Legal

Privacy Policy.

How CINDA collects, uses, stores and protects personal information — written in plain English, aligned to the Australian Privacy Act 1988 and the thirteen Australian Privacy Principles.

Effective   1 January 2026
Last updated   14 May 2026
Version   1.0
Plain-English summary We are a backup company. We collect the minimum information needed to run your backups, we never look inside the records we hold for you, and we don't sell or rent your information. Your Xero data is encrypted with keys you control, stored where you choose, and only restored on your instruction. You can reach our Privacy Officer at any time at info@cinda.io.

01About this policy

CINDA Pty Ltd ("CINDA", "we", "us") is an Australian software company that provides independent backup of Xero accounting data. We take privacy seriously because our customers trust us with the most sensitive information in their business — their books.

This policy explains what personal information we handle, why, and how we look after it. It applies to anyone who uses our website, signs up to our service, or has their information handled by a CINDA customer who has chosen to back up their Xero file with us.

We comply with the Australian Privacy Act 1988 (Cth), the Notifiable Data Breaches scheme, and the thirteen Australian Privacy Principles issued by the Office of the Australian Information Commissioner.

02Information we collect

We collect two kinds of information.

About you as a customer or prospect

  • Your name, work email, phone number and company — when you fill in a form or contact us.
  • The Xero organisations you connect, and the Xero user that authorised the connection.
  • Your billing details and payment records.
  • Support correspondence and the technical logs needed to resolve a question or incident.

About the data we back up for you

Once you authorise CINDA via Xero's read-only OAuth flow, we copy your Xero records on a daily schedule. The records may contain personal information about your contacts — for example a supplier's bank account, a customer's email, or an employee referenced in a journal. We treat that information as your customer data, not ours, and we do not use it for any purpose other than running the backup service you have asked for.

03How we use it

We use the information we collect to:

  • Run the backup service you have signed up for — including snapshotting, indexing, verifying and restoring your records.
  • Send you transactional messages (invoices, snapshot reports, incident notices, password resets).
  • Provide support when you ask for it.
  • Improve the service — in aggregate and de-identified form only.
  • Meet our legal, tax and audit obligations.

We do not sell, rent, or trade personal information. We do not use the contents of the records we back up for marketing, profiling, or model training of any kind.

04Your Xero data — specifically

This deserves its own section because it is what makes CINDA different.

  • Read-only access. CINDA connects to Xero through OAuth 2.0 with read-only scopes. We cannot write to your Xero file, edit a record, delete an invoice, or change a setting — ever.
  • Encrypted at rest. Every snapshot is encrypted with AES-256 before it is written to storage. You can hold the encryption keys yourself, or let CINDA hold them on your behalf in our Australian-sovereign key vault. We document the choice in your contract.
  • We do not browse your records. Our staff have no need and no routine ability to read the contents of the records we hold for you. Access to a customer's backup is logged, role-restricted, and only granted on your written request — for example to assist a restore.
  • You can revoke at any time. A click in your Xero "Connected Apps" screen disconnects CINDA immediately. Within 30 days of cancellation, you can request export and deletion of your stored snapshots; we describe the process in our Terms of Service.

05Where your information is stored

Where your account information sits (your name, billing records, support tickets) is on Australian-hosted infrastructure operated by CINDA.

Where your backed-up Xero records sit depends on the storage option you chose at sign-up:

  • Option A — Your local infrastructure. Your data never leaves your premises. CINDA only orchestrates the backup — we don't hold a copy.
  • Option B — Your private cloud. Snapshots are written to a bucket in your own AWS, Azure or GCP tenancy. CINDA holds metadata (an index of what was captured, when), but not the encrypted snapshots themselves.
  • Option C — CINDA private cloud. We host the storage for you, in immutable Australian-sovereign WORM storage in Sydney (AZ-A & AZ-B). Data is encrypted at rest and in transit; the encryption keys are held in a separate Australian key vault.

06Who we share information with

We share information only as needed to run the service or comply with the law.

  • Sub-processors. A short list of vendors helps us run CINDA — for example, our payment processor, email delivery provider, cloud hosting provider, and ticketing system. Each is contractually bound to handle information only as we instruct, and we publish the current list on request.
  • Professional advisers. Lawyers, accountants and auditors, under confidentiality obligations.
  • Authorities. If we are compelled by a valid Australian legal process — for example a subpoena or a properly authorised regulator's notice — we will respond. Where we are legally permitted to notify you in advance, we will.
  • Successor. If CINDA is sold or merged, your information may transfer to the successor under equivalent privacy obligations. We will notify you in advance.

07Security

We take reasonable steps, appropriate to a backup company holding sensitive financial data, to protect personal information.

  • AES-256 encryption at rest, TLS 1.3 in transit.
  • Hardware-isolated key management; customer-held keys for Option B.
  • Immutable, write-once storage for hosted snapshots.
  • Single sign-on and enforced multi-factor authentication for all staff with administrative access.
  • Background checks for staff with administrative access; documented joiner / leaver controls.
  • Network segmentation, endpoint protection, vulnerability scanning, and periodic third-party penetration testing.
  • Documented incident response, with the Notifiable Data Breach scheme followed where it applies.

08How long we keep it

  • Backed-up Xero records: for the term of your subscription, plus 30 days after cancellation (export window). Held longer only if you ask us to in writing.
  • Account & billing records: seven years after the end of the contract, to meet ATO and corporations-law record-keeping obligations.
  • Support correspondence: three years, then archived or deleted.
  • Website & analytics logs: ninety days.

09Overseas transfers

CINDA is an Australian company and the default for our managed-storage option is Sydney-only. Some sub-processors operate globally — for example, our email delivery provider may route a message via a US data centre. Where personal information is transferred overseas, we ensure equivalent protection through contractual safeguards, in line with Australian Privacy Principle 8.

10Cookies & the website

Our marketing website uses a small number of cookies:

  • Strictly necessary — to keep you signed in to the CINDA console and to remember form progress.
  • Analytics — to understand how visitors use the site, in aggregate. We use a privacy-respecting analytics tool that does not set advertising identifiers.

We do not use behavioural advertising cookies. You can clear or block cookies from your browser settings at any time.

11Your rights

Under Australian privacy law you have the right to:

  • Ask what personal information we hold about you and request a copy.
  • Correct anything that is inaccurate or out of date.
  • Ask us to delete information we hold (subject to legal retention obligations).
  • Withdraw consent at any time, where consent is the basis of our processing.
  • Object to a particular use of your information.

To exercise any of these rights, email info@cinda.io. We respond within 30 days, usually faster.

12Complaints

If you think we have mishandled your information, please tell us first — we want to fix it. Email info@cinda.io and we will acknowledge within two business days and respond substantively within 30.

If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.

13Changes to this policy

We update this policy when our practice changes or when the law changes. The "Last updated" date at the top of the page reflects the most recent revision. For material changes that affect how we handle existing customer data, we notify account holders by email at least 30 days before the change takes effect.

14Contact us

Our Privacy Officer is reachable at:

About this draft

This is a plain-English draft prepared as a starting point. It should be reviewed by Australian privacy counsel before publication — particularly the retention periods, sub-processor disclosures, and the statement about the Notifiable Data Breaches scheme, which need to match CINDA's contracted operating practice.