Business Automation Service

Privacy Policy

Last updated: 8  July 2026

Business Automation Service Pty Ltd (ABN: 92 691 334 817) (“BAS”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website, use our software products including  CFO Workbench, MatterPath and any future products, or otherwise interact with our services.

This policy applies to accounting firms and their clients who access our services directly or through an accounting firm partner (“Partner Firm”). Where you access Business Automation Service services through a Partner Firm, that firm is responsible for its own privacy obligations to you, and Business Automation Services processes your data on their behalf as a service provider.

This Privacy Policy is provided in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles.

1. Information We Collect

We collect information in several ways:

Information you provide directly:

  • Contact details (name, email address, phone number, company name)
  • Business information when you request a demo or engage our services
  • Communication preferences and feedback

Information collected automatically when you use our services:

  • Log data (IP address, browser type, pages visited, timestamps)
  • Cookies and similar tracking technologies (see Cookies section below)
  • Usage data showing how you interact with our products

Information processed through our software:

  • Invoice data submitted by your accounting firm or clients for processing
  • Vendor and supplier records linked to your accounting system
  • Configuration data including account codes and process rules
  • Financial data accessed from connected accounting platforms (including Xero, MYOB, or similar platforms) where you have authorised us to access your data via OAuth. This includes accounts, invoices, bills, contacts, bank transactions, and financial reports
  • OAuth access tokens and connection credentials for authorised accounting platform integrations, stored in encrypted form

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our software services
  • Process invoices, post entries to your accounting system, and deliver platform features
  • Retrieve, display, and analyse financial data from connected accounting platforms to provide reporting, reconciliation, and CFO advisory features through CFO Workbench
  • Communicate with you about your account, services, updates, and support requests
  • Respond to inquiries from prospective customers and the Microsoft Marketplace
  • Improve our products through usage analysis and AI model refinement analysis. We use aggregated, de-identified usage patterns to improve our AI models. Your raw financial data and client records are never used to train AI models
  • Send marketing communications where you have opted in (you may opt out at any time)
  • Comply with legal obligations and protect against fraudulent or unauthorised activity

3. How We Store and Protect Information

Customer data processed by the Business Automation Service and our products is stored within Microsoft Azure infrastructure in Australia East region. We use the following safeguards:

  • Encryption of data in transit (TLS 1.2 or higher) and at rest
  • Multi-tenant isolation – each customer’s data is logically separated
  • Azure Key Vault for secrets, tokens, and credentials
  • Role-based access control limiting staff access to data
  • Microsoft Entra ID authentication with audit logging
  • Regular security monitoring and patching

While we use industry-standard security measures, no system is entirely secure. We will notify you of any breach affecting your personal information in accordance with the Notifiable Data Breaches scheme.

4. Sharing Your Information

We do not sell your personal information. We may share information with:

  • Partner Firms (accounting practices) through whom you access CFO Workbench. These firms can view financial data and reports for their clients within the platform. If you are an end client of a Partner Firm, your Partner Firm controls and is responsible for the data they provide to us on your behalf
  • Service providers (cloud hosting, email delivery, analytics) who assist us in operating our business and are bound by confidentiality obligations
  • Integration partners where you have authorised data sharing (e.g. Xero, Microsoft 365)
  • Legal authorities where required by law, court order, or to protect rights and safety
  • Successors in connection with a merger, acquisition, or sale of business assets

5. Cross-Border Data Transfers

Your information is primarily stored in Australia. Some services we use (such as Microsoft Marketplace and the Microsoft Partner Centre) may process data outside Australia. Where this occurs, we ensure appropriate safeguards are in place consistent with Australian Privacy Principle 8. Azure AI services used for invoice processing and automation operate within Australian Azure regions where available.

6. Your Rights

Under Australian privacy law you have the right to:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of your information (subject to legal retention requirements)
  • Withdraw consent for marketing communications
  • Make a privacy complaint to us, or to the Office of the Australian Information Commissioner

To exercise any of these rights, contact us at the details below.

7. Cookies and Tracking

Our website uses cookies and similar technologies to improve user experience, analyze website performance, and deliver relevant content. You can control cookies through your browser settings. Disabling cookies may affect website functionality.

8. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy, or as required by law. Financial records and transaction data processed through our software are retained for a minimum of 7 years in accordance with Australian taxation record-keeping requirements (s262A ITAA 1936), unless a shorter period is agreed in your service agreement. Customer data processed through our software is retained according to your service agreement and may be deleted on termination of services subject to any mandatory retention period.

9. Changes To This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or prominent notice on our website. The “Last updated” date at the top of this policy reflects the most recent revision.

10. Contact us

For privacy questions, requests, or complaints, contact:

Business Automation Service Pty Ltd

Scroll to Top