Privacy | AccountKit

Privacy Policy

AccountKit Pty Ltd (ACN 600 935 813) (“we”, “us”, “our”) takes the privacy of your and your clients’ information very seriously.

We are committed to protecting your privacy and respecting and upholding your rights under the Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth) and the General Data Protection Regulation (EU 2016/679) (the “GDPR”) and any other relevant laws pertaining to privacy of individuals in jurisdictions which our Services are available (collectively, “Privacy Laws”).

We understand your requirements to keep client information confidential and wish to ensure that we make as clear as possible how we treat personal information to help you be fully informed about sharing your own and your clients’ personal information with us. This Privacy Policy sets out how we collect, use, store, share and disclose your and your clients’ personal information.

The defined terms in this Privacy Policy (“Policy”) have the same meaning as in our Terms of Use, which you should read together with this Policy. By accessing our Website and using our Services, you consent to the terms of this Policy and agree to be bound by it.

Key areas covered by this Policy;

Collection of Your Personal Information
Collection of Others’ Personal Information from You
Purpose of the Collection of Your Personal Information
Collection of Payment Information
Use of Cookies
Uses of Log Files
Links to Other Websites
Protection of Your Personal Information
Disclosure of Your Personal Information
Google API Services User Data Policy & Limited Use Requirements
Contact Information
Miscellaneous

The Privacy Policy was last updated on 22 April 2025.

Details of Updates

17 April 2025 - Updated to comply with the General Data Protection Regulation (EU 2016/679) along with future potential AI utilisation. Updates specifically to Section 1; New section 2, New section 6, updates to section 7 (prior section 5), New section 8 and updates to sections 12 (prior section 9) and 14 (prior section 11.
27 September 2023 - Updated section 9 to include "Integrations" 9 and section 10 to add in Annature and FuseSign.
22 August 2022 – Updated to add more details to all sections, including adding sections 11 and 12
09 December 2020 - Added section 10. Google API Services User Data Policy & Limted Use Requirements with respect to our integration with Google (Gmail & Google Drive)
01 March 2019 - Update to add Stripe payment gateway privacy information
27 March 2018 - Company name was updated from MBSoft Pty Ltd to AccountKit Pty Ltd
30 June 2017 - Original post

1. We Collect Your Personal Information

Our Services involve the storage of data. That data can include personal information. “Personal information” is information about an identifiable individual, or other entity and may include, but is not limited to, information such as the individual’s name, email address, telephone number, bank account details, taxation details, and accounting and financial information.

Personal information we collect

We may collect personal information directly from you including, but not limited to your:

full name;
business name;
address;
email address;
mobile and business phone number;
location, including country and state;
device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from sites, ad data, IP address, standard web log information;
billing information (including credit card or bank details);
details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries;
any additional information relating to you that you provide to us directly through our website or app or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
information you provide to us through customer surveys; and
any other personal information that may be required to facilitate the provision of Services to you.

How we collect personal information

We will collect Personal Information only by lawful and fair means and never in an unreasonably intrusive way. Generally, we may collect personal information directly from you when you:

register to use AccountKit;
use AccountKit and our Services;
post to our Website, community forum, social media pages, or our blog;
contact the support team; and
visit our Website.
from our business partners or other third-party sources that provide consumer data, such as information about your interests, demographic information, and marketing details.
Through artificial intelligence (AI) or automated tools present on our website.

We may use artificial intelligence (AI) or automated tools to assist with certain tasks, including but not limited to;

reviewing contracts for building equipment finance schedules
reviewing accounting transactions for matching and coding purposes
summarising meeting notes and extracting actions
summarising interactions with clients and preparation of meeting agendas

These tools may process Personal Information to improve efficiency and user experience. Personal Information collected by AI is collected and managed in accordance with this Privacy Policy and the applicable Privacy Laws. This list may be updated from time to time with notice.

We do not use AI to make decisions that have a legal or similarly significant effect on individuals without human review.

You can always choose not to provide your personal information to us, but it may mean that we are unable to provide you with our Services. If you wish to remain anonymous when you use our Services, do not sign into it or provide any information that might identify you.

We require you to provide accurate, up-to-date and complete personal information at the time it is collected.

