Privacy Policy
Effective date: 11 April 2026
Last updated: 11 April 2026
Operator: LLWC Tech Deck Pty Ltd (ABN 29 696 393 843), trading as KairosDesk
Contact: Contact us
1. Who we are
KairosDesk is operated by LLWC Tech Deck Pty Ltd (ABN 29 696 393 843). We provide practice workflow automation software purpose-built for Australian accounting firms.
2. What information we collect
Accounting firm staff:
- Name and email address
- Password (hashed and salted — never stored in plain text)
- Activity within the platform, recorded for security and compliance purposes
Accounting firm clients:
- Name, email address, and contact details provided during onboarding
- Documents uploaded during the onboarding process
- Tax File Number (TFN) — only when explicitly requested by your accountant and consented to by you
- Entity information derived from your uploaded documents
- Previous accountant details, if provided
- Financial data where your accountant has connected their accounting software
3. How we use your information
We use your information to deliver the KairosDesk platform — including document processing, entity extraction, TFN collection, transactional communications, and compliance logging. We do not use your information for marketing, profiling, or any purpose unrelated to your accountant's practice management.
4. Tax File Numbers
We handle TFNs under the Tax File Number Rule 2015 (Privacy Act 1988).
- TFNs are collected only with your explicit, informed consent
- TFNs are encrypted at rest using AES-256-GCM with a dedicated encryption key — the same standard used by financial institutions
- TFNs are masked by default — even your accountant must take a deliberate action to view them, which is logged
- TFNs are permanently and irreversibly deleted from our systems the moment your accountant records them in their practice management system
- TFNs are never used for any purpose other than facilitating your tax agent nomination with the ATO
5. Where your data is stored
All personal data — including documents, TFNs, and entity information — is stored in Australia.
Your data is hosted on enterprise-grade, SOC 2-certified infrastructure located in Sydney, Australia. Transactional emails and automated document processing are handled by specialist third-party providers located in the United States, each operating under a Data Processing Agreement with us. These providers process data solely to deliver their respective services and are contractually prohibited from using your data for any other purpose.
We do not store personal data in any jurisdiction other than Australia, except as described above for transactional processing.
6. Automated document processing
Documents you upload are processed by automated systems to assist with classification and organisation. This processing is performed by a specialist third-party provider under a Data Processing Agreement. Uploaded documents are processed transiently and are not retained by the provider or used for any purpose other than the immediate processing task.
7. Who we share your information with
We do not sell your personal information. We share it only as necessary to deliver our service:
- Your accounting firm — your accountant accesses your documents, extracted entity information, and (with your consent and their deliberate action) your TFN
- Infrastructure and service providers — hosting, email delivery, and document processing providers operating under Data Processing Agreements
- Your accounting software provider — where your accountant has connected their accounting software, relevant client and financial data is synced
- Regulators and law enforcement — where required by Australian law
8. Data retention
| Data type | Retention period |
|---|---|
| TFNs | Permanently deleted immediately after your accountant records them |
| Uploaded documents | Retained until your accountant confirms download |
| Account and entity information | Retained for the duration of your firm's engagement with KairosDesk |
| Audit and compliance logs | 7 years |
| Email delivery logs | 30 days |
9. Your rights
Under the Australian Privacy Principles you have the right to access the personal information we hold about you (APP 12), request corrections (APP 13), and lodge a complaint. Contact us and we will respond within 30 days.
10. Data breaches
We maintain security monitoring and incident response procedures. In the event of an eligible data breach under the Notifiable Data Breaches scheme, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) within 30 days of becoming aware of the breach. To report a suspected security issue, contact us.
11. Security
- AES-256-GCM encryption for TFNs at rest, with a dedicated encryption key
- TLS encryption for all data in transit
- Multi-tenant isolation — firms can only access their own data
- Role-based access controls with least-privilege principles
- Comprehensive audit logging of all sensitive actions
- Rate limiting and abuse prevention on all sensitive endpoints
12. Cookies
KairosDesk uses session cookies for authentication only. We do not use tracking or advertising cookies and we do not serve advertisements.
13. Changes to this policy
We will notify accounting firm administrators by email of any material changes. Continued use of KairosDesk after notification constitutes acceptance of the updated policy.
14. Contact
LLWC Tech Deck Pty Ltd (trading as KairosDesk)
Use our contact form for all privacy enquiries, data access requests, complaints, and security issues. We will respond within 30 days.
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at oaic.gov.au.
© 2026 LLWC Tech Deck Pty Ltd