How we collect, use, store and disclose personal information - and the steps we take to protect it
Digit Books Pty Ltd (ABN 62 163 656 942), trading as Digit Business, is committed to protecting your personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and the Privacy (Tax File Number) Rule 2015
What personal information we collect
The types of personal information we collect and hold include names and contact details, dates of birth, tax file numbers, bank account and superannuation details, payroll records including leave balances and pay rates, business financial records, ABNs and business registration details, identity verification data where we are required to confirm who you are, and information provided through our website including IP addresses and cookies
How we collect personal information
We collect personal information directly from you, from your authorised representatives, through cloud accounting and payroll software (including Xero, and other integrated applications), through our website, and from the ATO and other government agencies where authorised
Why we collect personal information
We collect personal information for the purpose of providing bookkeeping, payroll, BAS, and advisory services, meeting our obligations under taxation, superannuation, and payroll legislation, communicating with you about your accounts and our services, improving our services, and complying with our legal and professional obligations
Direct marketing
We may send you news or updates from time to time. You can opt out at any time by following the unsubscribe link in any email
How we protect your information
Your information is stored on systems hosted in Australia. We take reasonable steps - including both technical and organisational measures - to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure
Sensitive information is encrypted at rest, with all data in transit secured using current industry-standard protocols
Access to systems, client files, and data follows the Principle of Least Privilege, with each team member granted only the access required for their role through role-based permissions. Access is managed centrally and gated by single sign-on with multi-factor authentication. Where you grant us access to your other systems, such as accounting platforms, banking, or third-party portals, we store those credentials in an enterprise password manager domiciled in Australia, with enforced password complexity and multi-factor authentication. Access permissions are reviewed when team members change roles or leave Digit, and because every system is behind single sign-on, access is removed immediately on departure
Tax file number information
We handle TFNs in accordance with the Privacy (Tax File Number) Rule 2015. TFNs are collected solely for lawful purposes relating to payroll and taxation, access is restricted to authorised personnel, and TFNs are not disclosed except as required by law
Service providers
We use a range of service providers to deliver our services. Data shared with each provider is limited to what its named function requires
| Category | Purpose | Data location |
|---|---|---|
| Hosting and database infrastructure | Application and database hosting | Australia |
| Backup and disaster recovery | Multiple daily backups of application data | Australia |
| Xero | Accounting, payroll, invoicing, practice management, and billing | Australia |
| Microsoft | Email, calendar, Teams, single sign-on | Primarily Australia |
| SuiteFiles | Document management, workpapers, version control | Australia |
| Keeper Security | Secure storage of credentials to client systems where access has been granted | Australia |
| Telecommunications | SMS, voice, WhatsApp | Australia, with regional routing |
| Payment processing | Direct debit and card processing | Australia |
| Identity verification | Confirming the identity of clients and authorised representatives | Australia and overseas, depending on the provider in use |
| Anthropic | AI-assisted summarisation and drafting | United States |
We do not share your information with marketing, advertising, or analytics platforms, and we do not sell personal information
We may also disclose your information to the ATO and other government agencies as required by law, to your nominated accountant or tax agent where you have authorised us to do so, and as otherwise required or authorised by law
Cross-border transfers
Some of our service providers process data outside Australia. The most significant overseas processing is by Anthropic in the United States for AI-assisted tasks, and by our identity verification provider where it operates outside Australia. Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles it consistently with the Australian Privacy Principles, including through provider terms and contractual protections. The data sent to each overseas provider is limited to what its named function requires
Some of our team members are based in the Philippines. Your personal information is stored in Australia and accessed by our Philippines-based team using secure, authenticated sessions under the supervision of our Australian management. We take reasonable steps to ensure our offshore team members handle personal information in accordance with the Australian Privacy Principles, including through training, confidentiality agreements, access controls, and direct oversight. Our broader employment and supplier practices, including living wage commitments and modern slavery risk management, are set out in our Community and Social Responsibility and Modern Slavery policies
Use of artificial intelligence
We use AI tools, including Anthropic's Claude, to assist with tasks such as summarising notes, drafting communications, and analysing trends. Access to AI services is managed centrally and limited to paid plans under which Anthropic does not use data to train AI models. We apply technical guardrails that limit the personal information sent to AI services, supported by internal policies on the responsible use of AI by our team
Disclosure to third parties
We may disclose your personal information to the ATO and other government agencies as required by law, your nominated accountant or tax agent where authorised by you, software providers whose platforms we use to deliver our services (such as Xero), and as otherwise required or authorised by law
Data retention and destruction
We retain client records for at least 5 years from the end of the engagement, in line with our obligations under the Tax Agent Services Act 2009 and the ATO's record-keeping requirements. We retain other personal information only for as long as it is needed for the purposes for which it was collected, or as required by law. When personal information is no longer needed, we take reasonable steps to destroy or de-identify it
Notifiable data breaches
In the event of a suspected eligible data breach, we will take reasonable steps to contain the breach and assess whether it is likely to result in serious harm. We will complete this assessment within 30 days of becoming aware of the suspected breach. Where the breach is confirmed as eligible, we will notify affected individuals and the Office of the Australian Information Commissioner as soon as practicable, in accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988
Access and correction
You can request access to, or correction of, personal information we hold about you by contacting us at hello@digit.business or 1300 344 480. We will respond within a reasonable period. If we refuse access or correction, we will provide written reasons and information about how to make a complaint
Privacy complaints
If you believe we have breached the Australian Privacy Principles, you can lodge a complaint by contacting us at hello@digit.business or 1300 344 480. We will acknowledge your complaint and investigate it within a reasonable timeframe. If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au
For complaints about the quality of our services rather than privacy, see our Complaints and Feedback page
Cookies and website usage
Our website uses cookies and web server logs to collect information about how the site is used, including pages viewed, time spent, and IP addresses. You can manage cookie preferences through your browser settings
Changes to this policy
We may update this policy from time to time. The current version will always be available at digit.business/legal/privacy
Digit Business
Level 1, 9 The Esplanade
Perth WA 6000
Phone 1300 344 480
hello@digit.business