End User Licence Agreement
Our terms are fair and transparent
Last updated: 08 November 2024
1. Parties to Licence
- In this licence, Calxa Australia Pty Ltd (ACN 140 679 849) together with its officers, employees and agents is referred to as “we” (or derivations thereof).
- Calxa Pty Ltd (ACN 133 831 026) together with its officers, employees and agents is referred to as “Application Owner”.
- The party authorised to use all or any part of the Application is referred to as “you” (or derivations thereof).
- This licence governs the use of any of the software products (such as Calxa Express, Calxa Premier and Calxa Enterprise) of the Application Owner, which, together with all associated documentation, additional modules and future modified versions are collectively and separately referred to in this licence as the “Application”.
- References to “our website” refer to calxa.com and its sub-domains.
2. Date of effect:
- 08 November 2024
- The most recent changes from the 24 March 2023 edition are update on payment processors in section 10 and clarification of audit information in the Audit section of the Data Processing Addendum as well as removal of all references to The Invisible Accountant..
3. Evaluation Provisions
- The Application is not free and is subject to copyright.
- If you have registered for a trial of the Application, you are authorised to use it solely for evaluation purposes for the period we specify on our websites or otherwise communicate to you (the “evaluation period”).
4. Licence to use Application
Who may use the Application?
- Your use of the Application signifies your acceptance of the terms of this Licence. Your right to continue to use the Application is subject to your full compliance with all the provisions of this Licence and your payment of the subscription on or before each due date for payment.
- Should you fail to renew your subscription by payment of applicable fees prior to the expiry of the current subscription period, then you will no longer be able to use the Application for general purposes and the Application will only permit use for viewing data which was entered prior to the expiry of the subscription period.
- We grant to you a personal and non-exclusive license to use those parts of the Application for which you have paid all applicable fees during the period covered by those fees.
- You may grant access to the data in your subscription to any other person.
- Each licence entitles you to create a limited number of organisations (each connected to a single accounting data source), which you can increase on payment of an additional fee.
Use of the Application
- Your licence includes the right to use the initial version of the Application which you obtain. It also includes the right to use any subsequent upgrades or new releases of that Application which we elect to make available to users at no additional charge.
- The Application is provided as-is and you acknowledge that you have no entitlement to any upgrades or enhancements of the Application. Without being under any obligation to do so, from time to time we may make upgrades and enhancements available to you.
- This Licence only grants a right to use the Application and no title passes to you with respect to the Application. You must not sell, transfer, assign, sublicense or otherwise deal with any of the rights granted under this Licence. You must not (a) reverse assemble, reverse compile or decode the Application or attempt to ascertain the source code by any means; (b) remove, change or bypass any copyright or Application protection statements embedded in the Application.
- You agree (a) the Application is a valuable asset of the Application Owner and is supplied to you on a restricted and confidential basis; (b) the Application will be kept secret and confidential by you at all times unless specifically authorised by us; (c) all copyright in the Application is retained and title to the copy of the Application which is delivered to you and to any copies, reproductions, adaptations, enhancements or translations made of the Application and interfaces with the Application is also retained by the Application Owner and to the extent necessary you hereby assign intellectual property rights in same to the Application Owner; (d) at all times to take reasonable steps to protect the Application from unauthorised access and use; and (e) to give us notice of any infringement of copyright or any of our rights which comes to your attention.
5. Retention of data in Calxa
- Data is stored on Microsoft Azure servers in Australia East with backup copies stored in other locations.
- We will retain your data for the following periods following the termination of your licence, whether that termination has been initiated by you or us:
- For an expired Trial subscription, we will retain your data for a period of not less than 12 months,
- For an expired paid subscription, we will retain your data for a period of not less than 2 years.
- We will delete the data at any time on your request.
- You will have the opportunity to export your Organisation data on termination of your subscription.
6. Availability of Calxa Online service
- You are responsible for obtaining and maintaining internet access to allow you to use the Application. This includes but is not limited to internet or ‘browser’ Application versions that are compatible with the Application. We are not responsible for notifying you of any upgrades, fixes or enhancements to any such Application, or for any Loss or Claim arising from a compromise of data transmitted using networks or facilities which are not owned or operated by us.
