Privacy Notice

Last updated: 8 May 2026

Telu Pty Ltd (Telu, we) is committed to protecting your personal information. This notice explains what personal information we collect, how we use it, and your rights under the Australian Privacy Principles (APPs) of the Privacy Act 1988 (Cth) and, where applicable, the EU and UK GDPR.

1. What we collect

• Account information — name, email address, organisation, and the role you hold inside a Telu tenant.
• Authentication data — credentials managed by AWS Cognito on our behalf. Telu never sees your password.
• Customer Data — general ledger exports, account mappings, adjustment journals and consolidation outputs you generate inside the Service.
• Usage data — pages visited, features used, error logs and other diagnostic information needed to operate and improve the Service.
• Billing data — handled by Stripe for self-serve plans; Telu only stores the resulting subscription identifier and status.

2. How we collect it

We collect personal information directly when you sign up, when you upload Customer Data, and as you interact with the Service. We may also receive information from your accounting platform (Xero, QuickBooks, MYOB) when you export data and import it into Telu.

3. How we use it

• To provide, secure and improve the Service.
• To consolidate, analyse and report on Customer Data on your behalf.
• To send you transactional messages (invites, password resets, billing notifications) and, where you have consented, product updates.
• To meet legal, tax and accounting record-keeping obligations.

4. Who we share it with

We share personal information only with sub-processors who help us operate the Service, and only to the extent necessary. Current sub-processors:

• Amazon Web Services (Sydney region) — hosting, database, authentication (Cognito) and transactional email (SES).
• Stripe — payment processing for self-serve plans (we never store card data).
• Xero / QuickBooks / MYOB — only when you import their general-ledger exports; we read, never write.

We do not sell personal information. We will only disclose it to regulators or law-enforcement agencies if required by law.

5. International transfers

Customer Data is hosted in AWS Sydney. Some sub-processors (e.g. Stripe) may process data outside Australia under their own privacy and security commitments.

6. Data security

We use industry-standard controls including TLS in transit, encryption at rest, tenant-scoped row-level isolation, role-based access, and a full audit log of changes inside each tenant. Access to production by Telu staff is logged and limited to incident response.

7. Data retention

We retain Customer Data for the duration of your Subscription. After termination, you may export your Customer Data within 30 days, after which we will delete it from active systems. Backups are retained for up to 90 days and then deleted on a rolling cycle.

8. Your rights

You have the right to:

• Access the personal information we hold about you.
• Correct it if it is inaccurate or out of date.
• Request deletion, subject to our legal record-keeping obligations.
• Export your Customer Data in a machine-readable format at any time.
• Withdraw consent for marketing communications.

To exercise any of these rights, email privacy@telu.com.au.

9. Cookies

We use a minimum set of cookies and similar technologies — only those required to keep you signed in, remember UI preferences (theme, sidebar state, tenant selection), and operate the dashboard. We do not use third-party advertising cookies.

10. Children

The Service is intended for business users and is not directed at children under 16. We do not knowingly collect personal information from children.

11. Changes to this notice

We may update this notice from time to time. Material changes will be notified at least 30 days in advance via email or in-product notice.

12. Contact and complaints

Questions or complaints about how we handle personal information can be sent to privacy@telu.com.au. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.