Privacy Policy

1. Who we are

Myaccountant Technology Pty Ltd (referred to in this policy as "myaccountant," "we," "us," or "our") is an Australian proprietary limited company with ABN 81 610 976 719. We operate the myaccountant financial platform, which provides accounting, payroll, property, personal finance, and compliance software to individuals, households, and small businesses in Australia.

Our registered office is Level 1, 43 Stewart Street, Richmond, Victoria 3121.

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

2. What personal information we collect

We collect personal information in the following categories:

2.1 Information you provide directly

• Identity information: your name, date of birth where relevant, and contact details.
• Account information: your email address, your chosen password (stored as a secure hash), and your communication preferences.
• Business information: your ABN, business name, business structure, business address, and related details if you use the platform for business purposes.
• Financial information: your bank account details, invoices, expenses, income, and other financial records you enter or authorise us to receive.
• Tax information: your TFN (where you voluntarily provide it for tax reporting purposes), PAYG details, and tax lodgement information.
• Employee information: if you run payroll through the platform, information about your employees provided by you or by the employees themselves through our onboarding flow.
• Property information: details about investment or residential properties you track through the platform.
• Documents: receipts, rental statements, invoices, and other documents you upload or forward to the platform.

2.2 Information we collect automatically

• Usage information: pages visited, features used, and interaction patterns, collected to improve the platform and identify issues.
• Technical information: your IP address, browser type, device type, and operating system.
• Location information: approximate location derived from your IP address, used for security and fraud prevention. We do not collect precise GPS location.

2.3 Information we receive from third parties

• Bank feeds: transaction data from your connected bank accounts, received through our regulated bank feed provider with your explicit consent.
• ATO data: data the Australian Taxation Office returns to us when you lodge something through the platform (for example, confirmation of BAS lodgement or STP submission).
• Identity verification: if we are required to verify your identity for regulatory or security purposes, we may receive verification data from identity verification providers.

2.4 Sensitive information

We may incidentally collect or handle information that is classified as "sensitive information" under the Privacy Act, for example, health-related leave data for employees processed through the payroll module. We collect sensitive information only where necessary for the platform to function and with appropriate consent.

3. Why we collect this information

We collect personal information for the following purposes:

• To provide the platform: to operate your account, process your financial data, run pay runs, lodge compliance obligations, and deliver the features you have signed up for.
• To communicate with you: to send you product updates, security notifications, billing information, and responses to support requests.
• To improve the platform: to understand how features are used, identify bugs, and make the product better over time.
• To comply with legal obligations: including tax reporting, anti-money-laundering obligations where applicable, and responding to lawful requests from regulators or law enforcement.
• To protect the platform and its users: to detect fraud, prevent abuse, and secure accounts.

We do not use personal information for purposes other than those stated above without your consent.

4. How we use AI and automated processing

myaccountant uses artificial intelligence to help with specific tasks on the platform, reading receipts and property statements, suggesting transaction categories, identifying potentially deductible expenses, and powering the in-app Ask myaccountant assistant.

This section explains how AI is used in a way that meets the specific disclosure requirements that apply to automated decision-making under the Australian Privacy Principles (including APP 1.7 to APP 1.9, which commence on 10 December 2026).

4.1 Our position on automated decisions

No decision on myaccountant is made solely by a computer program. The AI on the platform makes suggestions; you make the decisions. When the platform suggests an expense category, flags a potentially deductible transaction, or extracts figures from a document, you see the suggestion, confirm or correct it, and your confirmation is what posts to your books. If you do nothing, nothing posts.

This is a deliberate design choice. It means the AI serves you as a calculator serves a bookkeeper: fast, helpful, and always subject to your judgement.

4.2 Where AI substantially assists our work

While the AI does not make decisions on its own, it does substantially assist with certain tasks. The following are the categories of AI-assisted work on the platform:

• Document extraction: reading receipts, invoices, rental statements, and other documents you upload or forward to the platform, and extracting the values (dates, amounts, suppliers, line items) in those documents.
• Category suggestion: based on supplier, past transactions on your account, and document contents, suggesting the expense or income account a transaction should post to.
• Deduction identification: flagging transactions that may be tax-deductible based on their description, amount, and context.
• Ask myaccountant: answering questions you ask in the in-product assistant about your own books, the tax system, or the platform.
• Rule suggestion: proposing categorisation rules based on patterns in your past choices (for example, "You categorised the last three transactions from Optus as Telecommunications, apply this rule going forward?").

