RemitMatch

Privacy & Security

What we touch, what we keep, and what we can't see.

Last updated July 2026

What we access

RemitMatch requests the minimum Xero permissions needed to do its job: read your invoices and contacts and create batch payments. We cannot see your payroll, reports, bank feeds, or anything else in your organisation.

What we store

The remittance documents you upload (kept as your audit trail), the match results, and encrypted Xero connection tokens. Documents are stored encrypted and are deletable by you at any time. Deleting your account purges all data within 30 days.

AI processing

Document text extraction may use paid AI APIs operating under no-training policies. Your files are never used to train AI models. All matching against your ledger is done by deterministic software, not AI, and nothing posts to Xero without your explicit approval.

Who we share with

Nobody, except the infrastructure providers that run the service (hosting, storage, email, payments). We never sell or share your data for marketing.

Contact

Questions, data requests, or deletions: support@remitmatch.app