A2X Privacy Policy - A2X

Privacy Policy was last updated on June 19th, 2023

At A2X, we take privacy very seriously and we are committed to protecting the personal information that we collect by complying with the terms of this Privacy Policy (the “Policy”). All such information will only be collected, held, used and disclosed by A2X in accordance with the Policy and applicable privacy law. 

The purpose of this Policy is to communicate to you, in a concise, transparent, intelligible and easily accessible way, how we treat your personal information. We encourage you to read this Policy carefully. It will help you make informed decisions about sharing your personal information with us.

Capitalized terms used but not defined in this Policy have the same meaning as in our Terms of Use which can found at https://www.a2xaccounting.com/terms (the “Terms”). The Terms should be read together with this Policy. 

BY ACCESSING OUR WEBSITE AND/OR USING OUR SERVICE, YOU CONSENT TO THE TERMS OF THIS POLICY AND AGREE TO BE BOUND BY THIS POLICY AND OUR TERMS OF USE.

Applicability of this Policy

This Policy applies to A2X, the Service, the Website and all other interactions (e.g., customer service inquiries) you may have with A2X and covers all of A2X’s activities relating to our use of your personal information. If you do not agree with the terms of this Policy, do not access or use the Service, Website or any other aspect of the A2X business.

The A2X Service enables you to integrate various third-party applications and software. By using the Service in conjunction with such third-party applications and software, you consent to A2X sharing your personal information with such third parties. This Policy does not apply to any third-party applications or software that integrate with A2X, or any other third-party products, services or businesses and A2X does not control or take responsibility for any such third party’s use of your personal information. Please see Exhibit A for a list of third-party applications and software that you may integrate with A2X. 

A2X Collection of Personal Information

A2X is a provider of ecommerce accounting integration services, including automated posting of sales from ecommerce sales channels to integrated accounting systems.

The Service involves the storage of data about a company or individual. That data can include personal information; “personal information” is information about an identifiable individual, and may include information such as the individual’s name, email address, telephone number, taxation details, and accounting and financial information and any other information relating to an individual or a combination of information which, if put together, means that an individual can be identified.

A2X may collect personal information directly from you

When you:

  • Register to use A2X – A2X will ask you for information such as your name, email address and location in order to customize the Service for you.
  • Use A2X – A2X records and collects the following information from you when using the Service:
    • Metadata – A2X records key actions users take within the Service.
    • Logging – A2X servers log visitors and visitor activity, including but not limited to web pages visited, IP address connected, browser type and settings.
    • Device information – A2X may collect device information such as screen size or operating system
    • Location information – A2X may receive information from you or your internet provider about your approximate location.
  • Use Browser Cookies – A2X uses cookies and similar technologies on our Website and Service. These are required in order to login and use A2X and are also used to provide analytic and usage information. For further information about our use of cookies, please see A2X’s Cookie Notice.
  • Contact Us – When you contact A2X, your communication and contact information will be saved both for continued communication and to help with support, technical issues, training and ongoing product improvements.
  • Visit our website – A2X records information about your visit to our Website using tools such as Google Analytics, Intercom and HubSpot.

YOU CAN ALWAYS CHOOSE NOT TO PROVIDE YOUR PERSONAL INFORMATION TO A2X, BUT IT MAY MEAN THAT WE ARE UNABLE TO PROVIDE YOU WITH THE SERVICE.

A2X may collect personal information about you from others:

A2X may collect personal information about you from: (i) users of the Service and/or Website, and (ii) from third party sales channels and/or accounting platforms used via A2X integrations. 

  • Information collected via integrations: Sales and accounting and/or financial information – A2X collects financial, sales and accounting information from sales channels and/or accounting platforms when you use A2X’s integrations with those channels and platforms. A detailed list of the information collected from third party integrations is set out in Exhibit B
  • Information collected from users: A2X is used by both e-commerce merchants and financial professionals who service e-commerce merchants. Merchants may provide us with personal information including name, location and email addresses of their service providers and service providers may provide us with such information about their e-commerce clients in order to facilitate use of the Services. 

A2X may receive personal information from you about others

Through your use of the Service, A2X may also collect information from you about someone else. If you provide A2X with personal information about someone else, you must ensure, and hereby warrant to A2X, that you are authorised to disclose that information to A2X, that such other person has consented to your disclosure of any disclosed information to A2X pursuant to the terms of this Policy and that, without A2X taking any further steps required by applicable data protection or privacy laws, A2X may collect, use and disclose such information for the purposes described in this Policy.

This means that you must take reasonable steps to ensure the individual concerned is aware of and/or has given his or her informed consent to the various matters detailed in this Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, A2X’s identity, and how to contact A2X.

