Legal

Privacy Policy

WatsonOS Pty Ltd · Last updated 26 March 2026

WatsonOS Pty Ltd (ABN 41 695 782 720) (“WatsonOS”, “we”, “us”, “our”) operates the compliance platform at usewatson.app. This Privacy Policy explains how we collect, use, store, and disclose personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Who this policy applies to

This policy applies to:

  • Accounting firm principals and staff who use the WatsonOS platform
  • Visitors to usewatson.app
  • Individuals whose data may be processed as part of the platform's compliance functions (end clients of accounting firms)

2. What information we collect

2.1 Account and contact information

When you register or request access, we collect your name, email address, firm name, and any other information you provide.

2.2 Xero data

With your authorisation via Xero OAuth, we access transaction-level ledger data, payroll records, and organisational information from your clients' Xero files. This data is used solely to produce compliance outputs (BAS, IAS, superannuation calculations) for your review. We do not store Xero credentials. OAuth access tokens are encrypted at rest.

2.3 Usage data

We collect information about how you use the platform including pages visited, features used, and actions taken. This is used to improve the platform and diagnose issues.

2.4 Communications

If you contact us by email or submit a form on our website, we retain that correspondence.

3. How we use your information

We use collected information to:

  • Provide, operate, and improve the WatsonOS platform
  • Generate compliance outputs (BAS, IAS, superannuation) from your clients' ledger data
  • Communicate with you about your account, updates, and support
  • Comply with legal and regulatory obligations
  • Produce anonymised, aggregated statistical insights to improve platform accuracy — no individual client or firm can be identified from this data

We may use aggregated, de-identified statistical patterns derived from platform usage to improve the accuracy and performance of WatsonOS engines. This includes patterns such as variance distributions, error rates, and coding anomalies. No individual client, firm, or transaction can be identified from this data. We do not share your data with third parties for AI training purposes.

\n

We do not use raw, identifiable client data to train any AI or machine learning model.

4. Data residency and storage

All data processed and stored by WatsonOS is held exclusively on Microsoft Azure Australia East (Sydney). Your data does not leave Australian jurisdiction in the ordinary course of operations.

Database infrastructure is hosted on Microsoft Azure Australia East, which provides platform-level data redundancy. A formal backup and disaster recovery policy is being implemented and will be published when complete.

5. Disclosure to third parties

We do not sell, rent, or trade your personal information. We may share data with:

  • Microsoft Azure — cloud infrastructure provider (Australia East)
  • Xero — solely to authenticate and retrieve authorised data via OAuth
  • Cloudflare — CDN and security layer for usewatson.app (marketing site only)
  • HubSpot — CRM for managing early access inquiries (contact details only, not client data)
  • Stripe — payment processing (when billing is activated)
  • Law enforcement or regulatory authorities where required by law

6. Data retention

We retain your account data for the duration of your subscription and for 7 years after termination (consistent with standard Australian record-keeping obligations). Xero OAuth tokens are revoked immediately upon disconnection. You may request earlier deletion — see section 9.

7. Security

We implement industry-standard security measures including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls
  • OAuth 2.0 for all third-party integrations — no passwords stored
  • Regular security assessments

In the event of an eligible data breach under the Notifiable Data Breaches scheme, we will notify affected parties and the Office of the Australian Information Commissioner (OAIC) as required by law.

8. Cookies

The WatsonOS platform (go.usewatson.app) uses session cookies for authentication. The marketing site (usewatson.app) uses Cloudflare analytics. We do not use third-party advertising cookies.

9. Your rights

Under the Privacy Act 1988, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your data (subject to legal retention obligations)
  • Complain about a breach of the APPs

To exercise any of these rights, contact us at privacy@usewatson.app. We will respond within 30 days.

10. Complaints

If you are not satisfied with our response to a privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

11. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email to registered users. The current version is always available at usewatson.app/privacy.

12. Contact

WatsonOS Pty Ltd
Email: privacy@usewatson.app
Website: usewatson.app