exasum

Privacy Policy

Last updated: March 2026

Overview

Exasum ("we," "our," or "us") is committed to protecting the privacy and security of your financial data. This policy explains how we collect, use, store, and protect information when you use our financial consolidation platform.

Information We Collect

Account Information

  • Name, email address, and contact details
  • Company name and billing information
  • User credentials and authentication data

Financial Data

  • Chart of accounts and account mappings
  • Trial balances and journal entries from connected systems
  • Exchange rates and currency configurations
  • Intercompany transaction data
  • Consolidated financial reports you generate

Usage Data

  • Log data including IP addresses and browser type
  • Feature usage patterns and system interactions
  • Error reports and performance metrics

How We Use Your Information

  • To provide and maintain the consolidation service
  • To process your financial data according to your instructions
  • To authenticate users and secure your account
  • To communicate about service updates and support
  • To improve our platform based on usage patterns
  • To comply with legal obligations

Data Security

We implement industry-standard security measures to protect your financial data:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • SOC 2 Type II compliant infrastructure
  • Regular security audits and penetration testing
  • Role-based access controls and audit logging
  • Multi-factor authentication support

Data Storage and Retention

Your data is stored in secure, geographically distributed data centers. We retain your financial data for the duration of your subscription plus 30 days. Audit logs are retained for 7 years to support compliance requirements. You may request data export or deletion at any time.

Third-Party Integrations

When you connect accounting systems (such as Xero or QuickBooks), we access your financial data through their official APIs using secure OAuth authentication. We only request the minimum permissions necessary for consolidation. We do not store your third-party credentials.

Data Sharing

We do not sell your data. We may share data only:

  • With service providers who assist in operating our platform (under strict confidentiality)
  • When required by law or valid legal process
  • To protect the rights, safety, or property of Exasum or others
  • In connection with a merger, acquisition, or sale of assets (with notice)

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access and receive a copy of your data
  • Correct inaccurate personal information
  • Request deletion of your data
  • Object to or restrict certain processing
  • Data portability (export in standard formats)
  • Withdraw consent where processing is consent-based

International Transfers

If you are located outside of our primary data center region, your data may be transferred internationally. We use Standard Contractual Clauses and other approved mechanisms to ensure adequate protection for cross-border transfers.

Cookies

We use essential cookies for authentication and session management. We use analytics cookies to understand usage patterns. You can control cookie preferences through your browser settings.

Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email or in-app notification at least 30 days before taking effect.

Contact Us

For privacy-related inquiries or to exercise your rights, contact our Data Protection Officer at privacy@exasum.com.