Privacy Policy
Effective 1 July 2025 Β· Last updated 29 April 2026 Β· Version 1.0
π Zero AI Training β Architectural Guarantee
Your Xero transaction data, financial figures, and emission calculations are never used to train, fine-tune, or improve any AI or machine learning model β by EcoLink or any third party. Our carbon accounting engine is 100% deterministic rule-based code, with no connection to any LLM or AI API.
1. Introduction
EcoLink Australia Pty Ltd (βEcoLinkβ) is committed to protecting your privacy. This policy complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
2. Xero Data (Read-Only)
| Xero Scope | Data | Purpose |
|---|---|---|
| accounting.banktransactions.read | Bank transactions | Carbon classification |
| accounting.invoices.read | Invoices and bills | Supplier identification |
| accounting.contacts.read | Supplier names | Merchant routing |
| accounting.settings.read | Chart of accounts | Account name resolution |
3. What We Do NOT Do
- βUse your data to train, fine-tune, or evaluate any AI or ML model
- βSell, rent, or broker your data to any third party
- βUse your financial data for advertising or profiling
- βShare transaction data with other EcoLink customers
- βStore Xero OAuth tokens in plain text (AES-256-GCM encrypted)
4. Security
Encryption in transit
TLS 1.3
OAuth tokens
AES-256-GCM at rest
Storage bucket
Private β signed URLs (5 min TTL)
Database
Row-Level Security on all tables
Reports retention
7 years (ASIC obligations)
Xero tokens on disconnect
Deleted immediately
5. Your Rights (APPs)
Under the Privacy Act 1988, you may access, correct, or request deletion of your personal information. Contact: privacy@ecolink.com.au. For unresolved complaints: Office of the Australian Information Commissioner (OAIC).