Legal

Privacy Policy

Effective date: 1 February 2026

Introduction

[ProductName] Pty Ltd (ABN XX XXX XXX XXX) ("we", "us", "our") operates the [ProductName] platform, a cloud-based automated invoice reminder service for Australian businesses.

We are committed to protecting your privacy in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). This policy explains how we collect, use, store, and disclose your personal information when you use our platform and related services.

By creating an account or using [ProductName], you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the service.

Information We Collect

We collect the following categories of personal information:

  • Account information: Your name, email address, business name, and Australian Business Number (ABN) provided during registration.
  • Xero data: Invoice details, contact names and email addresses, and payment statuses synced from your Xero account via OAuth. We request read-only access unless a specific feature requires write access, which we will clearly disclose before authorisation.
  • Usage data: Pages visited, features used, device type, browser version, IP address, and general location (city-level). This data is collected through analytics tools and server logs.
  • Communication data: The content of support emails, contact form submissions, and in-app feedback you send to us.
  • Payment data: Subscription and billing information is processed by our payment provider, Stripe. We do not store your credit card number, CVV, or full card details on our servers. We retain only a tokenised reference and the last four digits for your records.

How We Use Your Information

We use your personal information for the following purposes:

  • To provide, operate, and maintain the [ProductName] service, including sending automated invoice reminders on your behalf.
  • To process subscription payments and manage your billing cycle.
  • To communicate with you about your account, service updates, scheduled maintenance, and customer support enquiries.
  • To analyse aggregated and anonymised usage patterns to improve our product, identify bugs, and develop new features.
  • To detect, prevent, and address fraud, abuse, or security incidents.
  • To comply with applicable legal obligations, including tax reporting and responses to lawful requests from government authorities.

We will not use your personal information for purposes materially different from those described above without notifying you and, where required by law, obtaining your consent.

How We Store and Protect Your Information

All data is stored on servers located in Sydney, New South Wales, Australia. We do not transfer your personal information to data centres outside of Australia.

We protect your data using industry-standard security measures, including:

  • Encryption at rest and in transit using 256-bit SSL/TLS.
  • Role-based access controls ensuring only authorised personnel can access personal information.
  • Audit logging of all data access events.
  • Regular security reviews and vulnerability assessments.
  • Secure credential storage using hashed and salted passwords.

We retain your personal information for as long as your account remains active, plus an additional 12 months following account closure. After this retention period, your data is permanently deleted from our systems and backups. You may request earlier deletion at any time by contacting us.

Third-Party Sharing

We do not sell, rent, or trade your personal information to any third party.

We share personal information only with the following categories of service providers, and only to the extent necessary to operate the [ProductName] platform:

  • Xero: We access your Xero account via OAuth integration, as authorised by you. Data exchanged with Xero is governed by their own privacy policy.
  • Stripe: Our payment processor handles subscription billing and payment card data. Stripe is PCI DSS Level 1 certified.
  • Cloud infrastructure providers: We use Australian-based data centres for hosting and storage. Your data remains within Australia.
  • Email delivery services: We use transactional email providers to send invoice reminders and account notifications on your behalf. These providers process email addresses and message content solely for delivery.

All third-party service providers are bound by data protection agreements that restrict how they may use and store your information. We conduct due diligence to ensure our providers maintain appropriate security standards.

Your Rights Under the Privacy Act

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you. You can request a copy of your data at any time.
  • Correct any personal information that is inaccurate, incomplete, or out of date.
  • Request deletion of your personal information. We will comply unless we are required by law to retain certain records.
  • Withdraw consent for specific data processing activities, such as revoking Xero OAuth access through your account settings.
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached.

To exercise any of these rights, please email us at privacy@example.com. We will respond to your request within 30 days.

Cookies and Tracking

We use the following types of cookies and similar technologies:

  • Essential cookies: Required for authentication, session management, and security. These cookies cannot be disabled without breaking core functionality.
  • Analytics cookies: Used to understand how visitors use our platform, including page views, feature usage, and session duration. All analytics data is anonymised and aggregated.

We do not use third-party advertising cookies, tracking pixels, or retargeting technologies. We do not participate in cross-site tracking or behavioural advertising networks.

You can manage or disable cookies through your browser settings. Please note that disabling essential cookies may prevent you from using certain features of the platform.

Data Breach Notification

In the event of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will notify the affected individuals and the OAIC as soon as practicable, in accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will notify you via email at the address associated with your account at least 14 days before the changes take effect.

Your continued use of [ProductName] after the updated policy takes effect constitutes your acceptance of the revised terms. We encourage you to review this page periodically.

Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or how we handle your personal information, please contact us:

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner.