Start Free Trial Login

Data Processing Agreement

Data Processing Agreement

Last updated: 27th March 2026

This Data Processing Agreement forms part of the Terms of Use available on our website here.


1. Parties

This Data Processing Agreement (“DPA”) forms part of the Terms of Use between:

  • AccountKit Pty Ltd, Level 2, 64 Hindmarsh Square, Adelaide SA 5000, Australia (“Processor”); and

  • The customer entity that enters into the Terms of Use or order for the Services (“Customer”).

2. Scope and Roles

The Processor will process personal data on behalf of the Customer in connection with the provision of the Services.

  • For the purposes of applicable Privacy Laws:

    • the Customer acts as data controller; and

    • AccountKit acts as data processor in respect of Customer Data.

  • AccountKit acts as a data controller in respect of personal data relating to its own users, account management, billing, and service administration.

3. Subject Matter and Purpose of Processing

The subject matter of processing is the provision of accounting, workflow, data management, and integration services.

  • The purpose of processing is to enable the Customer to:

    • manage client and business records;

    • process financial and accounting data;

    • manage communications and documents; and

    • operate workflows and reporting functions within the Services.

4. Types of Personal Data

The personal data processed may include:

  • Identity data (names, dates of birth, contact details)

  • Government identifiers (e.g. tax file numbers, business numbers, company identifiers)

  • Financial data (transactions, account balances, general ledger data)

  • Relationship data (family, business, ownership, and trustee relationships)

  • Communication data (email content, correspondence records)

  • Technical and usage data (log data, device information, audit records)

5. Categories of Data Subjects

Personal data relates to:

  • Customer personnel and authorised users

  • Clients and customers of the Customer

  • Third-party contacts associated with the Customer’s business activities

6. Nature of Processing

Processing activities may include:

  • collection and ingestion of data from integrations

  • storage and organisation of data

  • retrieval and display

  • analysis and generation of reports

  • transmission to and from third-party integrations

  • modification, updating, and deletion

  • security monitoring and logging

7. Processor Obligations

AccountKit shall:

  • process personal data only on documented instructions from the Customer, unless required by law;

  • ensure that persons authorised to process personal data are subject to confidentiality obligations;

  • implement appropriate technical and organisational measures to protect personal data;

  • assist the Customer, where reasonably required, in responding to data subject requests;

  • notify the Customer without undue delay upon becoming aware of a personal data breach;

  • assist the Customer in meeting obligations relating to security, impact assessments, and regulatory consultations where applicable.

8. Subprocessors

The Customer authorises AccountKit to engage subprocessors to support the Services.

  • AccountKit shall ensure that subprocessors are subject to contractual obligations that provide a level of data protection consistent with this DPA.
  • A list of key subprocessors shall be made available upon request.

9. International Transfers

  • Personal data may be processed in Australia and other jurisdictions where AccountKit or its subprocessors operate.

  • Where personal data is transferred outside the United Kingdom or European Economic Area, AccountKit shall implement appropriate safeguards, including Standard Contractual Clauses or the UK International Data Transfer Addendum.

10. Data Retention and Deletion

  • AccountKit shall retain personal data only for as long as necessary to provide the Services and comply with legal obligations.

  • Upon termination of the Services, personal data will be:

    • retained for a limited period; and

    • subsequently deleted or de-identified in accordance with AccountKit’s data retention practices.

  • Deletion may also be requested by the Customer via support channels.

  • Personal data may remain in backups for a limited period before being securely deleted.

11. Customer Responsibilities

The Customer is responsible for:

  • ensuring that it has lawful grounds to provide personal data to AccountKit;

  • providing appropriate notices to data subjects;

  • complying with applicable Privacy Laws; and

  • issuing lawful instructions to AccountKit.

12. Limited Internal Use

AccountKit may use personal data in a limited capacity to:

  • maintain, secure, and improve the Services;

  • perform debugging and error resolution; and

  • generate aggregated and de-identified insights.

AccountKit will not use personal data for independent commercial purposes or disclose it except as permitted under this DPA or required by law.

 

13. Return of Data

Upon request, AccountKit will provide the Customer with access to export their data in a commonly used format, subject to technical limitations.

 

14. Liability

Each party’s liability under this DPA is subject to the limitations set out in the Terms of Use.

 

15. Updates to this Agreement

We may update this Data Processing Agreement from time to time.

Where required by applicable law, we will provide notice of any material changes to this Data Processing Agreement.

Continued use of the Services after such updates will constitute acceptance of the updated terms, unless otherwise required by applicable law.