Data Management Policy

1. Scope

This policy describes how ManageYourTax classifies, stores, retains, accesses and disposes of customer data. It applies to all data we collect, generate or process in connection with our service — including Consumer Data Right (CDR) banking data — and complements our Privacy Policy, CDR Policy and Security Policy.

2. Data classification

We classify data into four tiers:

• CDR data — banking data received under a Consumer Data Right consent. Highest sensitivity. Handled in accordance with our CDR Policy and the CDR Rules
• Personal information — identifying details about individuals (name, email, contact details, TFN fragments shown for STP). Handled under the Australian Privacy Principles
• Business records — accounting data including invoices, expenses, payroll, tax records, journal entries, attached receipts
• Operational data — anonymised usage analytics and application logs used to operate the service

3. Storage and residency

• All customer data is stored in the Sydney region (australia-southeast1) on Google Cloud Platform
• CDR data, personal information, business records, and uploaded receipts and attachments never leave Australia
• Encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Tenant-level isolation enforced by Firestore Security Rules and server-side ownership checks

4. Access control

• Customers access only their own business data via authenticated sessions; the same security rules govern every read and write
• Within a business, role-based access (owner / member / accountant) determines which data fields and actions are available
• Production administrative access is restricted to a small number of named administrators with 2FA-protected Google accounts; access is logged
• Engineering staff do not have direct access to production customer data in day-to-day work; access is limited to incident response and customer-support scenarios with an audit trail

5. Retention

Default retention periods:

• CDR data — retained for the lifetime of the consent. On consent withdrawal or account closure, data is de-identified or deleted within a reasonable timeframe, except where retention is required for tax, audit or legal reasons
• Business records — retained for the lifetime of the account and for at least 5 years after closure to meet Australian Taxation Office record-keeping obligations, where the customer requests retention or has not requested deletion
• Personal information — retained while the account is active; on deletion request, removed within 30 days subject to legal retention obligations
• Operational logs — retained for 30 days, then deleted or aggregated into anonymised metrics

6. Deletion

• Customers may delete a business at any time from Settings. Deletion is permanent and removes all associated subcollections (invoices, expenses, payroll, BAS returns, STP events, CDR data, attachments and audit trails)
• Account closure triggers deletion of personal information, subject to legal retention obligations
• Where CDR data must be retained for a legal reason, access to that data is restricted to the minimum personnel necessary
• Deleted data is not recoverable. Customers wishing to retain a copy must export before deletion

7. Data portability

Customers can export their business data on demand via the Settings page. PDF and CSV exports are available for invoices, BAS returns, payslips, financial statements and CDR-derived reports. A full data-export tool covering all business records is available on request.

8. Data quality and correction

Customers are responsible for the accuracy of business records they create. We provide in-product tools for correction (transaction edit / void with audit trail, invoice amendment, BAS amendment workflow). For CDR data, customers can request correction via the contact details in section 11; corrections are actioned in cooperation with Wych as our CDR Principal.

9. Third-party processors

We use a limited number of trusted service providers. The complete list and the data each receives is set out in our Security Policy. We do not sell customer data or transfer it to any party outside the scope described in those policies.

10. Data breach response

Suspected data breaches are triaged immediately on discovery. Confirmed eligible data breaches are notified to the OAIC under the Notifiable Data Breaches scheme within the statutory timeframe, and to affected users without undue delay. CDR data breaches are additionally notified to Wych, the ACCC and the OAIC as required by the CDR Rules.

11. Contact