Effective date: 15 June 2026
This policy forms part of the Terms and the Privacy Policy and governs the collection, storage, retention, deletion and handling of records and personal information, consistent with applicable Australian laws, including the Privacy Act 1988 (Cth) and the APPs; the Corporations Act 2001 (Cth); the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) where applicable; the Electronic Transactions Act 1999 (Cth); and applicable taxation and record-keeping obligations administered by the Australian Taxation Office.
12.1 Retention of records
We may collect, retain, store, process, archive and back up records for purposes including: providing and maintaining the Services; taxation and accounting compliance; identity verification and fraud prevention; audit and compliance; dispute resolution and enforcement of legal rights; cybersecurity, monitoring and incident response; backup, disaster recovery and business continuity; and compliance with applicable laws, court orders, subpoenas or regulatory requests. Records may include, without limitation: uploaded documents and financial records; tax files and supporting evidence; AI-generated Output; user communications and support correspondence; login records, IP addresses, timestamps and system activity logs; billing and subscription records; encrypted backups and archived datasets; and, in Version 2.0, Bank Feed Data accessed through Fiskil, AI Memory data (your approved categorisation and reconciliation behaviour), and depreciation schedules and fixed asset registers.
12.2 AI Memory data
AI Memory is optional, stores adjustments you approve, improves categorisation over time, and can operate at client or firm-wide level. AI Memory data is stored in Ezyiah's database and is held within your account. You can configure or disable AI Memory and request deletion of AI Memory data, subject to legal retention obligations.
12.3 Minimum retention periods
Where required by law, we may retain records for statutory minimum periods. Otherwise, we determine appropriate retention periods having regard to the nature and sensitivity of the information, legal and regulatory obligations, operational and security requirements, dispute or litigation risk, and legitimate business interests.
12.4 Your acknowledgement and responsibility
You acknowledge and agree that: Ezyiah is not a permanent archival or custodial storage service unless expressly agreed in writing; you remain solely responsible for maintaining independent backups and copies of your records; you must retain records necessary to satisfy your own taxation, accounting, legal or regulatory obligations; deletion requests may be subject to legal, compliance, security or operational restrictions; and we may retain certain information after account closure where reasonably required by law or legitimate business interests.
12.5 Account termination and deletion
On account closure, termination, suspension or prolonged inactivity, we may restrict or revoke access to stored records; archive information for compliance and security; permanently delete records from active systems; anonymise or de-identify data; or retain limited residual backup copies until overwritten in the ordinary course of operations. Deletion requests are handled consistently with applicable Australian privacy laws, including APP 11, which requires reasonable steps to destroy or de-identify personal information no longer required.
12.6 Legal holds and disclosure
Despite any deletion request, we may preserve, disclose or retain records where required to comply with applicable laws; respond to lawful requests from courts, tribunals, regulators or authorities; investigate suspected unlawful activity, fraud or security breaches; enforce contractual rights or defend legal claims; or protect the rights, property or safety of Ezyiah, its users or third parties.
12.7 Security and storage
We implement commercially reasonable safeguards. You acknowledge that no electronic storage or transmission method is completely secure, that we cannot guarantee absolute security or uninterrupted availability, and that, subject to the ACL, you upload and store information at your own risk to the maximum extent permitted by law.
12.8 Limitation of liability
To the maximum extent permitted by law and subject to the ACL, we exclude liability for any loss, corruption, deletion, inaccessibility, unauthorised access or failure to recover records, except where liability cannot lawfully be excluded. You are responsible for maintaining independent backups of all important documents and records.
12.9 Amendments
We may amend this policy from time to time. Section 1.16 applies.

