Privacy Policy
Last Updated: July 2026
WYHEN Pty Ltd (ABN 57 688 078 999) trading as SyncMate ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, store, disclose, and safeguard your personal and financial information when you interact with the SyncMate application (the "Platform" or "App").
This policy is compliant with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Types of Information We Collect
To provide automated accounting and expense synchronization workflows, we collect the following categories of information:
- Account Credentials: Name, business name, corporate email address, phone number, billing details, and encrypted login identifiers.
- Source Financial Documentation: Uploaded financial records, including invoices, corporate receipts, purchase orders, statements, supplier information, and line-item tax details.
- System Integration Metadata: Synchronized metadata from your integrated third-party accounting ecosystem (e.g., Xero Chart of Accounts, tracking categories, and tax rates).
2. How We Collect Your Data
- Direct User Input: Information explicitly provided by you when creating an account, adjusting settings, configuring user seats, or uploading image/PDF receipts.
- API Ingestion: Data securely pulled from connected accounting platforms (such as Xero) via OAuth 2.0 protocols.
3. Purpose of Data Processing
We process and use your information for the following primary operational and product development tasks:
- To execute core software functionalities (AI-driven OCR text extraction, automated category matching, and data pushing to Xero).
- To manage active subscriptions, track extraction usage ceilings, process billing, and offer technical support.
- To monitor system health, audit security logs, and prevent fraudulent activity within the platform infrastructure.
- To improve, refine, and optimize our proprietary automation technologies, Optical Character Recognition (OCR) systems, and machine learning models. For this product optimization purpose, we only utilize strictly anonymized, aggregated, and de-identified transaction data from which all personally identifiable information, business names, and sensitive financial identifiers have been permanently removed.
4. Third-Party Data Disclosures, Subprocessors, and Payment Processing
We do not sell, rent, or trade your personal or financial data to third-party marketers. To deliver a fully automated SaaS experience, your data is securely shared with and processed by the following essential infrastructure partners:
- Paddle: Our order process is conducted by our online reseller and Merchant of Record, Paddle.com Market Ltd ("Paddle"). Paddle handles all payment processing, merchant invoicing, subscription billing management, and customer service inquiries related to transactions. Your payment details (such as credit card numbers or banking information) are collected directly by Paddle and are subject to Paddle's own Privacy Policy and checkout terms. Personal data necessary to manage your active subscription status is shared between Paddle and SyncMate securely.
- AI/OCR Subprocessors: Secure, enterprise-grade machine learning endpoints used solely to translate uploaded physical receipt images into structured digital text data. The usage, storage, and retention of your data by these sub-processors are strictly governed by and subject to the respective terms of service and privacy policies of our AI service providers (such as OpenAI's developer API data privacy terms, which specify that API-submitted data is not utilized to train public models unless explicitly detailed in their policies).
- Cloud Hosting Providers (Supabase / AWS / Vercel): All database stores and hosting architectures are deployed within secure, enterprise-grade cloud servers located physically within Australian data centers to ensure minimal latency and strict compliance with local data sovereignty principles.
5. Data Retention & Deletion Rights
5.1 Right to Erasure: You may request the absolute erasure of your stored historical invoices and user profile from our servers at any time by contacting support. This is subject to any overarching anti-money laundering (AML) laws or financial statutory record-keeping regulations that may compel a temporary preservation period.
6. Data Security
We implement industry-standard cryptographic practices to protect your records. All data transmitted between your device, SyncMate, and Xero is encrypted using Transport Layer Security (TLS) in transit and Advanced Encryption Standard (AES-256) at rest.
7. Contact Us
If you have any questions regarding this Privacy Policy, or if you wish to lodge a query regarding how your financial information is managed under WYHEN Pty Ltd's trading structure, please contact us at contact@wyhen.com.au
WYHEN Pty Ltd