Actuals International Pty Ltd – Privacy Policy

Last Updated: June 13, 2025

Introduction and Scope

Actuals International Pty Ltd (“Actuals”, “we”, “us” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose data when you use our cloud-based accounting software and related services (“Services”). It applies to business customers in Australia, the United States, the United Kingdom, Singapore, and New Zealand, and covers data collected through our websites, applications, and integrations with third-party systems.

What this Policy Covers: This Policy covers personal information and business data you or your organization provide to us, or that we generate or receive when delivering the Services. Personal information in this context mainly refers to business contact details (like names, work emails, phone numbers) and any personal data contained within the business documents you upload. We do not intentionally collect sensitive personal data (e.g. government ID numbers, financial account passwords, health or biometric data) beyond basic contact information. Our Services are intended for use by businesses, and any personal data about individuals (such as your employees or customers) that you input is considered business-related information.

Controller vs Processor: For personal data that you provide about third parties (for example, information about your customers or employees in invoices, contracts, or communications), you are the “data controller” (or equivalent term under applicable law), and Actuals acts as a “data processor” or service provider on your behalf. This means we will only process that data to provide the Services according to your instructions and our Terms of Service or data processing agreement. This Privacy Policy primarily addresses how we handle personal data when we act as a data controller (for example, information about our direct customers and website users). If you have questions about personal data that may be contained in your business data on our platform, you should direct those questions to the relevant business (the data controller).

Information We Collect

We collect business-related data in order to provide our Services. This includes:

No Collection of Sensitive Personal Data: We do not knowingly collect any sensitive personal information such as racial or ethnic origin, political opinions, health information, or financial account passwords. We ask that you do not include such data in the materials you upload to our Service. In the event we encounter sensitive data incidental to the permitted use of our Services, we will treat it securely and in accordance with this Policy, but we disclaim any liability for any sensitive personal data submitted in violation of this direction.

How We Use Your Information

We use the collected information for the following business purposes:

If we ever need to use your personal information for a new purpose that is not compatible with the original purposes above, we will obtain your consent or provide you with appropriate notice, as required by law.

Disclosure of Data to Third Parties

We do not sell your personal information to third parties. However, we do share certain data with trusted third-party service providers and partners in order to run our business and deliver the Services to you, as outlined below:

In all cases where we share your data with third parties, we only share the minimum necessary information and we take steps to ensure the third party will safeguard it. We never share your business financial records or personal contact details with advertisers or unrelated third parties for their own marketing.

Data Storage and International Transfers

Actuals is an Australian company, but we serve customers globally and use cloud infrastructure that may be located in multiple countries. As a result, the data we collect from you may be transferred to, stored, or processed in a country different from your own, including the United States, Australia, Singapore, or other locations where our service providers maintain facilities. We understand that different countries may have different data protection laws, so we take appropriate measures to ensure your personal data remains protected whenever it is transferred across borders.

If you are located in the European Economic Area (EEA) or the UK, and your personal data is transferred outside of Europe, we will only transfer such data where we have a legal basis and adequate safeguards in place. This means we will ensure the recipient country is recognized for an adequate level of data protection or we will use standard contractual clauses (SCCs) or equivalent data transfer agreements approved by regulators to protect your information. These SCCs contractually require the recipient to provide privacy and security protections equivalent to those in the EU/UK. Similarly, for transfers from Australia, Singapore, or New Zealand to other countries, we comply with local requirements (such as Australia’s Privacy Principle 8 and Singapore’s PDPA provisions on cross-border data sharing) by ensuring the overseas recipients uphold commitments to protect your data.

Data Storage and Retention: We store your data on secure servers (for example, in AWS or Google Cloud data centers) with robust backup and recovery systems. Your data is encrypted at rest and in transit for protection. We retain personal data only for as long as necessary to fulfill the purposes described in this Policy or as required by law. In practice, this means we will keep your account information and business records while you have an active subscription and for a reasonable period thereafter. For instance, even after you stop using Actuals, we might retain certain data for a few years to comply with accounting laws (which in some jurisdictions require retention of financial records for 5-7 years), or to have necessary records in case of disputes. When personal data is no longer needed, we will securely delete it or anonymize it. For data that we process on your behalf (where you are the controller), our data processing terms will govern deletion or return of data upon termination of services, subject to applicable law.