- The Application could be disrupted if systems failure occurs due to technology used by either us or Third Parties involved in providing the Application. We will document any such failure as soon as practicable at calxa.com.
- It is possible that the Application may also be unavailable for short periods because of necessary or desirable system maintenance or upgrades. If this is needed, we will try to inform you beforehand and will also post a notification at calxa.com.
- Subject to the terms of section 13 below, we are not responsible or liable to you or the Business for any Loss or Claim arising from the Application or any part of it being delayed, disrupted or unavailable.
- As part of our Business Continuity and Disaster Recovery process, your data is stored in Azure SQL Databases in the Australia East region. We have automated backups with the following restore capabilities:
- Point in Time restore within 7 days
- Differential Backups taken every 12 hours
- Full Backups taken weekly and retained for 4 weeks
- Monthly Backups retained for 3 months.
- Backup data is stored in geo-redundant storage blobs that are replicated to a paired region. Geo-redundancy helps to protect against outages impacting backup storage in the primary region and allows us to restore our server to a different region in the event of a disaster. The remaining infrastructure can also be deployed to a different region in the event of a disaster.
- We use Azure Service-managed transparent data encryption which encrypts databases, backups and logs at rest.
7. Users and passwords
- We grant you the right to access and use the Application with the particular privileges corresponding to your subscription.
- It is your responsibility to ensure you use strong passwords and follow sensible precautions to ensure that those passwords do not become known to anyone else.
- We do not store any user passwords within our systems.
- You determine who is an Invited User, subject to 4 above, and what level of user role access to the relevant Workspace that Invited User has and you can revoke that access at any time.
- You are responsible for all Invited Users’ use of the Application.
- All users are required to use some form of multi-factor authentication.
- If there is any dispute between you and an Invited User regarding access to any Workspace, you will decide what level of access that Invited User shall have, if any.
8. Fair Use
- Because all users of the online components of the Application operate in a shared environment, it is possible that excessive use by some users could adversely impact on the performance of the system for other users.
- If we believe your use of the service, particularly the use of long-running automated workflows, is degrading the performance of the system for other users, we reserve the right to take corrective action including, but not limited to, limiting the number or type of workflows you may run, temporarily suspending or – when no other options are available – terminating your subscription.
9. Privacy
- Our full Privacy Policy is available at https://www.calxa.com/privacy and we strongly recommend that you read it and make sure you are comfortable with its contents. Acceptance of the Privacy Policy is required to use the Application.
10. PCI Compliance: Storage of Payment Details
- We do not store payment details anywhere in our system. Credit card details are managed by eWay, Airwallex or Stripe and Direct Debit details by EziDebit.
- We licence the Application on a subscription basis and you authorise us to process payments from your nominated account each month or year as you have selected.
- An invoice will be issued on the due date of your subscription, at the time the payment is processed.
- Subscription fees include GST in Australia. No taxes are included in other countries.
- You may cancel your subscription at any time (See 12 below) by selecting the cancellation option within the Application.
11. Data breaches
- There has never been any breach of security of our systems or loss of customer data.
- We will notify any affected customers as soon as is practical if we do ever discover a breach.
- If a breach involves personal information that is likely to result in serious harm, we have committed to notifying the Australian Information Commissioner of such a breach as soon as practical.
- Any serious breach affecting customers or your data will be notified at calxa.com.
12. Cancellation and Termination of Licence
- You may terminate this Licence at any time. If you have purchased the Licence directly from us, we will refund your purchase price if you cancel within 30 days of purchase. After that time, no refund or credit is given on termination of the Licence, unless required by law.
- The termination of this Licence will be without prejudice to any rights which we or the Application Owner may have. Upon termination of this Licence by us for whatever cause, we are discharged and released from all obligations under this Licence. Your obligations specified in this Licence will survive the termination of this Licence and you must continue to comply with those obligations notwithstanding the termination.
13. Exclusion of warranties and liability
- This licence agreement does not exclude, restrict or modify the application of any provision of the Australian Consumer Law (“ACL”); the exercise of any right or remedy conferred by the ACL; or our liability for a failure to comply with applicable consumer guarantees where to do so would contravene the ACL or cause any part of these provisions to be void.
