AccountKit Pty Ltd (ACN 600 935 813) (“we”, “us”, “our”) takes the privacy of your and your clients’ information very seriously.
While we are not bound by the Australian Privacy Principles (“APPs”), we are committed to protecting your privacy and respecting your rights under the APPs as contained in the Privacy Act 1988 (Cth) and any other relevant privacy legislation in your jurisdiction.
Key areas covered by this Policy;
- Collection of Your Personal Information
- Collection of Others’ Personal Information from You
- Purpose of the Collection of Your Personal Information
- Collection of Payment Information
- Uses of Log Files
- Links to Other Websites
- Protection of Your Personal Information
- Disclosure of Your Personal Information
- Google API Services User Data Policy & Limited Use Requirements
- Contact Information
Details of Updates
- 22 August 2022 – Updated to add more details to all sections, including adding sections 11 and 12
- 09 December 2020 - Added section 10. Google API Services User Data Policy & Limted Use Requirements with respect to our integration with Google (Gmail & Google Drive)
- 01 March 2019 - Update to add Stripe payment gateway privacy information
- 27 March 2018 - Company name was updated from MBSoft Pty Ltd to AccountKit Pty Ltd
- 30 June 2017 - Original post
1. We Collect Your Personal Information
Our Services involve the storage of data. That data can include personal information. “Personal information” is information about an identifiable individual, or other entity and may include, but is not limited to, information such as the individual’s name, email address, telephone number, bank account details, taxation details, and accounting and financial information.
Personal information we collectWe may collect personal information directly from you including, but not limited to your:
- full name;
- business name;
- email address;
- mobile and business phone number;
- location, including country and state;
- device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from sites, ad data, IP address, standard web log information;
- billing information (including credit card or bank details);
- details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries;
- any additional information relating to you that you provide to us directly through our website or app or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
- information you provide to us through customer surveys; and
- any other personal information that may be required to facilitate the provision of Services to you.
How we collect personal information
We may collect personal information directly from you when you:
- register to use AccountKit;
- use AccountKit and our Services;
- post to our Website, community forum, social media pages, or our blog;
- contact the support team; and
- visit our Website.
You can always choose not to provide your personal information to us, but it may mean that we are unable to provide you with our Services.
We require you to provide accurate, up-to-date and complete personal information at the time it is collected.
2. We May Receive Personal Information from You About Others
Through your use of AccountKit, we may also collect information from you about someone else. If you provide us with personal information about someone else, such as your clients, you must ensure that you are authorised to disclose that information to us and that, without us taking any further steps required by applicable data protection or privacy laws, we may collect, use, store and disclose such information for the purposes described in this Policy.
This means that you must take reasonable steps to ensure the individual or entity concerned is aware of and consents to the various matters detailed in this Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual's right to obtain access to that information, our identity, and how to contact us. You must also provide accurate, up-to-date and complete personal information about others when disclosing this information to us.
Where requested to do so by us, you must also assist us with any requests by the individual to access or update the personal information you have collected from them and entered into AccountKit or our Website or Services.
3. We Collect, Hold, and Use your Personal Information for Limited Purposes
We collect your personal information so that we can provide you with our Services and any related services you may request. In doing so, we may use the personal information we have collected from you for purposes related to the Services including to:
- verify your identity;
- provide our Website, products and Services to you;
- administer, protect, improve or optimise our services (including performing data analytics, conducting research and for advertising and marketing purposes);
- billing you for purchases or for using our Services;
- notify you of new or changed information relating to AccountKit, or other information relating to us or our business partners;
- carry out marketing or training relating to AccountKit;
- assist with the resolution of technical support issues or other issues relating to AccountKit;
- to carry out any other purpose you have consented to;
- comply with laws and regulations in applicable jurisdictions; and
- communicate with you.
By using AccountKit, you consent to your personal information being collected, held and used in this way and for any other use you authorise. We will only use your personal information for the purposes described in this Policy or with your express permission.
Use of personal information for direct marketing
Where we have your express consent, or where we are otherwise permitted by law, we may use your personal information to send you information about products and services we believe are suited to you and your interests or we may invite you to attend special events.
At any time, you may opt out of receiving direct marketing communications from us. Unless you opt out, your consent to receive direct marketing communications from us and to the handling of your personal information as detailed above, will continue. You can opt out by following the unsubscribe instructions included in the relevant marketing communication, or by contacting us in writing at email@example.com.
4. We Do Not Retain Your Payment Information
If you are a user of our paid service, we utilise third party payment processing companies to collect payment information, including your credit card number, billing address and phone number. We will share this payment information with the third party processing company, and as such you should be aware of the appropriate terms and conditions of these companies. We do not store your payment information.
Some payment providers we use include:
- Stripe - Utilised from 1 March 2019 - https://stripe.com/au/ssa
- Xero App Store – Utilised from 22 August 2022 - https://www.xero.com/au/legal/terms/
- Other third party payment providers – as updated on this Policy, or notified to you in-app from time to time
We use technologies like cookies and pixel tags (“Cookies”) to review, monitor, promote and improve AccountKit. For example, a cookie is used to remember your user name when you return to AccountKit and to improve our understanding of how you interact with us. By using our Services and accessing our website, you agree that we can store and access Cookies in accordance with this Policy.
