reliability, and plan product features. We do not use Firm Data, Client Data, or Google Workspace Data for advertising sales.
Client and firm data control
Firms decide what client data is uploaded, connected, retained, exported, shared, or deleted, subject to applicable law and platform controls.
Firm-controlled data
Your firm controls its client records, files, service requests, inbox routing, staff access, integration connections, and retention decisions within AccountantOS.
End-client requests
Because AccountantOS generally acts as a processor for firm client data, end-clients should contact their accounting firm first about access, correction, deletion, or privacy handling requests.
Shared inboxes and franchises
Where a firm enables shared inboxes, franchise workspaces, locations, or team-level access, AccountantOS applies the permissions configured by the firm to determine who can view or act on connected data.
Auditability
We maintain logs and operational records to support security, troubleshooting, compliance workflows, and investigation of unauthorised or suspicious activity.
Storage and security
We use technical and organisational safeguards designed to protect information from unauthorised access, loss, misuse, interference, and alteration.
Encryption
We use encryption in transit and at rest where supported by our infrastructure. OAuth credentials and integration tokens are encrypted before storage using application-level credential encryption.
Access controls
We use workspace permissions, role-based access controls, authentication controls, least-privilege internal access, audit logging, and operational monitoring.
Tenant isolation
AccountantOS is designed to separate firm workspaces and reduce the risk of cross-tenant access through application and database-level controls.
Operational resilience
We monitor systems, limit unnecessary processing, and design integration sync jobs to avoid excessive database or provider calls that could affect platform reliability.
Data hosting and sub-processors
We use trusted infrastructure and service providers to operate AccountantOS and deliver optional integrations selected by firms.
We prioritise Australian cloud regions for core platform infrastructure and data hosting where practical. Some providers may process or store information in other countries where required to provide infrastructure, identity, email, storage, billing, analytics, support, security, or integration services.
Sub-processors may include cloud hosting providers, database and storage providers, email and SMS providers, payment processors, identity and verification providers, monitoring and security tools, customer support tools, and connected integration providers such as Google, Microsoft, Zoho, and accounting platforms selected by the firm.
We require service providers to process information only for authorised service purposes and to use appropriate confidentiality and security safeguards.
Retention, deletion, and disconnection
We retain information for as long as needed to provide services, maintain audit records, resolve disputes, comply with law, and preserve platform security.
Account data
Account and workspace data is retained while the account is active and for a reasonable period afterwards where required for security, billing, dispute resolution, backup, or legal obligations.
Connected accounts
When a connected account is disconnected, we stop using the OAuth credentials for that account and delete or revoke stored tokens where supported. Synced copies, cached data, and logs are deleted, de-identified, or retained according to firm instructions, backup cycles, security needs, and legal obligations.
Requests
You may request access to, correction of, export of, or deletion of personal information where permitted by law. We may need to verify your identity and may direct client-data requests to the relevant firm controller.
Backups and logs
Deleted data may remain in encrypted backups or security logs for a limited period before expiry, unless we must retain it longer for legal, compliance, or security reasons.
Changes and privacy contact
We may update this policy when our services, integrations, legal obligations, or data handling practices change.
If we materially change how AccountantOS accesses, uses, stores, or shares Google user data or other personal information, we will update this policy and provide additional notice or consent prompts where required.
For privacy questions, requests, complaints, or concerns, contact privacy@accountantos.com.au. If you are an end-client of an accounting firm using AccountantOS, please contact your accounting firm first so they can manage the request as the data controller.
Privacy questions?
Contact us about access, correction, deletion, connected account disconnection, or privacy handling requests.