Privacy Policy

Kumry Finance AI Pty Ltd ("Kumry", "we", "our", or "us") is committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our accounting and financial management platform ("the Service"). This Privacy Policy applies to all users of the Service, including individuals, business entities, and authorised representatives. We comply with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and other applicable privacy legislation. By using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.

We collect several categories of information to provide, maintain, and improve the Service: Account Information: When you register, we collect your name, email address, phone number, business name, ABN/ACN, business address, and account credentials. Financial Data: Through your use of the Service, we process financial transactions, bank account details (via secure bank feed connections), invoices, receipts, expense records, tax information (including GST and BAS data), and chart of accounts data. Usage Data: We automatically collect information about how you interact with the Service, including pages visited, features used, actions taken, timestamps, IP addresses, browser type, device information, and operating system. AI Processing Data: When you use AI-powered features, we process transaction descriptions, categorisation decisions, and correction patterns to improve accuracy for your account. Communication Data: We collect information you provide when contacting our support team, submitting feedback, or participating in surveys. Third-Party Data: If you connect third-party services (such as bank feeds), we receive data from those services as authorised by you and governed by their respective privacy policies.

We use the information we collect for the following purposes: Service Delivery: To provide, operate, and maintain the accounting platform, including processing transactions, generating reports, preparing tax documents, and delivering AI-powered categorisation. Account Management: To create and manage your account, process subscription payments, communicate about your account status, and provide customer support. Security and Integrity: To verify ledger integrity through integrity verification, generate digital signatures, maintain audit capsules, detect and prevent fraud, and protect against unauthorised access. Service Improvement: To analyse usage patterns, improve AI categorisation accuracy, develop new features, optimise performance, and fix issues. Compliance: To comply with Australian tax laws, accounting standards, anti-money laundering regulations, and other applicable legal obligations. Communication: To send you service notifications, security alerts, billing information, product updates, and marketing communications (with your consent). We do not sell your personal information to third parties. We do not use your financial data to train AI models shared with other customers.

We may share your information in the following circumstances: Service Providers: We share data with trusted third-party service providers who assist us in operating the Service, including cloud hosting providers (Australian data centres), payment processors (Stripe), bank feed aggregators, email delivery services, and analytics platforms. These providers are bound by contractual obligations to protect your data. Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request, including responses to subpoenas, court orders, or requests from the Australian Taxation Office (ATO). Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your information. With Your Consent: We may share your information with third parties when you explicitly authorise us to do so, such as when you grant access to your accountant or tax agent through the Service. Aggregated Data: We may share aggregated, de-identified data that cannot reasonably be used to identify you for research, industry benchmarking, or statistical purposes.

We implement comprehensive security measures to protect your information: Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Sensitive fields receive additional application-layer encryption. Cryptographic Integrity: Every ledger entry is protected by integrity verification. Higher-tier plans include Ed25519 digital signatures, mathematical integrity structures, and zero-knowledge proofs. Infrastructure Security: Our platform runs on a zero-trust architecture with 9 layers of security, including mutual TLS (mTLS) service mesh, network segmentation, runtime security monitoring, and intrusion detection. Access Controls: We implement role-based access control (RBAC), multi-factor authentication (MFA), and row-level security (RLS) to ensure that users can only access data they are authorised to see. Audit Logging: All access to your data is logged in tamper-evident audit capsules. These logs are retained for compliance and security investigation purposes. Vulnerability Management: We conduct regular security assessments, penetration testing, and vulnerability scanning to identify and remediate potential threats. While we employ industry-leading security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

We retain your information for as long as necessary to fulfil the purposes described in this Privacy Policy, comply with legal obligations, and resolve disputes: Account Data: Retained for the duration of your account and for 30 days after account closure to allow data export. Financial Records: Retained for a minimum of 7 years after creation in accordance with Australian tax law requirements (Income Tax Assessment Act 1997) and accounting standards. Audit Logs: Retained for a minimum of 7 years to support compliance, regulatory audits, and forensic investigation requirements. AI Training Data: Categorisation patterns specific to your account are retained only while your account is active and are deleted upon account closure. Usage Analytics: Aggregated, de-identified usage data may be retained indefinitely for service improvement and statistical purposes. Backup Data: Encrypted backups are retained for 90 days after deletion of the source data. You may request deletion of your data at any time, subject to our legal retention obligations. We will inform you if we are unable to delete specific data and the reasons why.

Under the Australian Privacy Act and the Australian Privacy Principles, you have the following rights regarding your personal information: Access: You have the right to request access to the personal information we hold about you. We will respond to access requests within 30 days. Correction: You have the right to request correction of inaccurate, incomplete, or outdated personal information. You can update most information directly through your account settings. Deletion: You may request deletion of your personal information, subject to our legal retention obligations. Financial records required by Australian tax law may not be deleted during the mandatory retention period. Data Portability: You can export your financial data at any time through the Service in standard formats (CSV, JSON, PDF). Upon account closure, you have 30 days to export your data. Opt-Out: You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or adjusting your notification preferences in account settings. Complaint: If you believe we have breached your privacy rights, you may lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au. To exercise any of these rights, please contact our Privacy Officer at privacy@kumry.com.au.

We use cookies and similar tracking technologies to enhance your experience with the Service: Essential Cookies: Required for the Service to function, including authentication tokens, session management, and security features. These cannot be disabled. Functional Cookies: Remember your preferences, such as language settings, theme selection (dark/light mode), and dashboard configurations. Analytics Cookies: Help us understand how you use the Service, which features are most popular, and where users encounter issues. We use privacy-respecting analytics that do not share data with advertising networks. We do not use advertising cookies or tracking pixels. We do not participate in cross-site tracking or interest-based advertising. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent the Service from functioning correctly.

Your data is primarily stored and processed within Australia using Australian data centres. In limited circumstances, data may be transferred to or processed in other jurisdictions: - Where a third-party service provider operates infrastructure in another country - Where required by international legal obligations - Where you explicitly authorise the transfer (e.g., sharing data with an overseas accountant) When data is transferred internationally, we ensure that appropriate safeguards are in place, including contractual protections consistent with the Australian Privacy Principles and, where applicable, the EU General Data Protection Regulation (GDPR). We will always inform you if your data will be stored or processed outside of Australia and the protections that apply.

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you are a parent or guardian and believe that your child has provided personal information to us, please contact our Privacy Officer at privacy@kumry.com.au.

The Service may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party services. When you connect third-party services (such as bank feeds or payment processors), the data shared with those services is also governed by their respective privacy policies. We encourage you to review the privacy policies of any third-party services you connect to your account. We are not responsible for the privacy practices of third-party services and make no representations about their data handling practices.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated to you via: - Email notification to the address associated with your account - A prominent notice within the Service at least 30 days before the changes take effect - An updated "Last Updated" date at the top of this Privacy Policy Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the Service and close your account. We encourage you to periodically review this Privacy Policy to stay informed about how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: Privacy Officer Kumry Finance AI Pty Ltd Sydney, NSW, Australia Email: privacy@kumry.com.au General enquiries: support@kumry.com.au Website: https://kumry.com.au For complaints, you may also contact the Office of the Australian Information Commissioner (OAIC): Website: www.oaic.gov.au Phone: 1300 363 992 Email: enquiries@oaic.gov.au