2. We do not collect sensitive Personal Information

We will not collect sensitive Personal Information or special categories of Personal Information (as defined under the relevant Privacy Laws) from you. We ask that you do not send us, or do not disclose, any sensitive personally identifiable information (such as information related to racial or ethnic origin, sex life or sexual orientation, political opinions, religious or other beliefs, genetic or biometric data, health criminal background or trade union membership) on or through our Services. If you do provide any sensitive Personal Information, we will require that you provide express consent to us collecting that information as part of you using our Services.

3. We May Receive Personal Information from You About Others

Through your use of AccountKit, we may also collect information from you about someone else. If you provide us with personal information about someone else, such as your clients, you must ensure that you are authorised to disclose that information to us and that, without us taking any further steps required by applicable data protection or privacy laws, we may collect, use, store and disclose such information for the purposes described in this Policy.

This means that you must take reasonable steps to ensure the individual or entity concerned is aware of and consents to the various matters detailed in this Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual's right to obtain access to that information, our identity, and how to contact us. You must also provide accurate, up-to-date and complete personal information about others when disclosing this information to us.

Where requested to do so by us, you must also assist us with any requests by the individual to access or update the personal information you have collected from them and entered into AccountKit or our Website or Services.

4. We Collect, Hold, and Use your Personal Information for Limited Purposes

We collect your personal information so that we can provide you with our Services and any related services you may request. In doing so, we may use the personal information we have collected from you for purposes related to the Services including to:

verify your identity;
provide our Website, products and Services to you;
administer, protect, improve or optimise our services (including performing data analytics, conducting research and for advertising and marketing purposes);
billing you for purchases or for using our Services;
notify you of new or changed information relating to AccountKit, or other information relating to us or our business partners;
carry out marketing or training relating to AccountKit;
assist with the resolution of technical support issues or other issues relating to AccountKit;
to carry out any other purpose you have consented to;
comply with laws and regulations in applicable jurisdictions; and
communicate with you.

By using AccountKit, you consent to your personal information being collected, held and used in this way and for any other use you authorise. We will only use your personal information for the purposes described in this Policy or with your express permission.

Use of personal information for direct marketing

Where we have your express consent, or where we are otherwise permitted by law, we may use your personal information to send you information about products and services we believe are suited to you and your interests or we may invite you to attend special events.

At any time, you may opt out of receiving direct marketing communications from us. Unless you opt out, your consent to receive direct marketing communications from us and to the handling of your personal information as detailed above, will continue. You can opt out by following the unsubscribe instructions included in the relevant marketing communication, or by contacting us in writing at support@account-kit.com.

Despite opting out of direct marketing communication, in the event of an important event, we may still contact you to notify you of essential changes to our Services, including notifications of data breaches or changes in material terms to this Policy or our Terms of Use.

5. We Do Not Retain Your Payment Information

If you are a user of our paid service, we utilise third party payment processing companies to collect payment information, including your credit card number, billing address and phone number. We will share this payment information with the third party processing company, and as such you should be aware of the appropriate terms and conditions of these companies. We do not store your payment information.

Some payment providers we use include:

Stripe - Utilised from 1 March 2019 - https://stripe.com/au/ssa
Xero App Store – Utilised from 1 January 2021 - https://www.xero.com/au/legal/terms/
Other third party payment providers – as updated on this Policy, or notified to you in-app from time to time

6. What is our Legal basis?

Under the GDPR, we must have a legal basis to process Personal Information collected from individuals residing in the European Union. We rely on several legal bases to process your Personal Information, including:

where it is necessary to provide you with access to, and use of, products, services and websites;
for our legitimate interests to provide, operate and improve our Services;
where you have freely and expressly consented to the processing of your Personal Information by us, which you may withdraw at any time; or
where we are under a legal obligation to process your Personal Information.

7. We Use Cookies

We use cookies, web beacons and similar technologies (collectively “Cookies”) on our Website. By accessing or using this Website, you agree that we can store and access Cookies in accordance with this Privacy Policy. You will be able to accept or reject the collection of Cookies by us.

Cookies are small files that can be stored on and accessed from a user’s device when the user accesses a website. They enable authorised web servers to recognise you across different websites, services, devices and browsing sessions.

