Effective date: 15 June 2026

9.1 Roles

For personal information you upload, including Client Data, you are responsible as the controlling APP entity, and Ezyiah acts as a processor on your behalf and on your documented instructions.

9.2 Processing activities

Processing includes collecting, storing and processing Customer Data to provide the Services; generating Output; processing Bank Feed Data through Fiskil; maintaining AI Memory datasets; processing depreciation and asset data; and maintaining logs, analytics and security data.

9.3 Our obligations

We process Customer Data only to provide the Services and as instructed; apply appropriate technical and organisational measures, as described in the Terms of Service0; ensure personnel are bound by confidentiality; and assist you, so far as reasonable, with access, correction, security and breach-notification obligations

9.4 Sub-processors

We may engage sub-processors, including cloud hosting, Fiskil and AI infrastructure providers, under written terms imposing comparable data-protection and confidentiality obligations. We remain responsible for the processing they perform on our behalf.

9.5 Cross-border transfers

Customer Data may be processed outside Australia, including by infrastructure providers such as Fiskil and our cloud and AI providers, with appropriate safeguards consistent with the APPs.

9.6 Breach assistance

We will notify you without undue delay after becoming aware of a data breach affecting your Customer Data and will assist you with your obligations, as described in the Incident Response and Breach Notification Policy.

9.7 Return and deletion

On termination, we handle Customer Data as set out in the Record Retention and Deletion Policy.

9.8 Compliance

We comply with the APPs and will assist you, so far as reasonable, to meet your obligations under applicable privacy laws.