Privacy Policy
Last updated 2 July 2026.
KelpieLedger (“we”, “us”) provides bookkeeping software for small Australian businesses, accessible through the web app at app.kelpieledger.au and through an MCP server that lets an AI agent act on your behalf. This policy explains what we collect, why, and how it is handled, in line with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
What we collect
To provide the service, we collect:
- Account information — your email address and authentication credentials (handled by Amazon Cognito; we never see or store your password in plain form).
- Bookkeeping data you give us — chart of accounts, journal entries, bank transaction lines you import, sales documents/invoices you ingest, and anything else you post through the app or an authorised agent.
- ABN lookups — when you or your agent look up a business by ABN, that query is forwarded to the Australian Business Register; we don't send it anything beyond the ABN itself.
- Technical data — error and crash diagnostics (via Sentry), request logs, and IP address, used only to keep the service running and to debug faults.
How your data is used
Your bookkeeping data is used solely to operate the ledger you asked for: posting entries, reconciling transactions, computing your BAS worksheet, and preparing lodgment packs. We do not use it for advertising, we do not sell it, and we do not share it with third parties except where this policy says otherwise or where required by law.
AI agents connected via MCP
If you connect an AI agent (for example, Claude) to your account, it acts as an extension of you — it can read and write the same data you can, through the same validated operations the web app uses. We treat those actions as yours. The agent provider (e.g. Anthropic) processes whatever you send it according to its own privacy policy; we encourage you to review that separately before connecting an agent.
Where your data is stored
Data is hosted on Amazon Web Services in the Sydney (ap-southeast-2) region, chosen specifically for Australian data-residency expectations. It is encrypted in transit (TLS) and at rest. Access is scoped per account — your data lives under your own tenant partition and is not addressable by other users.
Third parties we use
- Amazon Web Services — hosting, database, and authentication infrastructure.
- Sentry — error monitoring. It receives crash diagnostics (stack traces, request metadata), not your bookkeeping data.
- Australian Business Register — for ABN lookups you initiate.
Retention
The ledger is append-only by design, so posted entries are kept for the life of your account as your permanent bookkeeping record. Australian tax law generally requires business records to be kept for five years, so we retain data at least that long even after an account is closed, unless you request earlier deletion and we're not otherwise required to keep it.
Your rights
Under the Australian Privacy Principles you can ask to access or correct the personal information we hold about you, or raise a concern about how it's handled. Contact us at hello@kelpieledger.au and we'll respond. If you're not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Cookies
The web app uses only what's needed to keep you signed in (a session token); there are no advertising or third-party tracking cookies.
Changes to this policy
If this policy changes materially, we'll update the date above and, where the change is significant, notify account holders directly.
Contact
Questions about this policy or your data: hello@kelpieledger.au.