We may use Cookies to enable users to access and use our Website and Services, including to:

identify users of our Website and Services;
process user requests;
improve user experience;
remember user preferences on our Site;
monitor the use of our Site and for analysis of our user base;
facilitate communication with users;
control access to certain content on our Site; and
protect our Site.

You can delete and refuse to accept browser Cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of the Website.

Unless you have adjusted your browser setting so that it will refuse Cookies, our system will issue Cookies when you direct your browser to our Website.

8. Choices Regarding Your Privacy

You may be provided with choices with how we collect and process your information, including:

opting out or adjusting preferences for cookies when your device accesses the Website;
customise your browser settings to disable or reject cookies across the internet. It's important to note that deleting cookies or declining them in your browser settings might affect the functionality of our Services.
If you’re accessing the Services from a mobile device, using your device's operating system to select options on how it collects and utilises your information for interest-based advertising.

9. AccountKit Uses Log Files

When you use AccountKit, our servers automatically record certain information in server logs. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on AccountKit, domain names, landing pages, pages viewed, mobile carrier, and other such information. Log files help us to monitor, analyse, improve and maintain AccountKit and to diagnose and address any issues, including security issues.

The data collected through log files will not be kept for longer than is necessary to fulfil the purposes mentioned above. We will handle any personal information collected by log files in the same way that we handle all other personal information.

10. Links to Other Web Sites

Our Website and Services may contain links to third party websites including social media networks. This Policy applies solely to information collected directly by us or as otherwise outlined in the Policy. We are not responsible for the practices employed by websites linked to or from within AccountKit, nor the information or content contained therein. Please remember that when you use a link to go from AccountKit to another website or provider, such as Xero, our Policy is no longer in effect and your activities on that third party website is subject to such third party website’s own rules and policies.

11. We Will Take All Reasonable Steps to Protect Your Personal Information

We are committed to protecting the security of your personal information and we take all reasonable precautions to protect it from unauthorised access, modification or disclosure.

However, the Internet is not in itself a secure environment and we cannot give an absolute assurance that your information will be secure at all times. Transmission of personal information over the Internet is at your own risk and you should only enter, or instruct the entering of, personal information to the Service within a secure environment.

You are required to enable Two Factor Authentication to access AccountKit, to add another layer of security preventing those accessing your account. We strongly recommend using complex passwords, using a VPN and the whitelisting functionality within AccountKit to ensure your own security. For more information please refer to the Help section of our Website.

We will advise you at the first reasonable opportunity upon discovering or being advised of a security breach where your personal information is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorised persons or in any unauthorised manner.

Other than liability that cannot be excluded by law, we will not be liable in any way in relation to any breach of security or any unintended loss or disclosure of personal information.

12. We Will Only Disclose Your Personal Information in Limited Circumstances

We will only disclose the personal information you have provided to us to entities outside the AccountKit group of companies if it is necessary and appropriate to facilitate the purpose for which your personal information was collected pursuant to this Policy, including the provision of our Services. This may include, but is not limited to, disclosures to:

Xero, Stripe,Intuit Quickbooks, Sage, AWS, Datadog, Outsystems, and all third-party payment providers and integrations (“Authorised Third Party Recipients”).

When using our Services, you consent to your personal information being disclosed or transferred to Authorised Third party Recipients and you acknowledge and agree that we have no obligation to take such steps as are reasonable in the circumstances to ensure that the information that is transferred or disclosed to the Recipients will be treated in a manner that is consistent with the APPs and GDPR We use reasonable endeavours to ensure that each Recipient receiving your Personal Information is bound by the relevant Privacy Laws (including the standard contractual clauses approved by the European Commission). The standard contractual clauses are available on the European Commission’s website at https://ec.europa.eu/info/law/law-topic/data-protection_en. You also agree that insofar as the law allows, we have no liability to you or anyone else for any breach by the Authorised Third Party Recipients of the APPs or any other relevant privacy laws in your jurisdiction.

We will not otherwise disclose your personal information to a third party unless you have provided your express consent. However, you should be aware that we may be required to disclose your personal information without your consent in order to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will notify you if we are required by law to disclose your personal information.

