Privacy Policy

SAB Account AI is an Australian software-as-a-service business that provides invoicing, payroll, and financial record-keeping tools for small businesses. References to "we", "us", or "our" in this policy refer to SAB Account AI.

We collect the following categories of information:

• Account information: your name, email address, and password (stored as a hashed value).
• Business information: business name, ABN, and business address.
• Financial data you enter: invoices, client details, income/expense records, and payslip information (including employee names, salary, and tax details). This data belongs to you.
• Billing information: subscription plan and payment method details (handled by Stripe — we do not store card numbers).
• Usage data: log data, IP addresses, browser type, pages visited, and timestamps, collected automatically when you use the service.

• Directly from you when you create an account, enter business or financial data, or contact us.
• Automatically through cookies, server logs, and analytics tools as you use the service.
• From third-party services such as Supabase (authentication and database), Stripe (payments), and Resend (email delivery), which process data on our behalf.

We use your personal information to:

• Provide, operate, and improve the service.
• Process payments and manage your subscription.
• Send transactional emails (e.g. account confirmation, password reset, invoices, payslips you choose to email).
• Respond to your support enquiries.
• Comply with our legal obligations under Australian law.
• Detect and prevent fraud, security incidents, and abuse.

We do not sell your personal information or use it for advertising purposes.

We may share your personal information with:

• Sub-processors that help us operate the service, including Supabase (database/auth, servers in Australia and US), Stripe (payment processing), Resend (email delivery), and Anthropic (AI generation — only the content of your invoice prompts). Each is bound by confidentiality obligations and their own privacy policies.
• Legal authorities where required by Australian law, a court order, or to protect our legal rights.
• Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred, subject to the same privacy protections.

We do not disclose your information to any other third parties without your consent.

Your data is stored on servers operated by Supabase, which uses AWS infrastructure. Data may be stored in the United States in addition to Australia. We take reasonable technical and organisational measures to protect your personal information, including encryption in transit (TLS 1.2+) and at rest (AES-256).

Despite these measures, no system is completely secure. You are responsible for maintaining the security of your account credentials.

We retain your personal information for as long as your account is active or as needed to provide the service. If you close your account, we will delete or anonymise your personal information within 90 days, except where we are required to retain it by law (e.g. financial records required under the Corporations Act 2001 or tax law).

We use session cookies and local storage for authentication and preferences. We do not use advertising trackers or third-party analytics cookies. You may disable cookies in your browser, but this may affect the functionality of the service.

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or out-of-date information.
• Request deletion of your account and associated data (subject to legal retention requirements).
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have breached your privacy rights.

To exercise any of these rights, contact us at support@sabaccountai.com. We will respond within 30 days.

The service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice at least 14 days before the change takes effect. The current version is always available at this URL.

For privacy-related enquiries, corrections, or complaints, contact our privacy officer at:

SAB Account AI
Email: support@sabaccountai.com