Security Measures

We take the security of your data very seriously. Actuals implements a range of administrative, technical, and physical security measures to safeguard your information from unauthorized access, disclosure, or alteration. Our security program includes:

While we strive to protect your data, it’s important to note that no method of transmission over the internet or electronic storage is 100% secure. We therefore cannot guarantee absolute security. However, we continuously work to update and improve our safeguards. You also play a role in security: please use a strong password, keep your login credentials confidential, enable 2FA, and notify us immediately if you suspect any unauthorized access to your account.

Your Rights and Choices

We respect your rights to control your personal information. Depending on the laws that apply to you (for example, the GDPR if you are in the EU/UK, or the Australian Privacy Act if you are in Australia), you may have some or all of the following rights regarding your personal data:

To exercise any of these rights, please contact us using the details in the Contact section below. We will respond to your request as soon as possible and within any timeframe required by law. Typically, we will respond within 30 days of receiving a valid request (or inform you if we need more time). Please note that for security, we may need to verify your identity (for example, by asking you to confirm some information or through your account login) before executing your request. If your request is particularly complex or you have made a number of requests, we may extend the response timeframe, but we will inform you of the reason and the extension. In some cases, we might refuse requests that are unreasonable or not required by law (for example, if fulfilling a request would violate another person’s privacy or if you repeatedly request data erasure that we are legally required to keep). However, we will always explain our reasoning if we decline your request.

Your Choices (Opt-Out): You have choices about certain uses of your data: for example, you can opt out of receiving marketing emails by clicking the “unsubscribe” link in any such email or by contacting us. Note that you will still receive transactional and account-related communications (we need to send those to operate the Service). You can also disable or refuse cookies via your browser settings if you don’t want us to collect website analytics data (though this may affect functionality). For integrated third-party services, you can disconnect the integration at any time from your account settings, which stops any ongoing data sharing with that third party.

We want to emphasize that you own your business data. If you decide to stop using Actuals, you can export your data from our platform at any time during your subscription. We also offer tools to help with data portability, and upon termination (or upon request) we will return or delete your data as described earlier.

Compliance with Global Privacy Laws

Actuals International Pty Ltd is based in Australia and we adhere to the Australian Privacy Principles (APPs) and the Privacy Act 1988 (Cth). We also recognize and comply with other data protection laws in the regions we serve, including (but not limited to) the EU and UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) (as amended by CPRA) for applicable US customers, Singapore’s Personal Data Protection Act (PDPA), and New Zealand’s Privacy Act 2020. This means:

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal obligations, or data handling practices. If we make a material change (for example, if we start collecting new types of personal data or use data in a significantly different way), we will provide you with advance notice and the opportunity to review the revised Policy before it takes effect. We may notify you of changes by email (sent to the address associated with your account) or by posting a prominent notice within our application or on our website. Minor updates (such as clarifications or typographical corrections) may be posted without a specific notice, but you can always see the “Last Updated” date at the top to track changes.

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information. If you continue to use the Services after a Privacy Policy update takes effect, it will constitute your acceptance of the changes. If you do not agree with a change, you should discontinue use of the Services and contact us regarding your data deletion or retrieval options.

Contact Us and Complaints

Your feedback and questions about privacy are important to us. If you have any questions, concerns, or requests regarding this Privacy Policy or how Actuals handles your data, please contact us using the details below:

Privacy Officer – Actuals International Pty Ltd Email: hello@actuals.com

We will address your inquiry or issue as promptly as possible. If you have a complaint about our privacy practices, please let us know and we will do our best to resolve it. We will investigate and respond to any privacy complaint within a reasonable timeframe and in accordance with applicable law. In general, we aim to respond to complaints within 30 days.

If you are not satisfied with our response, or you believe we are unlawfully processing your personal data, you have the right to escalate your complaint to the data protection authority or privacy regulator in your jurisdiction. For example, in Australia you can contact the Office of the Australian Information Commissioner (OAIC); in the UK, the Information Commissioner’s Office (ICO); in Singapore, the Personal Data Protection Commission (PDPC); in New Zealand, the Office of the Privacy Commissioner; and in the United States, your state Attorney General’s office or the Federal Trade Commission (for certain issues). We can provide the contact details for the appropriate regulator upon request.

Thank you for trusting Actuals with your business data. We value your privacy and will continue working hard to keep your information secure and confidential.