Where requested to do so by A2X, you must also assist A2X with any requests by the individual to access or update the personal information you have collected from them and entered into the Service or otherwise provided to A2X.

A2X’s Use and Holding of Personal Information  

A2X collects your personal information for two primary uses: (i) so that we can provide you with the Service and any related services you may request, and (ii) to use to continue to improve the Service. More specific details of how A2X uses your Personal Information are set out below. By using the Service, you consent to your personal information being collected, held and used in the ways set out in this Policy and for any other use you authorize. A2X will only use your personal information for the purposes described in this Policy or with your express permission. 

Specific A2X uses of your personal information

  • To provide, update, maintain and protect our Service, Website and business, including to support delivery of the Services or address service errors, security or technical issues, analyze and monitor usage, trends and other activities. 
  • As required by applicable law, legal process or regulation.
  • To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your information to respond.
  • To develop and provide better productivity tools and additional features. A2X is constantly improving and we use data to make the tools and interfaces better, to customize a Service experience or create new productivity features and products.
  • To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes to our Service, such as security and fraud notices. These communications are considered part of the Service and you may not opt out of them without opting out of the Service as a whole.
  • For billing, account management and other administrative matters. A2X may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
  • To investigate and help prevent security issues and abuse.
  • A2X also incorporates your personal information into aggregated non-personally identifiable data sets as disclosed below.
  • If you consent to receive information about our other products, services or promotional offers and/or newsletters from us, we may use such personal information to contact you with the information you have opted to receive.

We are also required by law to state a “legal basis for processing”, i.e., to tell you on what grounds we are allowed to use your personal information. In all cases we only use your personal information either: (i) with your consent, which you may withdraw at any time, or (ii) for A2X’s legitimate interests for the specific purposes set out in the Policy. 

A2X Use of Aggregated Anonymized Data

By using the Service, you agree that A2X can incorporate the personal information A2X has collected from you into a set of aggregated and/or anonymized data (“Aggregated Data”). This is a set of data about multiple people that excludes personal identifiers such as names, addresses and phone numbers. It protects your privacy because it will in no way identify you or any other individual.

A2X may use Aggregated Data for purposes such as internal and external reporting, and to make decisions about how to manage A2X or the Website and how to deliver or improve the Services. For example, A2X may use Aggregated Data to:

  • assist A2X to better understand how customers are using the Service,
  • provide customers with further information regarding the uses and benefits of the Service,
  • enhance business productivity, including by creating useful business insights from the Aggregated Data and allowing you to benchmark your business’ performance against that Aggregated Data, and
  • otherwise to improve the Service.

We may also use Aggregated Data to provide insights to other organizations such as our advertisers, customers and partners and may provide Aggregated Data to third party data analytics service providers. 

A2X takes steps to protect your personal information

A2X is committed to protecting the security of your personal information and we take precautions to protect it from unauthorized access, modification or disclosure. Your personal information is stored on secure servers that have SSL Certificates issued by leading certificate authority LetsEncrypt, and all data transferred between you and the Service is encrypted.

However, the Internet is not in itself a secure environment and we cannot give an absolute assurance that your personal information will be secure at all times. Transmission of personal information over the Internet is at your own risk and you should only enter, or instruct the entering of, personal information to the Service within a secure environment.

We will advise you as soon as reasonably practicable and in any event, to the extent practically possible, within 72 hours upon discovering or being advised of a security breach where your personal information is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorized persons or in any unauthorized manner.

A2X will also comply with its mandatory notification obligations to the Privacy Commissioner of Canada, affected individuals and/or the public (as applicable) under Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) in relation to all breaches of security safeguards involving personal information under A2X control where it is reasonable to believe that such breach has caused a real risk of significant harm to an affected individual or individuals. A2X will also comply with breach notification requirements of the EU General Data Protection Regulation, to the extent applicable.

A2X Disclosure of Personal Information to Third Parties 

A2X will only disclose the personal information you have provided to us to entities outside the A2X group of companies if it is necessary and appropriate to facilitate the purpose for which your personal information was collected pursuant to this Policy, including the provision of the Service.

Such permitted disclosures include: (i) providing information to third-parties via your use of the third-party integrations that are included in the Services, and (ii) if you are a financial service provider providing information to your approved ecommerce merchants and if you are an ecommerce merchant providing information to your approved financial service providers.

A2X may from time to time employ third-party sub-processors to perform tasks on our behalf and we may need to share personal information with them to provide the services. A2X uses sub-processors in order to collect, store and process users’ personal information. Unless we tell you differently, such sub-processors do not have the right to use the personal information we share with them beyond what is necessary for them to provide the tasks and services on our behalf. The sub-processors we currently engage include third parties employed by us to facilitate our services, including database management, web analytics and general optimization of the Services. A2X is careful to only use reputable and reliable third parties as sub-processors of your personal information. 

