Privacy Policy

Last Updated: 29 August 2025
Effective Date: 29 August 2025
Business Services: Xactify Accounts (Australia)

1. Introduction

Xactify Accounts (“we”, “us”, “our”) is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By using our services or providing personal information, you consent to this Privacy Policy.

2. Information We Collect

2.1 Personal Information

  • Identity & contact: name, address, phone, email
  • Application data for TFN/ABN/ASIC support: date/place of birth, business/company details
  • Identifiers only where authorised: Tax File Number (TFN) for applications you request
  • Identity documents (licence, passport, Medicare card, visa)
  • Payment metadata from Stripe (we do not store card numbers)
  • (If applicable) Bank account details for payroll/direct debit arrangements, only when necessary and authorised
  • Technical data: IP, device/browser info, cookies/analytics

2.2 How We Collect

  • Directly from you via our forms, email, phone, consultations
  • Automatically via cookies/analytics
  • From third parties with your consent (e.g., software you connect)

3. How We Use Personal Information

  • Provide administrative support and application assistance (TFN/ABN/ASIC), bookkeeping setup
  • Verify identity and prevent fraud
  • Communicate about your requests and our services
  • Process payments and reconcile transactions
  • Operate, secure, and improve our website and services
  • Comply with laws and lawful requests
  • Send marketing only if you opt in (you can opt out anytime)

4. Handling of TFNs & Identity Documents

TFNs: We collect TFNs only where authorised by law and solely to prepare/lodge applications you request (Privacy (Tax File Number) Rule 2015). TFNs are never our internal identifiers, are access-restricted, never emailed or sent via chat, and are destroyed/de-identified when no longer required or as required by law.

Identity documents: collected only to verify identity and support applications; stored securely; deleted on request once the purpose is complete unless the law requires retention.

5. Disclosure of Personal Information

  • Government agencies (e.g., ATO/ABR/ASIC) where you instruct us or as required by law
  • Service providers: hosting, email, secure file storage, analytics, payments (Stripe)
  • Cloud accounting platforms you choose (Xero, MYOB, QuickBooks)
  • Professional advisers (legal) under confidentiality
  • With your express consent for other purposes

We never sell, rent, or trade your personal information.

6. Data Security & Storage

  • Encryption in transit (SSL/TLS), least-privilege access, secure platforms
  • Backups and disaster recovery processes

Retention: Financial records are retained for 7 years as required by Australian law. TFNs and identity documents are retained only for the authorised purpose, then securely destroyed or de-identified unless the law requires longer retention.

7. Your Rights

  • Access and correction
  • Deletion where legally permissible
  • Opt-out of marketing
  • Information about our use/disclosure practices
  • Complaint to us and, if unresolved, to the OAIC

8. Notifiable Data Breaches

We comply with the Notifiable Data Breaches scheme. If an eligible breach occurs, we will notify the OAIC and affected individuals as soon as practicable, contain/remediate, and keep incident records.

9. Cookies & Analytics

  • Essential cookies: site security, session, forms
  • Analytics: usage patterns to improve services (e.g., Google Analytics)

You can control cookies in your browser. Disabling essential cookies may affect functionality.

10. Third-Party Services

We use trusted providers for hosting, email, storage, payments, analytics, and (optionally) cloud accounting. Card data is handled by Stripe and is not stored on our servers.

11. Overseas Disclosure (APP 8)

Some providers may process data outside Australia (e.g., USA for analytics/email/CDN, New Zealand for Xero services, Singapore for regional infrastructure). We take reasonable steps to ensure comparable privacy safeguards through contractual and technical controls.

12. Exercising Your Rights

Submit requests in writing with enough detail to identify you. Allow up to 30 days for response. We may request identity verification and, for unusual requests, a reasonable charge.

13. Contact & Complaints

Privacy contact:
Email: privacy@xactifyaccounts.com.au
Phone: +61 438 846 858
Address: Geelong, Victoria, Australia

OAIC: www.oaic.gov.au • 1300 363 992

14. Changes to this Policy

We may update this Policy to reflect legal or operational changes. The updated version will be posted here with the effective date.