- If circumstances arise where you are entitled to claim damages from us (or the Application Owner or any other party involved in the development or supply of the Application) notwithstanding the other provisions of this Licence, our liability (and the liability of the Application Owner and any other party involved in the development or supply of the Application) to you for the aggregate of all such claims (regardless of the basis on which you are entitled to claim from us including, without limitation, negligence) is, to the extent permitted by ACL or other applicable law, limited to the lesser of (a) the amount of any actual loss or damage which you sustain; (b) the amount of the license fees paid by you with respect to the relevant part of the Application; and (c) our cost of replacing or repairing any defective Application.
- We and the Application Owner are not liable for losses or damages of third parties claimed against you howsoever arising. In no event will we or the Application Owner be liable for lost profits, lost savings, damage to or destruction of data or any incidental or consequential damages even if we or the Application Owner have been advised of the possibility of such damages.
14. Additional Terms
- Due to the on-going nature of these provisions, we reserve the right to change these terms at any time. We will make every effort to communicate these changes either by email or by updating this document on our websites at https://www.calxa.com/software-licence-agreement. It is your obligation to ensure you have read, understood and agreed to the most recent terms on the Website.
- If any provision of this Licence is found to be invalid, unenforceable or illegal, then that provision will be deemed to be deleted to the extent necessary to remove the invalid, unenforceable or illegal portion and the balance of this Licence will remain binding.
- You agree that this is the complete and exclusive statement of the agreement between you and us and that it supersedes all proposals or prior agreements, oral or written, and all other communications between all parties relating to the subject matter of this Licence.
- This Licence is made in accordance with, and is subject to, the laws of Queensland and you irrevocably agree that all disputes are subject to and must be submitted to the jurisdiction of the Courts of Queensland.
Data Processing Addendum
This Data Processing Addendum (the Addendum) forms part of the Calxa End User Licence Agreement (and any ancillary or related documentation), as updated or amended from time to time (the Agreement), between you, the Customer (as defined below) and Calxa. All capitalised terms not defined in this Addendum have the meaning set out in the Agreement.
This addendum only applies if and to the extent Calxa processes personal data on behalf of a Customer that qualifies as a controller with respect to that personal data under Applicable Data Protection Law (as defined below). If the Customer had entered into earlier data processing terms with Calxa, those terms are replaced by this Addendum.
Data Protection
In this Addendum, the following terms have the following meanings:
- controller, processor, data subject, personal data, processing (and process) and special categories of personal data have the meanings given in Applicable Data Protection Law
- Applicable Data Protection Law means the EU General Data Protection Regulation (Regulation 2016/679) (the GDPR) and any applicable national laws made under the GDPR
- Customer has the same meaning as ‘you’ in the Calxa End User Licence Agreement
Relationship of the Parties
The Customer (the controller) appoints Calxa as a processor to process the personal data described in Annex B (the Data) only on the controller’s documented instructions (and as per the terms set out in this Addendum) for the purposes described in the Agreement or as otherwise agreed in writing by the parties (the Permitted Purpose). Each party must comply with the obligations that apply to it under Applicable Data Protection Law.
Prohibited Data
Unless explicitly requested by Calxa to do so, the Customer will not disclose (and will not permit any data subject to disclose) any special categories of personal data to Calxa for processing.
International Transfers
Calxa will not transfer the Data outside of the European Economic Area (EEA) nor the United Kingdom (UK) unless it has taken such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law. Such measures may include (without limitation) transferring the Data to a recipient in a country that the European Commission and/or the UK Secretary of State (as applicable) has decided provides adequate protection for personal data (eg, Australia) or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission and/or UK Secretary of State or UK Information Commissioner (as applicable). To this end, you authorise Calxa to enter into standard contractual clauses as your agent and on your behalf with any recipient of Data who is not located in an Adequate Country where this is necessary for compliance with Applicable Data Protection Law.
Confidentiality of Processing
Calxa will ensure that any person it authorises to process the Data (an Authorised Person) will protect the Data in accordance with Calxa’s confidentiality obligations under the Agreement.
