Policy

Privacy Policy

How Becide collects, uses, and protects personal information. Aligned with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Last updated · 16 July 2026
0Third-party training on your data

How we think about your data

Becide is a CFO intelligence platform operated by Business Avengers. We provide software and related services to Australian organisations, subject to the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Our five commitments

Every design decision inside Becide is measured against these before it ships.

  1. 01

    Australian residency

    App, data lake, AI inference, and audit logs are all hosted and processed in Sydney.

  2. 02

    Dedicated encryption

    Every client gets a dedicated AES-256 key. Becide never stores the key material.

  3. 03

    Read-only AI

    Models see governed layers only. They can never write to your data or your source systems.

  4. 04

    Traceable runs

    Every AI run has an ID with tools used, safety checks, and outcome logged.

  5. 05

    Client-controlled exit

    Export, then deletion with a written receipt and encryption-key destruction.

  6. 06

    No model training

    We do not use client data to train third-party AI models. Period.

Kinds of personal information we collect

We collect only what is reasonably necessary for the purposes described in this policy.

Identity & contactProvided
Name, work email, organisation, role, and phone number where provided.
Account & authenticationSystem
User identifiers, session tokens, and sign-in metadata from our authentication service.
Usage & technicalAutomatic
IP address, browser type, device information, pages visited, and feature usage logs.
CommunicationsProvided
Messages, support requests, and access-request form submissions.
AI interaction metadataSystem
Encrypted question records, run identifiers, and tool invocation logs — not full message bodies in analytics.
Connector configurationSystem
Data source names and connection status. Never database passwords or API keys.

How we collect, use and disclose

We collect personal information directly from you when you request access, sign in, use the platform, configure connectors, contact support, or subscribe to communications. We also collect information automatically through cookies, server logs, and platform telemetry required to operate and secure the service. We do not purchase marketing lists or collect personal information from third-party data brokers for the core platform.

We use personal information for the primary purpose of providing and improving Becide, and for related purposes you would reasonably expect — creating and managing accounts, delivering CFO intelligence features, operating connectors you authorise, monitoring security and detecting abuse, responding to enquiries, meeting legal obligations, and improving reliability using aggregated, de-identified usage patterns.

We disclose personal information only where necessary to operate the platform, with your consent, or where required by law — to our Australian hosting provider for hosting and compute, our authentication service, our approved AI services for inference within approved regions, professional advisers bound by confidentiality, and regulators, courts, or law enforcement when required by law.

Overseas disclosure

Our primary data stores and processing occur in Australia. Some subprocessors may process limited metadata or provide support from other countries under contractual safeguards designed to meet APP 8 requirements. Before disclosing personal information overseas, we take reasonable steps to ensure recipients handle information consistently with the APPs. A subprocessor register is available on request.

Likely overseas locations may include the United States where our hosting or support providers operate global infrastructure. Encryption and access controls apply regardless of processing location.

Storage, retention and exit

Personal information and client data are encrypted at rest using AES-256 with dedicated encryption keys. Data in transit is protected with TLS. Login passwords are hashed by our authentication service and cannot be read by Becide. Connector credentials are stored in secure credential storage and are never shown in the UI, logged, or sent to AI models.

Your organisation's data is organised in three layers in Sydney: original uploads (raw), a cleaned analytics layer, and a curated command-centre layer. The AI can read only approved layers for your tenant. Raw uploads are not exposed to AI tools.

We retain personal information for as long as needed to provide the service and meet legal obligations. When you leave, you may request export and deletion. We confirm deletion in writing with a reference ID and per-category receipt. Your dedicated encryption key is disabled immediately and scheduled for destruction; remaining ciphertext becomes unreadable after the mandatory waiting period, including in backups.

AI, automated processing and accuracy

Becide uses automated tools, including large language models, to assist with financial analysis and document retrieval. Outputs may be incomplete or inaccurate and are not financial, legal, or tax advice. We do not use client data to train third-party AI models. AI interaction records are retained only as necessary for audit, support, and product reliability.

Where automated processing could significantly affect an individual's rights or interests, human review is available on request. In normal operation these programs do not make binding decisions about individuals without human oversight.

Access, correction and complaints

You may request access to or correction of personal information we hold about you by contacting hello@becide.com. We will verify your identity before responding and aim to respond within 30 days.

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

We may update this policy when our practices change. Material updates will be published on this page. Continued use after notice constitutes acceptance where permitted by law.

Privacy questions?

For access requests, corrections, complaints, or a copy of our subprocessor register, reach the team directly.