Core Close
Sign in Start free trial
Features Pricing Help About
Sign in Start free trial

Privacy Policy

Last updated 4 June 2026

Core Close is operated by CorpFin Solutions Pty Ltd (ABN 38 672 924 042), an accounting practice based in Perth, Western Australia ("Core Close", "we", "us", "our"). We are bound by the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles. This policy explains what information we collect when you use Core Close, how we use, store, share and protect it, and the choices you have. For any privacy question, contact privacy@coreclose.com.au.

1. The information we collect

Information you give us

  • Account details: your name, email address and an encrypted (hashed) password. If you use Sign in with Xero, we store the identifier Xero provides for your account.
  • Setup and close data: the companies and entities you configure and the close work you create (eliminations, schedules, journals, reconciliations and similar).
  • Communications: messages you send us, for example support requests.
  • Billing contact details associated with your subscription.

Customer accounting data

  • When you connect a Xero organisation, we fetch accounting data such as trial balances, journals and organisation details through Xero's API. When you upload a trial balance for an entity outside Xero, we store what you provide. This is your own data, accessed and processed on your instruction and on your behalf.

Information we collect automatically

  • Usage and diagnostic data such as IP address, browser type, timestamps and actions taken, used to operate and secure the Service.
  • Essential cookies and your session, used to keep you signed in and to keep the Service working. We do not use the Service to serve third-party advertising.

Payment information

  • Billing is handled by Stripe. Stripe collects and stores your card details; we never receive or store your full card number. We retain the subscription status and billing records Stripe returns to us.

2. How we use information

  • To provide, operate and maintain the Service.
  • To process payments and manage your subscription.
  • To respond to your requests and provide support.
  • To secure the Service, prevent misuse, and meet our legal obligations.
  • To improve the Service, including through aggregated and de-identified analysis.
  • To send service and account communications. We send marketing only where you have opted in, and you can opt out at any time.

We collect personal information so we can provide the Service you have asked for. We do not sell your personal information, and we do not use your accounting data for advertising.

3. How we share information

We share data only with the providers we rely on to deliver the Service, and only as needed:

  • Stripe (payment processing): securely collects and stores your card details and processes payments. We do not receive or store your full card number.
  • Render (hosting): provides the hosting and database infrastructure on which the Service runs.
  • Xero (accounting integration and sign-in): provides read access to your accounting data, with your authorisation, and the identity used for Sign in with Xero.

We may also disclose information if required by law, to enforce our terms, or in connection with a sale or reorganisation of our business (in which case this policy continues to apply). We require our providers to protect your information and to use it only to provide their service to us.

4. Where your data is held and overseas transfers

Your data is held in a database hosted on Render. At present this is in the Singapore region, with Australian hosting planned. Some of our providers (such as Stripe) may process limited information overseas. Where information is handled outside Australia, we take reasonable steps to ensure it is protected consistently with this policy and the Australian Privacy Principles.

5. How we protect information

  • Data is encrypted at rest, and transmitted over encrypted (TLS) connections.
  • Xero refresh tokens are encrypted with AES-256-GCM before they are stored.
  • Access to production data is limited to authorised CorpFin Solutions staff, for the purpose of running and supporting the Service.
  • Automated backups of your data are taken daily.

No system is perfectly secure, but we take reasonable steps to protect your information. If a data breach occurs that is likely to result in serious harm, we will respond in line with the Notifiable Data Breaches scheme, including notifying affected individuals and the Office of the Australian Information Commissioner where required.

6. How long we keep information

We keep your information for as long as your account is active and as needed to provide the Service. After your account is terminated, you can export your data for 30 days, after which it may be deleted, subject to our backup cycle and any legal obligation to retain records. De-identified and aggregated data may be kept for longer.

7. Your rights

  • Access the personal information we hold about you.
  • Ask us to correct information that is inaccurate or out of date.
  • Export your data at any time.
  • Delete your account.
  • Disconnect any Xero organisation at any time.
  • Opt out of marketing communications.

Use the in-app controls or contact privacy@coreclose.com.au to exercise any of these. We may need to verify your identity first.

8. Children

The Service is a business tool and is not directed at children. We do not knowingly collect personal information from anyone under 18.

9. Changes to this policy

We may update this policy from time to time. The "last updated" date above shows when it last changed. Where changes are material, we will take reasonable steps to let you know.

10. Contact us and complaints

For any privacy question or request, email privacy@coreclose.com.au, or write to CorpFin Solutions Pty Ltd, Perth, Western Australia. If you are not satisfied with how we have handled your privacy, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.