LEGAL

Privacy Policy

Process AI Pty Ltd — ABN: 70 678 449 271

Last Updated: 11 March 2026

1. Introduction

Process AI Pty Ltd (“we”, “us”, “our”) operates the Process AI platform, an AI-powered accounts payable automation service. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using the Process AI platform (“Service”), you consent to the collection and use of your information as described in this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (securely managed via AWS Cognito)
  • Organisation name and details
  • Role within your organisation (e.g., Admin, Approver, User)

2.2 Invoice and Financial Data

When you use the Service, we collect and process:

  • Invoice documents (PDFs and images) that you upload
  • Extracted invoice data, including supplier details, amounts, dates, invoice numbers, and payment terms
  • Line item details, including AI-generated predictions for categories and account codes
  • Approval history and workflow records
  • Xero account mapping data (chart of accounts, tracking categories, contacts)

2.3 Usage Data

We automatically collect:

  • Log data (timestamps, API requests, actions performed)
  • Feature usage patterns
  • Error and performance data

2.4 Device and Technical Data

We may collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Referring URLs

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service — process invoices, run approval workflows, and sync with Xero
  • AI Processing — extract data from documents, categorise transactions, predict line items, and detect duplicates or anomalies
  • Account Management — authenticate users, manage roles and permissions, and maintain account security
  • Improve the Service — analyse usage patterns to improve performance, reliability, and features
  • Communication — send service-related notifications, approval requests, and support responses
  • Security — detect and prevent fraud, unauthorised access, and other security threats
  • Legal Compliance — meet our obligations under applicable laws and regulations

4. AI and Automated Processing

4.1 How We Use AI

The Service uses artificial intelligence (powered by Anthropic's Claude via the Claude API) to:

  • Perform OCR and extract structured data from uploaded invoices and documents
  • Categorise transactions and predict account codes and tracking categories
  • Detect potential duplicate invoices and flag suspicious activity
  • Generate confidence scores for extracted data

4.2 Human Oversight

AI-generated outputs are presented as suggestions for your review. You maintain full control over whether to accept, modify, or reject AI predictions before they are finalised or synced to your accounting system.

4.3 No Training on Your Data

We do not use your documents, financial data, or any personal information to train AI models. Your data is processed solely to deliver the Service to you.

5. Third-Party Service Providers

We use the following third-party services to operate the Service:

5.1 Amazon Web Services (AWS)

  • AWS Cognito — user authentication and account management
  • Anthropic Claude API — AI-powered document processing and data extraction
  • AWS S3 — secure storage of uploaded documents and files
  • AWS Infrastructure — hosting, compute, and database services

5.2 Xero

When you connect your Xero account, we access your Xero data (chart of accounts, contacts, tracking categories) to enable invoice synchronisation. We store Xero authentication tokens securely to maintain the connection.

5.3 Email Services

We use email service providers to send transactional emails, including approval notifications and account communications.

All third-party service providers are contractually required to protect your data and use it only for the purposes of providing their services to us.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers — with the third-party providers described in Section 5, solely to operate the Service
  • Within Your Organisation — with other users in your organisation as required by your configured approval workflows and role-based access controls
  • Legal Requirements — when required by law, regulation, legal process, or enforceable government request
  • Protection of Rights — to protect the rights, property, or safety of Process AI, our users, or the public
  • Business Transfers — in connection with a merger, acquisition, or sale of assets, in which case your data would remain subject to this Privacy Policy
  • With Your Consent — in any other circumstances where you have given explicit consent

7. Data Storage and Security

7.1 Storage

Your data is stored on secure servers provided by Amazon Web Services. Data may be stored in AWS regions outside of Australia (see Section 11).

7.2 Security Measures

We implement appropriate technical and organisational measures to protect your data, including:

  • JWT-based authentication and API key management
  • CSRF protection
  • Role-based access control limiting data access to authorised users
  • Encryption of data in transit and at rest
  • Secure storage of third-party authentication tokens

7.3 Security Limitations

While we take reasonable steps to protect your data, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account Data — retained while your account is active and for a reasonable period after termination to allow for account reactivation or legal compliance
  • Invoice and Financial Data — retained while your account is active; upon account termination, data will be deleted in accordance with our retention schedule
  • Usage and Log Data — retained for a reasonable period for security, analytics, and compliance purposes

You may request deletion of your data by contacting us at support@process-ai.com.au. We will comply with deletion requests subject to any legal obligations to retain certain data.

9. Your Rights

Under the Australian Privacy Act 1988, you have the right to:

  • Access — request access to the personal information we hold about you
  • Correction — request correction of any inaccurate or incomplete personal information
  • Complaint — lodge a complaint if you believe we have breached the Australian Privacy Principles

To exercise any of these rights, contact us at support@process-ai.com.au. We will respond to your request within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

10. Cookies and Tracking Technologies

The Service may use cookies and similar technologies to:

  • Maintain your authenticated session
  • Remember your preferences and settings
  • Analyse usage patterns to improve the Service

You can manage cookie preferences through your browser settings. Disabling cookies may affect the functionality of the Service.

11. International Data Transfers

Your data may be transferred to and processed in countries outside of Australia, particularly where our third-party service providers (such as AWS) operate infrastructure. Where data is transferred internationally, we take reasonable steps to ensure it is protected in accordance with the Australian Privacy Principles.

12. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website or by email. Your continued use of the Service after the changes take effect constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: