DataCartel

Privacy Policy

Last updated: 9 January 2026

1. Introduction

DataCartel Pty Ltd (ABN 57993737954) ("DataCartel", "we", "us", or "our") is committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website, applications, and services (collectively, the "Services").

By subscribing to any of our Services, you consent to the collection, use, and handling of your personal information as described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

We collect personal information that you voluntarily provide when using our Services, including:

  • Account information (name, email address, password, phone number)
  • Business information (company name, ABN, business address)
  • Payment and billing information (processed securely through Stripe)
  • Reports you choose to save within the platform (deleted permanently when you remove them)
  • Communications (emails, support requests, feedback)
  • Any other information you choose to provide

2.2 Information Collected Automatically

When you access our Services, we automatically collect certain information, including:

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, features used, time spent, actions taken)
  • Log data (access times, error logs, referral URLs)
  • Cookies and similar tracking technologies
  • Location information (derived from IP address)

2.3 Information from Third Parties

We may receive information from third parties, including:

  • Payment processors (Stripe) for billing purposes
  • Team members who invite you to their organization
  • Analytics and monitoring services

2.4 MYOB Integration and Financial Data

When you connect your MYOB account, we store only the OAuth authentication token required to access your data. Financial data retrieved from MYOB (such as transactions, accounts, and balances) is processed in real-time during your active session and is not permanently stored on our servers. When you log out or your session ends, this data is automatically destroyed. We do not retain copies of your MYOB financial data beyond your active session unless you explicitly choose to save a report, which you can delete at any time.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Provide Services: To operate, maintain, and deliver our financial reporting, GST comparison, AI CFO, and other features
  • Account Management: To create and manage your account, process subscriptions, and handle billing
  • Communication: To send service updates, security alerts, support messages, and marketing communications (with your consent)
  • Improvement: To analyze usage patterns, improve our Services, and develop new features
  • AI Services: To provide AI-powered insights and recommendations based on your financial data
  • Security: To detect, prevent, and respond to fraud, abuse, or security incidents
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Business Operations: For internal business purposes including auditing, data analysis, and troubleshooting

4. Disclosure of Information

We do not sell, rent, or provide your personal information to third parties for their marketing or other purposes. Your data remains under our control and is only disclosed in the following limited circumstances:

  • Team Members: With other users in your organization or team, as permitted by your access settings
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Legal Requirements: When required by law, court order, or government request
  • Protection of Rights: To protect our rights, property, safety, or the rights of others
  • With Consent: When you have given us explicit consent to share your information

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • 256-bit SSL/TLS encryption for data in transit
  • Encrypted storage for sensitive data at rest
  • Two-factor authentication (2FA) options for account security
  • Regular security assessments and monitoring
  • Access controls limiting employee access to personal information
  • Regular data backups with secure storage
  • Secure Australian-based hosting infrastructure

While we take reasonable steps to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. When you close your account, we will delete or anonymize your personal information within a reasonable timeframe, unless we are required to retain it for legal, regulatory, or legitimate business purposes.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Enable core functionality (authentication, session management)
  • Analytics Cookies: Understand how you use our Services
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our Services.

8. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Opt-out: Unsubscribe from marketing communications at any time
  • Complaint: Lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, please contact us using the details provided below. We will respond to your request within 30 days.

9. International Data Transfers

Your personal information may be transferred to and processed in countries other than Australia, including where our service providers are located. When we transfer data internationally, we take reasonable steps to ensure your information receives adequate protection consistent with Australian privacy laws. This may include contractual safeguards and ensuring recipients comply with comparable privacy standards.

10. Third-Party Services

Our Services integrate with third-party services including:

  • MYOB: For accounting data synchronization
  • Stripe: For payment processing
  • AI Services: For providing AI-powered financial insights

These services have their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of third-party services.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our Services after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us:

DataCartel Pty Ltd

ABN: 57993737954

Email: info@datacartel.ai

If you are not satisfied with our response to your complaint, you may contact the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner

Website: www.oaic.gov.au

Phone: 1300 363 992