In each of these, the AI's output is shown as a suggestion for your review. The decision is yours.

4.3 What personal information the AI uses

The AI processes the following categories of personal information in the course of the tasks described in Section 4.2:

• Financial information: your transaction descriptions, amounts, dates, counterparties, and the account structure of your books.
• Document contents: the text and numbers in documents you upload or forward, including supplier names, dates, amounts, and line items.
• Contextual information: your industry, your business structure, and any previous categorisation choices you have made on your account.
• Question content: if you use Ask myaccountant, the text of your questions and the account context we include to produce an answer.

Personal information that is not sent to the AI includes: your payment card details, your TFN (where stored), your password, your address, and any personal information about employees that is stored but not relevant to the specific task.

4.4 Who runs the AI

We currently use Anthropic's Claude API as our primary AI processing provider. When the platform processes data through AI, the relevant information is sent to Anthropic's API, processed, and returned to us. Under our agreement with Anthropic:

• Anthropic does not retain your data beyond what is necessary to produce the result.
• Anthropic does not train their models on your data.
• Processing occurs in servers in the United States. This is a cross-border transfer of personal information and is covered specifically in Section 4.5 below.

4.5 Cross-border processing

AI processing may involve your data being transferred outside Australia to the United States for the duration of a single API call. We have entered into contractual arrangements with Anthropic that include data processing terms consistent with Australian Privacy Principle 8. Anthropic is a US company and is bound by US privacy laws; we hold it to Australian-equivalent handling standards through contract.

If you do not want your data transferred to the United States for AI processing, you can disable AI-powered features as described in Section 4.7 below.

4.6 How we explain AI suggestions to you

Every AI-assisted suggestion on the platform is visible, explained, and reversible:

• The source is visible. When the AI extracts a field from a document, the document is linked from the extracted record; you can open it in one click and check.
• The reasoning is available. On any AI-assisted suggestion, a "Why did you suggest this?" link opens the reasoning, the source document, the confidence level, the past patterns that informed the suggestion, and the alternatives the AI considered.
• The history is inspectable. The AI activity log in your account settings shows every AI-assisted action on your account over time, what the AI proposed, what you confirmed, what you overrode.
• The override is trivial. You can correct or reverse any AI-assisted suggestion at any time; your override is recorded in the audit trail.

4.7 Opting out

You can disable AI-powered features in your account settings. Disabling AI features means you lose the automated receipt scanning, category suggestions, deduction identification, and the Ask myaccountant assistant. You retain full access to every other feature of the platform. AI use is not required to use myaccountant.

5. Who we share your information with

We share personal information only where necessary for the platform to function or where required by law.

5.1 Service providers

We share data with the following categories of service providers, each of whom processes data on our behalf under confidentiality and security obligations:

• Our hosting provider: Amazon Web Services, Sydney region, where all platform data is stored.
• Our bank feed provider: a regulated Australian provider that connects your bank accounts to the platform with your consent.
• Our AI processing provider: Anthropic, as described in Section 4.
• Our payment processor: to process your subscription payments.
• Our email provider: to send you transactional and product emails.
• Our support and analytics providers: to help us respond to support requests and understand platform usage.

5.2 Regulators and authorities

We share data with regulators and authorities where required by law or where necessary for you to comply with your own obligations:

• Australian Taxation Office: when you lodge a BAS, STP submission, or other compliance artefact through the platform.
• Law enforcement and regulators: where we receive a lawful request, such as a court order, subpoena, or formal regulatory request.
• Other statutory bodies: where specific laws require disclosure (for example, super funds for super contribution reporting).

5.3 Your accountant or team members

If you invite an accountant or team members into your account, they will have access to the data you grant them, subject to the permissions you set.

5.4 Business transactions

If myaccountant is involved in a merger, acquisition, or sale of assets, personal information may be transferred to the successor entity. We will notify you before your personal information becomes subject to a different privacy policy.

5.5 What we do not do

We do not sell your personal information. We do not share your data with advertisers or data brokers. We do not use your data to target you with third-party advertising.

6. Where your data is stored

All platform data is stored in Australia, in the Amazon Web Services Sydney region. This means your data does not leave Australia for storage or primary processing.

The only exception is AI processing, as described in Section 4. When data is sent to our AI provider for processing, it may be processed in the United States. That data is not stored by the AI provider beyond what is necessary to produce a result.