The third parties who host our servers (Outsystems and Amazon Web Services) do not control, and are not permitted to access or use, your personal information except for the limited purpose of storing the information.

13. We Adhere to API Services User Data Policies & Limited Use Requirements

AccountKit's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. Where we utilise other third party APIs (including but not limited to Microsoft, BGL, NowInfinity, Twillio, Dropbox, Box, Suitefiles, FYI, Annature, FuseSign and others), we will comply with their respective data policies and limited use requirements.

14. Access and Contact Information - Specific to Jurisdiction

We are dedicated to ensuring that individuals in certain jurisdictions have access to their privacy rights as provided by the Privacy Laws of your jurisdiction. We have set out details below dependent on your location.

Australia

You have the right to both ask:

for access to Personal Information that we hold about you; and
that we correct Personal Information we hold about you.

If you ask, we must within a reasonable timeframe give you access to your Personal Information and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.

We will notify you in writing and explain our reasons if we refuse to give you access to, or correct, your Personal Information.

European Economic Area

For the purposes of the GDPR, we are a ‘data controller’ of your Personal Information. Under the GDPR, an individual residing in the European Union has enhanced privacy rights, including the right to:

require us to correct any Personal Information held about you that is inaccurate or incomplete;
require the deletion of Personal Information concerning you in certain situations;
data portability for Personal Information you provide to us;
object or withdraw your consent at any time to the processing of your Personal Information;
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you; or
otherwise restrict our processing of your Personal Information in certain circumstances.

Should we decline you access to your Personal Information, we will provide a written explanation setting out our reasons for doing so. These rights are limited in some situations – for example, we can demonstrate that we have a legal requirement to process your Personal Information. In some instances, this means that we may retain some data even if you withdraw your consent.

We may charge a reasonable fee that is not excessive to cover the charges of retrieving your Personal Information from our customer account database. We will not charge you for making the request.

If you believe that we hold Personal Information about you that is not accurate, complete or up-to-date, then you may request that your Personal Information be amended. We will respond to your request to correct your Personal Information within a reasonable timeframe, and you will not be charged a fee for correcting your Personal Information.

If we no longer need your Personal Information for any of the purposes set out in this Privacy Policy, or as otherwise required by the relevant Privacy Laws, we will take such steps as are reasonable in the circumstances to destroy your Personal Information or to de-identify it.

Access, Management or Deleting your Personal Information

Under the GDPR, an individual residing in the European Union has enhanced privacy rights, including the right to:
require us to correct any Personal Information held about you that is inaccurate or incomplete;
require the deletion of Personal Information concerning you in certain situations;
data portability for Personal Information you provide to us;
object or withdraw your consent at any time to the processing of your Personal Information;
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you; or
otherwise restrict our processing of your Personal Information in certain circumstances.

Subject to some exceptions provided by the relevant Privacy Laws, you may request access to your Personal Information in our customer account database, or seek correction of it, by contacting us at support@account-kit.com. Should we decline you access to your Personal Information, we will provide a written explanation setting out our reasons for doing so.

We may charge a reasonable fee that is not excessive to cover the charges of retrieving your Personal Information from our customer account database. We will not charge you for making the request.

If you believe that we hold Personal Information about you that is not accurate, complete, or up to date, then you may request that your Personal Information be amended. We will respond to your request to correct your Personal Information within a reasonable timeframe, and you will not be charged a fee for correcting your Personal Information.

15. Miscellaneous

AccountKit is located in Australia and adheres to the privacy laws of Australia. If you are in a different jurisdiction, for example in the European Union or the state of California, you may be entitled to enhanced privacy rights. Please contact us if you wish to exercise your rights under the respective privacy laws of your jurisdiction, including the correction, deletion, porting, withdrawing of consent, or processing of your personal information.

AccountKit reserves the right to amend, modify, add or remove portions of this Privacy Policy at any time without notice and amendments will be effective immediately upon posting of the amended Policy on our website.

Please check this Policy from time to time for such changes. Your continued use of AccountKit following the posting of changes to this Policy will mean you accept those changes. Any amendments made to the Policy may be retrospectively applied if required by law.