Privacy & Security
What we touch, what we keep, and what we can't see.
Last updated July 2026
What we access
RemitMatch requests the minimum Xero permissions needed to do its job: read your invoices and contacts and create batch payments. We cannot see your payroll, reports, bank feeds, or anything else in your organisation.
What we store
The remittance documents you upload (kept as your audit trail), the match results, and encrypted Xero connection tokens. Documents are stored encrypted and are deletable by you at any time. Deleting your account purges all data within 30 days.
AI processing
Document text extraction may use paid AI APIs operating under no-training policies. Your files are never used to train AI models. All matching against your ledger is done by deterministic software, not AI, and nothing posts to Xero without your explicit approval.
Who we share with
Nobody, except the infrastructure providers that run the service (hosting, storage, email, payments). We never sell or share your data for marketing.
Contact
Questions, data requests, or deletions: support@remitmatch.app