If we change our data storage or processing locations, we will update this policy and notify you before the change takes effect.

7. How we protect your information

We take the security of your personal information seriously.

7.1 Security measures

• Encryption in transit: all connections to the platform use TLS 1.2 or higher.
• Encryption at rest: data stored in our database and backups is encrypted using industry-standard encryption.
• Access controls: only authorised personnel can access production systems, with access logged and audited.
• Two-factor authentication: available to all users, required for team members accessing business accounts.
• Third-party security: our service providers (AWS, our bank feed provider, our AI provider) maintain independent security certifications such as ISO 27001 and SOC 2.

7.2 No security is absolute

While we take reasonable steps to protect your information, no system is completely immune to security risks. We cannot guarantee absolute security, and we encourage you to use a strong, unique password and to enable two-factor authentication.

7.3 Data breaches

If a data breach occurs that is likely to cause serious harm to you, we will notify you and the Office of the Australian Information Commissioner as required by the Notifiable Data Breaches scheme under the Privacy Act.

8. How long we keep your information

We retain personal information only for as long as is necessary for the purposes described in this policy.

• Account data: while your account is active and for a period after cancellation to allow for reactivation, billing reconciliation, and compliance obligations.
• Financial records: in line with Australian tax law, which generally requires retention of financial records for at least five years after the relevant transaction.
• Backups: retained for the period necessary for disaster recovery, generally no more than 90 days after data is deleted from the primary system.
• Legal obligations: where we are required by law to retain data for longer periods (for example, anti-money-laundering record-keeping), we will do so.

When personal information is no longer needed, we delete or de-identify it.

9. Your rights

Under the Privacy Act, you have the right to access, correct, and (in certain circumstances) request the deletion of your personal information.

9.1 Accessing your information

You can access most of your personal information directly through your account. For information not accessible through the account, you can request a copy by emailing privacy@myaccountant.com.au . We will respond within 30 days.

9.2 Correcting your information

If any personal information we hold about you is incorrect or out of date, you can correct most of it through your account settings. For corrections that cannot be made directly, email privacy@myaccountant.com.au and we will correct the information or explain why we cannot.

9.3 Deleting your account

You can delete your account at any time by contacting privacy@myaccountant.com.au or through your account settings. Deletion removes your personal information from our active systems, subject to the retention requirements in Section 8.

9.4 Withdrawing consent

Where processing is based on your consent, you can withdraw that consent at any time. Some features (for example, bank feeds, AI processing) depend on your consent, and withdrawing consent may disable those features.

9.5 Marketing communications

You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email we send you. You cannot opt out of transactional communications (for example, billing receipts, security notifications, legal notices) while you maintain an active account.

10. Cookies and similar technologies

We use cookies and similar technologies to operate the platform and understand how it is used.

• Essential cookies: required for the platform to function (for example, keeping you logged in).
• Analytics cookies: used to understand platform usage in aggregate. We use privacy-respecting analytics that do not track you across other websites.

We do not use third-party advertising cookies. We do not participate in advertising networks.

You can control cookies through your browser settings. Disabling essential cookies will prevent the platform from functioning correctly.

11. Children

myaccountant is not intended for use by children under 13, and we do not knowingly collect personal information from children under 13. If you are under 18, you may only use the platform as an employee receiving payslips through an employer's account, and only with appropriate parental or guardian involvement.

If you believe we have collected personal information from a child under 13 without appropriate consent, please contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. When we make material changes, we will notify you by email or through the platform before the changes take effect. Changes that are not material (for example, clarifications or formatting updates) may be made without notification, but the "Last updated" date at the top of the policy will always reflect the most recent version.

13. Complaints

If you believe we have breached the Privacy Act or this policy, you can make a complaint in the following ways:

13.1 Contact us first

Email privacy@myaccountant.com.au with details of your complaint. We will acknowledge your complaint within seven days and respond substantively within 30 days.

13.2 Escalate to the OAIC

If you are not satisfied with our response, or if you prefer to go directly to the regulator, you can make a complaint to the Office of the Australian Information Commissioner:

• Online: oaic.gov.au
• Phone: 1300 363 992
• Mail: GPO Box 5218, Sydney NSW 2001

14. How to contact us

For any privacy-related questions, requests, or complaints:

• Email , privacy@myaccountant.com.au
• Mail: Level 1, 43 Stewart Street, Richmond, Victoria 3121

We aim to respond to privacy requests within 30 days.