Privacy Policy
Effective date: 11 April 2026
Last updated: 11 April 2026
Operator: LLWC Tech Deck Pty Ltd (ABN 29 696 393 843), trading as KairosDesk
Contact: support@warrenchan.com
1. Who we are
KairosDesk is operated by LLWC Tech Deck Pty Ltd (ABN 29 696 393 843), trading as KairosDesk. We provide practice workflow automation software for Australian accounting firms.
2. What information we collect
About accounting firm staff (accountants):
- Name and email address
- Password (hashed, never stored in plain text)
- Actions taken within the platform (audit log)
About accounting firm clients:
- Name, email address, and contact details provided during onboarding
- Documents uploaded during the onboarding process (PDFs and images)
- Tax File Number (TFN) — collected only when explicitly requested by your accountant and consented to by you
- Entity information extracted from uploaded documents (entity names, ABNs, entity types)
- Previous accountant details (if provided)
- Financial data synced from Xero (where your accountant has connected a Xero organisation)
3. How we use your information
We use the information we collect to:
- Provide the KairosDesk platform to accounting firms and their clients
- Process and classify uploaded documents using AI
- Extract entity information to assist accountants with client onboarding
- Collect and securely transmit TFNs to your accountant for ATO lodgement purposes
- Send transactional emails (invitations, TFN requests, notifications)
- Maintain audit logs for compliance and security purposes
4. Tax File Numbers
We handle TFNs in accordance with the Tax File Number Rule 2015 under the Privacy Act 1988.
- TFNs are collected only with your explicit consent
- TFNs are encrypted at rest using AES-256-GCM encryption with a dedicated encryption key
- Only your accountant can access your TFN
- TFNs are permanently deleted from our systems once your accountant has recorded them in their practice management system
- We do not use TFNs for any purpose other than facilitating your tax agent nomination
5. Where your data is stored
We take data residency seriously. All personal data is stored in Australia.
| Service | Location |
|---|---|
| Database | Supabase — Sydney, Australia (ap-southeast-2) |
| File storage | Amazon Web Services S3 — Sydney, Australia (ap-southeast-2) |
| Application compute | Fly.io — Sydney, Australia |
| Transactional email | Resend — United States (bound by Data Processing Agreement) |
| AI document processing | Anthropic — United States (Data Processing Agreement pending signature) |
| Xero financial data | As per Xero's privacy policy |
6. AI processing
We use Anthropic's Claude AI to classify and rename uploaded documents, extract entity information, and generate management letter drafts. Document content is transmitted to Anthropic's API for processing. Under our Data Processing Agreement with Anthropic (pending signature), document content is not retained or used for AI training purposes.
7. Who we share your information with
We do not sell your personal information. We share information only with:
- Your accounting firm (documents, entities, TFN masked by default)
- Supabase (database hosting, Sydney)
- Amazon Web Services (file storage, Sydney)
- Fly.io (application hosting, Sydney)
- Resend (transactional email, US)
- Anthropic (AI document processing, US)
- Xero (where your accountant has connected a Xero organisation)
- Law enforcement or regulators where required by law
8. Data retention
| Data type | Retention period |
|---|---|
| TFNs | Deleted immediately after accountant marks as recorded |
| Uploaded documents | Retained until accountant confirms download. Automated deletion after download not yet implemented — manual deletion available on request. |
| Account and entity info | Duration of firm's use of KairosDesk |
| Audit logs | 7 years |
| Email logs | 30 days |
9. Your rights
Under the Australian Privacy Principles you have the right to:
- Access the personal information we hold about you (APP 12)
- Correct inaccurate personal information (APP 13)
- Complain about a breach of the APPs
Contact us at support@warrenchan.com. We will respond within 30 days.
10. Data breaches
In the event of an eligible data breach under the Notifiable Data Breaches scheme, we will:
- Notify affected individuals as soon as practicable
- Notify the OAIC within 30 days of becoming aware of the breach
- Take immediate steps to contain and remediate the breach
To report a suspected security issue: support@warrenchan.com
11. Security
- AES-256-GCM encryption for TFNs at rest
- HTTPS/TLS for all data in transit
- Role-based access control — firms can only access their own data
- Comprehensive audit logging of all sensitive actions
- Rate limiting on all sensitive endpoints
12. Cookies
KairosDesk uses session cookies for authentication only. We do not use tracking or advertising cookies. We do not serve advertisements.
13. Changes to this policy
We will notify accounting firm administrators by email of any material changes. Continued use of KairosDesk after notification constitutes acceptance of the updated policy.
14. Contact
LLWC Tech Deck Pty Ltd (trading as KairosDesk)
Email: support@warrenchan.com
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
© 2026 LLWC Tech Deck Pty Ltd