Skip to main content
OutflowGuard

Privacy Policy

Effective Date: March 2026

1. Introduction

OutflowGuard is operated by Jake Baden North trading as Donkeh Labs (ABN 87 636 703 254). We (“we,” “us,” or “our”) are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment verification and audit trail service for Xero users.

2. Information We Collect

We collect information that you provide directly to us, including:

  • Account information (name, email address, company name)
  • Xero organization data necessary for our service to function (supplier details, bank account information changes)
  • Payment and billing information
  • Communications you send to us

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Monitor supplier bank detail changes in your Xero organization
  • Send you alerts and notifications about potential payment redirect risks
  • Generate audit trails and reports
  • Process payments and send invoices
  • Respond to your comments, questions, and requests
  • Send you technical notices, updates, and security alerts

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Regular security audits and penetration testing
  • Access controls and authentication measures

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Audit trail data is retained for a minimum of 7 years to comply with financial record-keeping requirements. You may request deletion of your account data at any time.

6. Third-Party Services

We integrate with the following third-party services:

  • Xero: To access your accounting data (read-only access to supplier information)
  • Stripe: To process payments securely
  • Supabase: For authentication and database services

7. Cross-Border Data Disclosure

In accordance with Australian Privacy Principle 8, we disclose that your personal information may be processed by the following third-party services located outside Australia:

  • Supabase (database and authentication) — hosted on AWS ap-southeast-2 (Sydney, Australia)
  • Stripe (payment processing) — United States
  • Vercel (website hosting) — United States and global edge network
  • Render (API hosting) — United States
  • Resend (transactional email delivery) — United States

We take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the Australian Privacy Principles. We remain accountable for the handling of your information by these providers.

8. Automated Decision-Making

OutflowGuard uses automated processes to detect potential payment fraud. This includes:

  • Fraud risk scoring: We analyse supplier bank detail changes, invoice patterns, and supplier profile completeness to generate a risk score for each detected change
  • Data used: Supplier names, bank account details, ABN/NZBN status, invoice amounts, and historical change patterns from your connected Xero organisation
  • Decisions influenced: Risk scores determine the severity level of alerts sent to you and your team. No payments are blocked or processed automatically — all payment decisions remain with you

You can contact us at privacy@outflowguard.com to request information about how automated decisions have been applied to your data.

9. Your Rights

Depending on your location, you may have the following rights:

  • Access to your personal data
  • Correction of inaccurate data
  • Deletion of your data
  • Data portability
  • Objection to processing
  • Withdrawal of consent

To exercise these rights, please contact us at privacy@outflowguard.com

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Effective Date” at the top.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us:

← Back to Home

Ready to secure your payments?

Join finance teams protecting their businesses from payment redirect scams.

Start your 14-day free trial. Cancel anytime.