1. Introduction

MyRepsoft Ltd (“MyRepsoft”, “we”, “us”, or “our”) provides the Cefero Platform, a software platform used for financial document processing and related workflow automation, including integrations with third-party accounting platforms such as Xero and QuickBooks.
This Privacy Policy explains how we collect, access, use, store, disclose, and otherwise process personal information and other data in connection with our website, the Cefero Platform, customer accounts, support interactions, and connected third-party integrations.
MyRepsoft is based in New Zealand and seeks to handle personal information in a manner consistent with the Privacy Act 2020 (New Zealand). By using our website or the Cefero Platform, or by authorising an integration between the Cefero Platform and a third-party platform such as Xero or QuickBooks, you acknowledge that your information may be handled as described in this Privacy Policy.

2. Scope of this Privacy Policy

This Privacy Policy applies to visitors to our website; customers, prospective customers, and account administrators; authorised users of the Cefero Platform; individuals whose information is included in documents, accounting records, or transaction data processed through the platform; and information obtained through integrations with third-party services, including Xero and QuickBooks.
This Privacy Policy does not replace the privacy policies, terms, or data handling practices of Xero, Intuit, QuickBooks, or any other third-party service. Those providers maintain their own terms, privacy notices, security controls, and platform requirements, which continue to apply to your use of their services and to data handled by them.

3. What information we collect

Depending on how you interact with us and the services you use, we may collect the following categories of information:

• information you provide directly, such as your name, business name, email address, phone number,
  account details, support communications, and files or documents submitted to the platform;
• technical and usage information, such as IP address, browser type, device information, login activity,
  approximate location derived from IP address, and platform usage diagnostics;
• information obtained through third-party integrations, including organisation profile data, contacts,
  invoices, bills, payments, transaction metadata, accounting classifications, documents, attachment
  references, tenant identifiers, and integration status information, depending on the permissions
  granted and functionality used.

4. Data accessed from Xero and QuickBooks integrations

When a customer elects to connect Xero or QuickBooks to the Cefero Platform, the integration may
permit the platform to retrieve, receive, transmit, update, or process accounting-related data and
associated documents for the purposes of the services requested by the customer.
For example, the platform may use connected data to import accounting records or metadata; match,
classify, extract, validate, or organise finance-related documents; synchronise relevant records between
the Cefero Platform and the connected accounting platform; support workflow automation, review, audit
trail, and exception handling; and generate outputs, summaries, or operational insights within the
platform.
Third-party platform data remains subject to the permissions granted by the relevant user and to the
terms, privacy notices, and technical rules of the relevant third-party platform.

5. How user authorisation works

Access to Xero and QuickBooks data is typically enabled only after an authorised user chooses to
connect the relevant third-party account and grants permissions through that third party’s authentication
or authorisation flow.
By connecting an integration, you represent that you are authorised to connect the relevant account,
grant the requested permissions, and permit the required data sharing and processing. You may be
able to disconnect or modify integration permissions through the Cefero Platform, the relevant
third-party account settings, or both.

6. How we use information

We may use personal information and other data to provide, operate, maintain, support, and improve
our website and the Cefero Platform; authenticate users and administer accounts; process
finance-related documents and data; enable and maintain integrations with Xero, QuickBooks, and
other third-party services; provide customer support; communicate service updates and security alerts;
monitor performance and diagnose technical issues; detect and respond to fraud or misuse; comply with
legal and regulatory obligations; and develop aggregated, de-identified, or statistical insights where
lawful and appropriate.

7. Data sharing and third parties

We do not sell personal information.
We may disclose information to service providers and infrastructure vendors that help us host, secure,
support, maintain, analyse, or operate the platform; integration partners and third-party platforms where
needed to enable requested functionality; professional advisers; payment processors or billing providers
where relevant; regulators, courts, law enforcement, or government bodies where required or permitted
by law; and successors or counterparties in connection with a proposed or completed corporate
transaction, subject to appropriate confidentiality measures.

8. Data storage and security

We use reasonable technical, administrative, and organisational safeguards designed to protect
information against unauthorised access, loss, misuse, alteration, or disclosure. These measures may
include access controls, authentication controls, role-based permissions, logging, encryption in transit,
secure hosting practices, monitoring, and vendor risk controls.
No method of transmission over the internet and no electronic storage system is completely secure. For
that reason, we cannot guarantee absolute security.

9. Data retention

We retain information for as long as reasonably necessary for the purposes described in this Privacy
Policy, including to provide the services, maintain customer accounts, support audit trails and
operational records, resolve disputes, enforce our agreements, comply with legal, tax, accounting,
regulatory, or reporting obligations, and detect or prevent fraud, misuse, and security incidents.
When information is no longer required, we will take reasonable steps to delete it, anonymise it, or
securely de-identify it, unless continued retention is required or permitted by law.

10. Cross-border processing

The Cefero Platform may use hosting, support, infrastructure, analytics, or subcontracted service
providers located in New Zealand or other countries. As a result, personal information may be stored or
processed outside New Zealand.
Where we transfer personal information across borders, we will seek to do so using reasonable
safeguards appropriate to the nature of the information and the processing involved.

11. Cookies and analytics

Our website and platform may use cookies and similar technologies for purposes such as keeping users
signed in, remembering preferences, measuring performance, understanding usage patterns, improving
functionality, and supporting security and fraud prevention.
You can usually control cookies through your browser settings, although disabling cookies may affect
website or platform functionality.

12. User rights

Subject to applicable law, individuals may have rights to request access to personal information we hold
about them, request correction of personal information that is inaccurate, request information about how
their personal information has been used or disclosed where applicable, and make a complaint about
our handling of personal information.
Where we process information on behalf of a customer, we may direct the request to that customer
where appropriate. To exercise your rights, please contact us using the details below.

13. Third-party platforms

The Cefero Platform may integrate with, connect to, or interact with third-party products and services,
including Xero and QuickBooks. Those services are governed by their own terms, developer
requirements, privacy notices, and security rules. You should review the applicable third-party terms
and privacy documentation before connecting your accounts or using related functionality.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal
requirements, business practices, or integrations. When we do, we will update the Last updated date
above. Material changes may also be communicated through the website, the platform, or other
appropriate channels.

15. Contact information

If you have questions, requests, or complaints about this Privacy Policy or our privacy practices, please
contact MyRepsoft Ltd at support@myrepsoft.com.

Email: Company: <Support Email>
Country of Operation: <Country>
Last Updated: <Date>