To the extent A2X employs third-party service providers to store, handle or process personal information on our behalf, we use contractual and other means to provide a comparable level of protection while the information is being stored, handled or processed by those service providers.

A2X will not otherwise disclose your personal information to a third party unless you have provided your express consent. However, you should be aware that A2X may disclose your personal information without your consent in order to comply with any court orders, subpoenas, or other legal process or investigation, if such disclosure is required by law. Where possible and appropriate, we will notify you if we are required by law to disclose your personal information.

A2X does not store your credit card details

If you choose to pay for the Service by credit card, your credit card details are not stored by the Service and cannot be accessed by A2X staff. Your credit card details are encrypted and securely stored by our payment providers (including Stripe, Paypal, Braintree and CheddarGetter) to enable A2X to bill your credit card automatically on a recurring basis. You should review these payment providers’ privacy policies prior to providing your credit card details to any such payment provider.

Your rights and responsibilities

It is your responsibility to ensure that the personal information you provide to us is accurate, complete and up-to-date. You may request access to the information we hold about you, or request that we update, erase (where legally required) or correct any personal information we hold about you, via email to the A2X Privacy Officer (details are provided at the end of this Policy).

A2X will process your request as soon as reasonably practicable, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet your request, we will let you know why. For example, it may be necessary for us to deny your request if it would have an unreasonable impact on the privacy or affairs of other individuals, or if it is not reasonable and practicable for us to process your request in the manner you have requested. In some circumstances, it may be necessary for us to seek to arrange access to your personal information through a mutually agreed intermediary (for example, the Subscriber).

In relation to the personal information A2X holds you have rights to:

  • know what personal information A2X holds about you, to make sure it’s correct and to receive a copy of it
  • request a copy of your personal information, or ask A2X to restrict processing your personal information or delete it (where legally required)
  • withdraw consent to our continued collection and use of your personal information, provided that you shall grant us a reasonable amount of time to cease processing the personal information and further provided that such withdrawal of consent shall not apply to personal information to the extent such personal information has been incorporated into Aggregated Data

Notwithstanding the above, you hereby acknowledge and agree that if you withdraw consent to our continued collection and use of your personal information A2X may be required to suspend or terminate your access to the Website and/or the Services. 

You can make these requests at any time by emailing the A2X Privacy Officer (details are provided at the end of this Policy).

How long we will keep your personal information

We’ll keep your personal information only for as long as we require it for the purposes for which it was collected or for legal purposes. As a general rule, customer data (some of which may include your personal information) is stored for a period of 7 years. However, we may also be required to keep some of your personal information for longer periods of time, for example under certain laws relating to corporations, money laundering, and financial reporting legislation. All of your personal information collected by A2X will be retained, safeguarded and deleted in accordance with A2X’s data retention policy and related data retention schedule (the “Data Retention Documents”) (which specify retention periods for each type of data) and this Policy should be read in conjunction with those Data Retention Documents. The Data Retention Documents can be accessed at https://www.a2xaccounting.com/data-retention-policy/.

A2X uses cookies

In providing the Service, A2X utilizes “cookies.” A cookie is a small text file that is stored on your computer for record-keeping purposes. A cookie does not identify you personally or contain any other information about you but it does identify your computer.

We and some of our affiliates and third-party service providers may use a combination of ‘persistent cookies’ (cookies that remain on your hard drive for an extended period of time) and ‘session ID cookies’ (cookies that expire when you close your browser) on the Website to, for example, track overall site usage, and track and report on your use and interaction with ad impressions and ad services.

You can set your browser to notify you when you receive a cookie so that you will have an opportunity to either accept or reject it in each instance. However, you should note that refusing cookies may have a negative impact on the functionality and usability of the Website and the Services. We do not respond to or honour ‘Do Not Track’ requests at this time except as explicitly required by law. 

For further information about our use of cookies, please see A2X’s Cookie Notice.

Opt-out of marketing or email communications

A2X sends billing information, product information, Service updates and Service notifications to you via email. Our emails will contain clear and obvious instructions describing how you can choose to be removed from any mailing list not essential to the Service. A2X will remove you at your request.

A2X may communicate with you via email or in-Service message based on your user profile or Organization profile. For example if your A2X account has no connection to an accounting system, we may email you with advice and suggestions on how to connect. You can opt-out of these filtered or profile-based messages at any time by emailing the A2X Privacy Officer (details are provided at the end of this Policy).

Please note that if you withdraw your consent, (a) this will not render unlawful any use which we made of your personal information before you withdrew your consent and (b) it may mean that we are unable to provide you with the Service in whole or in part.

When you sign up for the A2X Service and agree to the Terms and Privacy Policy, you will automatically start receiving marketing and other such communications from A2X relating to the Services. These communications are designed to optimize your receipt of services from A2X and experience with A2X but may be opted out of any time.