The data collected through Cookies will not be kept for longer than is necessary to fulfil the purposes mentioned above. We will handle any personal information collected by Cookies in the same way that we handle all other personal information.
You can block Cookies on your web browser; however please be aware that some features of AccountKit may not function properly if the ability to accept Cookies is disabled.
6. AccountKit Uses Log Files
When you use AccountKit, our servers automatically record certain information in server logs. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on AccountKit, domain names, landing pages, pages viewed, mobile carrier, and other such information. Log files help us to monitor, analyse, improve and maintain AccountKit and to diagnose and address any issues, including security issues.
The data collected through log files will not be kept for longer than is necessary to fulfil the purposes mentioned above. We will handle any personal information collected by log files in the same way that we handle all other personal information.
7. Links to Other Web Sites
Our Website and Services may contain links to third party websites including social media networks. This Policy applies solely to information collected directly by us or as otherwise outlined in the Policy. We are not responsible for the practices employed by websites linked to or from within AccountKit, nor the information or content contained therein. Please remember that when you use a link to go from AccountKit to another website or provider, such as Xero, our Policy is no longer in effect and your activities on that third party website is subject to such third party website’s own rules and policies.
8. We Will Take All Reasonable Steps to Protect Your Personal Information
We are committed to protecting the security of your personal information and we take all reasonable precautions to protect it from unauthorised access, modification or disclosure.
However, the Internet is not in itself a secure environment and we cannot give an absolute assurance that your information will be secure at all times. Transmission of personal information over the Internet is at your own risk and you should only enter, or instruct the entering of, personal information to the Service within a secure environment.
You are required to enable Two Factor Authentication to access AccountKit, to add another layer of security preventing those accessing your account. We strongly recommend using complex passwords, using a VPN and the whitelisting functionality within AccountKit to ensure your own security. For more information please refer to the Help section of our Website.
We will advise you at the first reasonable opportunity upon discovering or being advised of a security breach where your personal information is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorised persons or in any unauthorised manner.
Other than liability that cannot be excluded by law, we will not be liable in any way in relation to any breach of security or any unintended loss or disclosure of personal information.
9. We Will Only Disclose Your Personal Information in Limited Circumstances
We will only disclose the personal information you have provided to us to entities outside the AccountKit group of companies if it is necessary and appropriate to facilitate the purpose for which your personal information was collected pursuant to this Policy, including the provision of our Services. This may include, but is not limited to, disclosures to:
- Xero, Stripe, AWS, Datadog, Outsystems, and all third-party payment providers (“Authorised Third Party Recipients”).
When using our Services, you consent to your personal information being disclosed or transferred to Authorised Third party Recipients and you acknowledge and agree that we have no obligation to take such steps as are reasonable in the circumstances to ensure that the information that is transferred or disclosed to the Recipients will be treated in a manner that is consistent with the APPs. You also agree that insofar as the law allows, we have no liability to you or anyone else for any breach by the Authorised Third Party Recipients of the APPs or any other relevant privacy laws in your jurisdiction.
We will not otherwise disclose your personal information to a third party unless you have provided your express consent. However, you should be aware that we may be required to disclose your personal information without your consent in order to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will notify you if we are required by law to disclose your personal information.
The third parties who host our servers (Outsystems and Amazon Web Services) do not control, and are not permitted to access or use, your personal information except for the limited purpose of storing the information. This means that, for the purposes of Australian privacy legislation and Australian users of the Service, We do not disclose personal information to third parties located overseas.
10. We Adhere to API Services User Data Policies & Limited Use Requirements
AccountKit's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. Where we utilise other third party APIs (including but not limited to Microsoft, BGL, NowInfinity, Twillio, Dropbox, Box, Suitefiles, FYI and others), we will comply with their respective data policies and limited use requirements.
11. Access and Contact Information
You may request access to your personal information, or seek correction of it, by contacting us. Should we decline you access to your personal information, we will provide a written explanation setting out our reasons for doing so.
We may charge a reasonable fee that is not excessive to cover the charges of retrieving your personal information. We will not charge you for making the request.
If you believe that we hold personal information about you or your clients that is not accurate, complete or up-to-date then you may request that the personal information be amended. We will respond to your request to correct your personal information within a reasonable timeframe, and you will not be charged a fee for correcting your personal information.
If we no longer need your personal information for any of the purposes set out in this Policy, or as otherwise required by law, we will take such steps as are reasonable in the circumstances to destroy your personal information or to de-identify it unless we are required to retain the data for legal or compliance purposes.
If you require further information regarding our Policy or wish to make a privacy complaint, please contact us at firstname.lastname@example.org.
AccountKit is located in Australia and adheres to the privacy laws of Australia. If you are in a different jurisdiction, for example in the European Union or the state of California, you may be entitled to enhanced privacy rights. Please contact us if you wish to exercise your rights under the respective privacy laws of your jurisdiction, including the correction, deletion, porting, withdrawing of consent, or processing of your personal information.
Please check this Policy from time to time for such changes. Your continued use of AccountKit following the posting of changes to this Policy will mean you accept those changes. Any amendments made to the Policy may be retrospectively applied if required by law.