Privacy Policy

1. Data we collect

• Account data you provide: name, email address, firm details, billing contacts.
• Xero data you authorise: pay runs, payslips, tracking categories, allocation rules, resulting journals.
• Product usage: logs that tell us when syncs run, which user posted a journal, and diagnostics that help us secure the service.

2. How we use data

We use your data to operate Payroll Allocator, create allocation previews, post journals back to Xero when you instruct us, provide support, and keep a basic audit trail. We never sell payroll data and we only access a Xero tenant when you trigger a sync or when a scheduled sync is due.

3. Sharing and subprocessors

We host Payroll Allocator on Google Cloud in Australia and use Firebase Authentication, Firestore, and Stripe for login, storage, and billing. These providers are bound by contracts that require strong security. They cannot use your payroll data for their own purposes.

4. Retention

Account information is kept as long as your subscription is active. If you disconnect a Xero organisation we delete refresh tokens immediately and purge cached payroll data within 30 days. Aggregated statistics that cannot identify a firm or employee may be retained to improve features.

5. Security

We encrypt tokens at rest, require MFA for our own staff, and log every journal publish. Access to production systems is limited to a small team. If we become aware of unauthorised access we will notify the affected account owner without undue delay.

6. Your rights

You can request access, correction, or deletion of the personal data we control by contacting us through the support area inside Payroll Allocator. For Xero payroll data we act as your processor, so we will help you respond to employee requests where required.

7. Contact

Questions about privacy can be sent to us through the in-app support chat or by using the contact form on our website.