You are responsible for transfer of your personal information to third-party applications via A2X integrations

The Service allows you, the Subscriber, or another Invited User within the relevant Organization to transfer data, including personal information, electronically to and from third-party applications via third-party integrations. While A2X will comply with all applicable data portability laws to which it is subject, A2X has no control over, and takes no responsibility for, the privacy practices or content of these third-party applications. You are responsible for checking the privacy policy of any such applications so that you can be informed of how they will handle personal information.

Age Limit

To the extent prohibited by applicable law, A2X does not allow use of our Service and Website by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information.

Servers, data processing, data storage and transfers of your personal data

A2X is hosted in Google Cloud, using servers located in the USA. When you use the Service your data will be stored and processed on Google Cloud servers within Google’s data centers in the USA.

Google Cloud is a top-tier server infrastructure and managed server provider that complies with important US and EU data protection:

By entering personal information into the Services, you consent to that personal information being hosted on servers located in the U.S. While your personal information will be stored on servers located in the U.S., it will remain within A2X’s effective control at all times. Each data hosting provider’s role is limited to providing a hosting and storage service to A2X, and we’ve taken steps to ensure that our data hosting providers do not have access to, and use the necessary level of protection for, your personal information. They do not control, and are not permitted to access or use your personal information, except for the limited purpose of storing the information. 

If you do not want your personal information to be transferred to a server located in the U.S., you should not provide A2X with your personal information or use the Service.

When A2X shares data, it may be transferred to, and processed in, countries other than the country you live in – such as the United States, where our data hosting provider’s servers are located. These countries may have laws different to what you’re used to. In situations where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.

For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like C), or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses. 

A2X has a privacy complaints process

If you wish to complain about how we have handled your personal information, please provide us with full details of your complaint and any supporting documentation by e-mailing the A2X privacy officer (details are provided at the end of this Policy).

We will endeavour to:

  • provide an initial response to your query or complaint within 10 business days, and
  • investigate and attempt to resolve your query or complaint within 30 business days or such longer period as is necessary and notified to you.

You also have a right to make a complaint with the local data protection authority. In Canada, that is the Office of the Privacy Commissioner.

This Policy may be updated from time to time

A2X reserves the right to change this Policy at any time, and any amended Policy is effective upon posting to this Website. A2X will make every effort to communicate any significant changes to you via email or notification via the Service. Your continued use of the Service will be deemed acceptance of any amended Policy. 

As privacy laws are rapidly evolving, we encourage you to review this Policy regularly. Our processing of your personal information will be governed by the version of this Policy in effect at the time. The amended Policy will apply from the revision date at the top of this page. 

A2X Software Limited is incorporated in Canada. Company address: 2 Bloor Street East, Toronto, Ontario, M4W 1A8, Canada.

Privacy officer

You may contact the A2X privacy officer by email at kirsten@a2xaccounting.com.

Exhibit A

A2X Third Party Integrations

Ecommerce sales channels

A2X connects to the following ecommerce sales channels.

  • Amazon marketplaces
  • BigCommerce stores
  • eBay marketplaces
  • Etsy shops
  • Shopify stores
  • Walmart marketplaces
  • Others that may be added from time to time

Accounting Systems

A2X integrates with the following accounting systems.

  • QuickBooks Online
  • Xero
  • Sage Business Cloud Accounting
  • Others that may be added from time to time

Exhibit B

Data Collected from Third Party Integrations 

A2X receives your financial information from these 3rd party services including but not limited to the following data:

  • Amazon:
    • Settlements
    • Finances
    • Inventory
    • Orders
    • Taxes
    • Other transactions
  • Shopify:
    • Payouts
    • Orders
    • Order transactions
    • Shop info
    • Gift cards
  • Walmart:
    • Reports
  • eBay:
    • Account/User details
    • Payouts
    • Disputes
    • Transactions
    • Orders
    • Seller funds
  • Etsy:
    • Account
    • Shop
    • Payouts
    • Transactions
    • Orders
    • Receipts
    • Payments
  • BigCommerce:
    • Store information
    • Orders
    • Transactions
    • Products
    • Refunds
  • Xero:
    • Company information
    • Invoices
    • Journals
    • Accounts
    • Tax Rates
    • Tracking Codes
    • Currencies
  • QuickBooks Online:
    • Company information
    • Invoices
    • Journals
    • Accounts
    • Tax Rates
    • Classes
    • Currencies
  • Sage:
    • Company information
    • Invoices
    • Journals
    • Accounts
    • Tax Rates
    • Currencies

Ready to get started?

Save time, work smarter and get reliable Amazon and Shopify financials you can trust, in a matter of minutes.