Privacy Policy

1. Who We Are

StatementZen Pty Ltd (“StatementZen”, “we”, “us”) operates the vendor statement reconciliation platform at statementzen.com. We are an Australian company subject to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APP). Where we process data of EU/EEA residents, we also comply with the General Data Protection Regulation (GDPR).

2. Data We Collect

Account information

Name, email address, company name, and billing details when you create an account or subscribe.

Financial documents

Vendor statements you upload and invoice data synced from Xero, QuickBooks, or Vista by Viewpoint for the purpose of reconciliation.

Usage data

We use Plausible Analytics, a privacy-focused, cookie-free analytics tool. No personal identifiers, fingerprints, or cookies are stored. All analytics data is aggregated.

Support communications

Messages you send us via email or the in-app support channel.

3. How We Use Your Data

• To provide and improve the reconciliation service
• To process payments via Stripe
• To sync with your accounting software (Xero, QuickBooks, and/or Vista)
• To send transactional emails (receipts, security alerts)
• To respond to support requests
• To detect and prevent fraud or abuse

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. AI Transparency

StatementZen uses artificial intelligence to match vendor statement line items to your accounting records. AI processing is performed server-side using third-party language models. Your financial documents are sent to these models solely for reconciliation and are not used to train any AI system. We comply with Australia’s forthcoming AI transparency obligations (effective December 2026).

5. Third-Party Data Sharing

We share data only with the following categories of processors:

• Stripe — payment processing (PCI DSS Level 1 compliant)
• Xero / QuickBooks / Vista — accounting data sync (only data you authorise via OAuth)
• AWS (Sydney ap-southeast-2) — hosting and data storage
• AI model providers — reconciliation processing only (no training)

We require all processors to maintain equivalent privacy and security standards.

6. Data Residency & Encryption

All customer data is stored in AWS Sydney (ap-southeast-2), within Australia. Data is encrypted in transit with TLS 1.3 and at rest with AES-256. Database backups are encrypted and stored within the same region.

7. Cookie-Free Analytics

StatementZen does not use cookies for analytics or tracking. We use Plausible Analytics, which is compliant with GDPR, PECR, and CCPA without requiring a cookie banner.

8. Data Retention

• Active accounts: data retained while your subscription is active
• Cancelled accounts: data deleted within 90 days of cancellation, unless legally required to retain
• Uploaded documents: processed documents are automatically purged after 30 days unless you choose to retain them
• Backups: encrypted backups are retained for 30 days and then destroyed

9. Your Rights Under the Australian Privacy Principles (APP)

If you are in Australia, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs

10. Your Rights Under GDPR

If you are in the EU/EEA, you have additional rights including:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure / right to be forgotten (Art. 17)
• Right to restrict processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object to processing (Art. 21)

To exercise any of these rights, contact us at privacy@statementzen.com. We will respond within 30 days.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be notified via email at least 30 days before they take effect. The “last updated” date at the top reflects the most recent revision.

12. Contact

For privacy-related enquiries, contact us at privacy@statementzen.com.