Pulsify — Privacy Policy

1. Who we are and what this policy covers

1.1 This policy applies to Pulsify Pty Ltd (ACN 693 476 167) ("Pulsify", "we", "us", "our") and to the Pulsify accounts payable platform at pulsify.tech and app.pulsify.tech (the "Service") and our website.

1.2 We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) ("Privacy Act") and the APPs. Where we handle personal information of individuals located outside Australia, additional laws may apply (see clause 13).

1.3 "Personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not.

2. The two capacities in which we handle personal information

2.1 Information we handle as a controller (collected directly). When you create an Account, contact us, subscribe to updates, or use our website, we decide how and why your personal information is handled. This policy governs that handling.

2.2 Information we handle on behalf of our customers (as a service provider). Our customers (and their advisers, such as bookkeepers and accountants) connect accounting systems and mailboxes to the Service and upload documents. Those connected sources and documents may contain personal information about third parties — for example, supplier contacts and the bank account details on invoices ("Customer Data"). We handle Customer Data on behalf of, and under the instructions of, the relevant customer, who is responsible for that information and for having the right to provide it to us. If you are a supplier or other third party whose information appears in Customer Data and you have a question about it, please contact the business that uses our Service; we will assist that business to respond.

3. The personal information we collect

3.1 Information you give us directly, including: your name, business name, email address, phone number, role, login credentials, billing and payment-method details (processed by our payment provider — see clause 6.3), and the contents of your communications with us.

3.2 Information in Customer Data you or your connected sources provide, which may include: supplier and contact names, email addresses, phone numbers, business identifiers (including ABNs), bank account and BSB numbers appearing on invoices and statements, invoice and transaction details, and the contents of emails in mailboxes you connect to the Service.

3.3 Information we collect automatically when you use the Service or website, including: device and browser information, IP address, log and usage data, and information collected through cookies and similar technologies (see clause 9).

3.4 We do not seek to collect "sensitive information" (as defined in the Privacy Act, such as health information). Please do not route special categories of sensitive information through the Service. Where sensitive information is incidentally contained in Customer Data, we handle it on the customer's behalf under clause 2.2.

4. How we collect personal information

4.1 We collect personal information: directly from you; from your authorised users; from systems and mailboxes you connect to the Service (for example, Xero, MYOB, and email providers); from documents processed through the Service; from public sources such as the Australian Business Register when validating an ABN; and automatically through your use of the Service and website.

4.2 Where it is reasonable and practicable, we collect personal information directly from the individual concerned. Because of the nature of the Service, much of the personal information in Customer Data is provided to us by our customers rather than by the individuals it concerns; clause 2.2 explains how that information is handled.

5. Why we use personal information

5.1 We use personal information to:

(a) provide, operate, maintain, secure, and support the Service, including reading, extracting, coding, validating, matching, and routing invoices and related documents;

(b) provide fraud-risk features, including comparing bank account details against records, checking ABNs against the Australian Business Register, and flagging duplicates and anomalies for review;

(c) create and manage Accounts and authenticate users;

(d) process Fees and manage billing;

(e) communicate with you about the Service, including service, security, and administrative messages, and (where permitted) marketing you can opt out of;

(f) improve, develop, and train the features and accuracy of the Service, subject to clause 8;

(g) comply with our legal obligations and enforce our agreements; and

(h) handle Customer Data as instructed by the relevant customer.

5.2 We will only use personal information for a purpose for which it was collected, a directly related secondary purpose you would reasonably expect, or another purpose you have consented to or that is permitted by law.

6. Automated processing and disclosure to third parties

6.1 Automated processing and machine learning. The Service uses automated processing, including machine learning, to read and extract data from documents, suggest general ledger codings, classify incoming emails, detect duplicates and anomalies, flag bank-detail changes, validate ABNs, and route items through approval workflows. These outputs are decision-support tools. They are presented to your authorised users for review, and approval and payment decisions are made by people in your business, not by Pulsify and not solely by automated means. We will provide further information about our automated processing on request and will update this policy to meet transparency requirements as they take effect under the Privacy Act.

6.2 Service providers and recipients. We disclose personal information to third parties who help us provide the Service, including: cloud hosting and infrastructure providers; providers of artificial intelligence and machine-learning processing; the accounting and email platforms you connect (for example, Xero, MYOB, and your email provider); analytics providers; our payment provider; and professional advisers. We require these providers to handle personal information consistently with this policy and the Privacy Act.

