DocChase Pty Ltd ("DocChase", "we", "us") is committed to protecting your privacy. This Privacy Policy explains how we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Who this policy applies to
This policy applies to practitioners (accountants, bookkeepers, BAS agents, tax agents) who hold a DocChase account, and to their clients whose contact details and documents are processed through the platform on the practitioner's behalf.
2. Information we collect
From practitioners
- Name, business name, email, phone, ABN
- Authentication identifiers (Google OAuth ID, password hashes)
- Billing details (processed by our payment provider; we do not store full card numbers)
- Usage analytics (requests created, logins, feature use)
From end-clients (entered by the practitioner)
- Name, email, phone
- Uploaded documents (e.g. bank statements, BAS workpapers, payroll records, identity documents) and any metadata they contain
3. How we collect it
Directly when you sign up, when practitioners add clients or create document requests, when end-clients upload via the secure portal, and automatically through cookies and server logs.
4. Why we collect it (purpose)
- To deliver the DocChase service — sending reminders, receiving uploads, notifying practitioners
- To authenticate users and secure the platform
- To bill practitioners and provide support
- To improve the product (aggregated, de-identified analytics)
- To comply with legal obligations
5. Disclosure
We disclose personal information only to:
- The practitioner who owns the workspace (for client data)
- Trusted processors: cloud hosting (Australian region), email delivery, SMS delivery, payment processing, error monitoring — bound by data-processing agreements
- Law enforcement or regulators where required by Australian law
We do not sell personal information. We do not use it to train third-party AI models.
6. Cross-border disclosure
Primary data hosting is in Australia (Sydney region). Some subprocessors (e.g. email delivery, error monitoring) may process data in the United States or European Union. Before disclosing personal information overseas, we take reasonable steps to ensure the recipient handles it consistently with the APPs.
7. Storage and security
Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access is restricted via row-level security, MFA for staff, and least-privilege controls. See our Security page for detail.
8. Data retention
- Active account data: retained while the account is active
- Uploaded documents: retained for the practitioner's record-keeping period (typically up to 7 years for tax records under Australian law) unless the practitioner deletes earlier
- Closed accounts: deleted or de-identified within 90 days, except where law requires retention
9. Your rights
Under the APPs you may:
- Request access to personal information we hold about you
- Request correction of inaccurate information
- Withdraw consent or close your account
- Complain about a breach of the APPs
Email privacy@docchase.com.au. We respond within 30 days. If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.
10. Notifiable data breaches
If a data breach is likely to result in serious harm, we will notify affected individuals and the OAIC under the Notifiable Data Breaches scheme.
11. Cookies
See our Cookie Policy.
12. Changes
We will post material changes here and email account holders at least 14 days before they take effect.