Security
Calxa will implement technical and organisational measures, which may be amended and updated from time to time, to protect the Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the Data (a Security Incident).
Subcontracting
The Customer consents to Calxa engaging third-party subprocessors to process the Data for the Permitted Purpose provided that:
- Calxa maintains an up-to-date list of its subprocessors, which is available below, which it will update with details of any change in subprocessors at least 30 days prior to the change;
- Calxa imposes data protection terms on any subprocessor it appoints that require it to protect the Data to the standard required by Applicable Data Protection Law; and
- Calxa remains liable for any breach of this Addendum that is caused by an act, error or omission of its subprocessor. The Customer may object to Calxa’s appointment or replacement of a subprocessor prior to its appointment or replacement, provided such objection is based on reasonable grounds relating to data protection. In such an event, Calxa will either not appoint or replace the subprocessor or, if Calxa determines at its sole discretion that this is not reasonably possible, the Customer may suspend or terminate the Agreement without penalty (without prejudice to any fees incurred by the Customer up to and including the date of suspension or termination).
Cooperation and Data Subjects’ Rights
Calxa will provide reasonable and timely assistance to the Customer (at the Customer’s expense) to enable the Customer to respond to:
- any request from a data subject to exercise any of its rights under Applicable Data Protection Law; and
- any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the Data. If any such request, correspondence, enquiry or complaint is made directly to Calxa, Calxa will promptly inform the Customer, providing full details.
Data Protection Impact Assessment
If Calxa believes or becomes aware that its processing of the Data is likely to result in a high risk to the data protection rights and freedoms of data subjects, it will inform the Customer and provide reasonable cooperation to the Customer in connection with any data protection impact assessment that may be required under Applicable Data Protection Law.
Security Incidents
If it becomes aware of a confirmed Security Incident, Calxa will inform the Customer without undue delay and will provide reasonable information and cooperation to the Customer so that they can fulfil any data breach reporting obligations they may have under (and in accordance with the timescales required by) Applicable Data Protection Law. Calxa will further take reasonably necessary measures and actions to remedy or mitigate the effects of the Security Incident and keep the Customer informed of all material developments in connection with the Security Incident.
Deletion or Return of Data
Calxa will retain the Data for a period of 2 years after a subscription is terminated in case the Customer later needs access to it. On expiry of this period or on the Customer’s earlier request, Calxa will delete or return the Data in a manner and form decided by Calxa, acting reasonably. This requirement will not apply to the extent that Calxa is required by applicable law to retain some or all of the Data, or to Data it has archived on back-up systems, which Data Calxa shall securely isolate and protect from any further processing.
Audit
The Customer acknowledges that Calxa is regularly audited by independent third-party auditors appointed by both Xero and Intuit.
Annex A – Security Measures
Calxa stores customer data in Microsoft Azure Data Centres in Australia and makes full use of the security tools and testing processes provided by that environment. In addition, both Xero and Intuit conduct an annual review of Calxa’s system to ensure that it meets their security requirements.
Annex B – Data Processing Schedule
Subject Matter and Duration of Processing of Personal Data
- The subject matter of personal data to be processed is that of the contacts of the Customer entered by or at the election of the Customer into the Calxa platform.
- The duration of processing personal data shall be for as long as we have a business relationship with the Customer, and at the end of that relationship, we will act in accordance with clause 1.11 regarding deletion or return of such personal data.
Nature and Purpose of Processing Personal Data
- The nature and purpose of processing personal data is to enable the functionality of the Calxa Platform as set out in the Agreement and related documentation.
Types of Personal Data Processed
- The types of personal data processed include names, addresses and contact details
Categories of Data Subjects
- The categories of data subjects include employees / contractors of Customer and other contacts of the Customer invited as users of the customer workspace.
Annex C – Subprocessors
Calxa uses third party subprocessors to provide our services to you. They process data that you input to our platform, which may include personal data.
Entity Name | Service | Entity Country |
Microsoft Azure | Cloud infrastructure services including data storage and processing | United States |
Intercom | Activity aggregation and messaging | Ireland |