6.3 Payments. We use a third-party payment provider to process subscription Fees. Pulsify does not store full payment-card numbers. The provider handles that information under its own terms and security standards.

6.4 Other disclosures. We may disclose personal information where required or authorised by law, to enforce our terms, to protect our or others' rights and safety, or in connection with a sale or reorganisation of our business (in which case we will require the recipient to protect the information).

6.5 We do not sell personal information.

7. Sending information overseas

7.1 Some of our service providers (including cloud hosting and AI-processing providers) are located, or store data, outside Australia. This means personal information we handle may be disclosed to, or accessed from, recipients in countries including the United States.

7.2 Before disclosing personal information overseas, we take steps that are reasonable in the circumstances to ensure the overseas recipient handles it consistently with the APPs, including through contractual protections. Some countries may not have privacy laws equivalent to Australia's.

8. How we use data to improve the Service and AI features

8.1 We may use personal information and Customer Data to operate, secure, support, and improve the accuracy of the Service, including its automated features.

8.2 We may create and use de-identified and aggregated data derived from use of the Service for any business purpose, including improving our models and the Service, provided that data does not identify any individual, customer, or authorised user. We will not use identifiable Customer Data to train models that we make available to other customers without the relevant customer's consent.

9. Cookies and analytics

9.1 Our website and Service use cookies and similar technologies to keep you signed in, remember preferences, measure usage, and improve performance. Some are essential; others are optional.

9.2 You can control non-essential cookies through your browser settings or any cookie controls we provide. Disabling some cookies may affect how the website or Service works.

10. Security and retention

10.1 Security. We implement and maintain reasonable technical and organisational measures designed to protect personal information from misuse, interference, and loss, and from unauthorised access, modification, or disclosure. These include access controls, encryption in transit, and monitoring. No system is completely secure, and we cannot guarantee absolute security.

10.2 Retention. We keep personal information only for as long as needed for the purposes in this policy, to provide the Service, and to meet legal, accounting, and record-keeping obligations. When no longer needed, we take reasonable steps to destroy or de-identify it. On termination of a customer's subscription, we handle Customer Data as set out in our Terms of Service, after which we may delete it (subject to legal retention requirements and to de-identified or aggregated data under clause 8.2).

11. Accessing and correcting your information

11.1 You may ask us to access or correct the personal information we hold about you. We will respond within a reasonable time and in accordance with the APPs. We may need to verify your identity, and in limited cases permitted by law we may decline a request, in which case we will explain why.

11.2 If the personal information is contained in Customer Data we handle on behalf of a customer (clause 2.2), we will refer your request to, or assist, the relevant customer, who is best placed to action it.

11.3 There is usually no charge to make a request. If a request requires substantial effort, we may charge a reasonable fee and tell you in advance.

12. Data breaches

12.1 We maintain processes to identify, contain, and assess data breaches. Where a breach is likely to result in serious harm to affected individuals, we will comply with the Notifiable Data Breaches scheme under the Privacy Act, including notifying the Office of the Australian Information Commissioner (OAIC) and affected individuals where required. Where a breach affects Customer Data, we will notify and work with the relevant customer.

13. Individuals and customers outside Australia

13.1 The Service is used by customers in jurisdictions including Australia and New Zealand. If you are located outside Australia, your personal information may be handled in Australia and in the other countries described in clause 7. Additional privacy laws may apply to your information, and where they do, we will comply with them to the extent applicable.

14. Children

14.1 The Service is a business tool and is not directed to, or intended for use by, individuals under 18. We do not knowingly collect personal information from children.

15. Changes to this policy

15.1 We may update this policy from time to time. We will post the updated version with a new "last updated" date and, where changes are material, take reasonable steps to notify you (for example, by email or in-product). The version in force when you use the Service applies.

16. Contact us and complaints

16.1 If you have a question, request, or complaint about how we handle personal information, contact our Privacy Officer:

Privacy Officer, Pulsify Pty Ltd
Email: privacy@pulsify.tech

16.2 We will acknowledge your complaint, investigate, and respond within a reasonable time. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au, or to the relevant privacy regulator in your jurisdiction.