Privacy Policy
Last updated: [Date — update before launch] · More Cash Less Tax Pty Ltd
1. About this policy
More Cash Less Tax Pty Ltd (“we”, “us”, “our”) operates More Cash Less Tax (“the Service”). This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
2. What information we collect
2.1 Information you provide
- Account information: name, email address, business name, ABN.
- Profile information: phone number, address (optional).
- Payment information: billing details are collected and stored by Stripe, Inc. We do not store card numbers.
2.2 Information we collect automatically
- Financial data: transaction records, account balances, and categorisation data you connect via Xero, Stripe, Basiq, or CSV upload.
- Usage data: pages visited, features used, error logs.
- Device information: browser type, operating system, IP address.
2.3 Information from third parties
When you connect integrations (Xero, Stripe, Australian bank feeds via Basiq), we receive data from those services as authorised by you. We only request read access.
3. How we use your information
We use your information to:
- Provide, maintain, and improve the Service.
- Generate AI-powered financial analysis, BAS drafts, and CFO reports.
- Send you transactional emails (receipts, reports, alerts).
- Respond to support requests.
- Comply with legal obligations (including tax law).
- Detect fraud and ensure security.
We do not sell your personal information to third parties.
We do not use your financial data to train AI models without your explicit consent.
4. Disclosure of your information
We may share your information with:
- Service providers: Stripe (payments), Anthropic (AI generation), Cloudflare (storage/CDN), Railway (database hosting), Basiq (bank feed connections), Resend (transactional email). These providers are contractually bound to protect your data.
- Legal authorities: where required by Australian law or a valid court order.
- Business transfers: in the event of a merger or acquisition, with notice to you.
5. Data storage and security
Your data is stored on servers located in Australia or Singapore (Railway.app infrastructure). All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We store OAuth access tokens using AES-256-GCM encryption. We conduct regular security reviews.
6. Data retention
We retain your account data for as long as your account is active. After account deletion we retain data for 30 days to allow recovery, then permanently delete it. Some anonymised aggregate data may be retained indefinitely for analytics.
7. Your rights
Under the Privacy Act 1988 (Cth) and the APPs, you have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Request deletion of your account and data.
- Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached your privacy.
To exercise these rights, use the self-service tools in Settings → Privacy, or email us at privacy@morecashlesstax.com.au.
8. Cookies
We use strictly necessary cookies for authentication (session cookie) and a minimal analytics cookie to count page views. We do not use advertising or tracking cookies. You can disable cookies in your browser settings; however, the Service requires the session cookie to function.
9. Children
The Service is intended for business use only and is not directed at children under 18. We do not knowingly collect data from minors.
10. Changes to this policy
We may update this policy from time to time. We will notify you by email or in-app notification if we make material changes. Continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact us
For privacy-related enquiries or complaints, please contact:
More Cash Less Tax Pty Ltd
privacy@morecashlesstax.com.au
If you are not satisfied with our response, you may lodge a complaint with the OAIC at oaic.gov.au.