Privacy Policy

Last updated: 28 April 2026

Business Automation Service Pty Ltd (ABN: 92 691 334 817) ("BAS", "we", "us", "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website, use our software products including the AP Process Platform, or otherwise interact with our services.

This Privacy Policy is provided in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles.

1. Information We Collect
We collect information in several ways:
Information you provide directly:
•    Contact details (name, email address, phone number, company name)
•    Business information when you request a demo or engage our services
•    Communication preferences and feedback
Information collected automatically when you use our services:
•    Log data (IP address, browser type, pages visited, timestamps)
•    Cookies and similar tracking technologies (see Cookies section below)
•    Usage data showing how you interact with our products
Information processed through our software:
•    Invoice data submitted by your accounting firm or clients for processing
•    Vendor and supplier records linked to your accounting system
•    Configuration data including account codes and process rules
2. How We Use Your Information
We use the information we collect to:
•    Provide, operate, and maintain our software services
•    Process invoices, post entries to your accounting system, and deliver platform features
•    Communicate with you about your account, services, updates, and support requests
•    Respond to inquiries from prospective customers and the Microsoft Marketplace
•    Improve our products through usage analysis and AI model refinement
•    Send marketing communications where you have opted in (you may opt out at any time)
•    Comply with legal obligations and protect against fraudulent or unauthorized activity
3. How We Store and Protect Information
Customer data processed by the AP Process Platform is stored within Microsoft Azure infrastructure in Australia East region. We use the following safeguards:
•    Encryption of data in transit (TLS 1.2 or higher) and at rest
•    Multi-tenant isolation — each customer's data is logically separated
•    Azure Key Vault for secrets, tokens, and credentials
•    Role-based access control limiting staff access to data
•    Microsoft Entra ID authentication with audit logging
•    Regular security monitoring and patching
While we use industry-standard security measures, no system is entirely secure. We will notify you of any breach affecting your personal information in accordance with the Notifiable Data Breaches scheme.
4. Sharing Your Information
We do not sell your personal information. We may share information with:
•    Service providers (cloud hosting, email delivery, analytics) who assist us in operating our business and are bound by confidentiality obligations
•    Integration partners where you have authorized data sharing (e.g. Xero, Microsoft 365)
•    Legal authorities where required by law, court order, or to protect rights and safety
•    Successors in connection with a merger, acquisition, or sale of business assets
5. Cross-Border Data Transfers
Your information is primarily stored in Australia. Some services we use (such as Microsoft Marketplace and certain analytics tools) may process data outside Australia. Where this occurs, we ensure appropriate safeguards are in place consistent with Australian Privacy Principle 8.
6. Your Rights
Under Australian privacy law you have the right to:
•    Request access to the personal information we hold about you
•    Request correction of inaccurate or incomplete information
•    Request deletion of your information (subject to legal retention requirements)
•    Withdraw consent for marketing communications
•    Make a privacy complaint to us, or to the Office of the Australian Information Commissioner
To exercise any of these rights, contact us at the details below.
7. Cookies and Tracking
Our website uses cookies and similar technologies to improve user experience, analyze website performance, and deliver relevant content. You can control cookies through your browser settings. Disabling cookies may affect website functionality.
8. Data Retention
We retain personal information only as long as necessary for the purposes described in this policy, or as required by law. Customer data processed through our software is retained according to your service agreement and may be deleted on termination of services.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via email or prominent notice on our website. The "Last updated" date at the top of this policy reflects the most recent revision.
10. Contact Us
For privacy questions, requests, or complaints, contact:
Business Automation Service Pty Ltd
•    Email: info@businessautomationservice.com
•    Postal: Level 8/2 King Street Fortitude Valley QLD 4006
•    Privacy Officer: Bryn Harwood
If you are not satisfied with our response to a privacy concern, you may contact the Office of the Australian Information Commissioner (OAIC):
•    Website: oaic.gov.au
•    Phone: 1300 363 992