Compass Forecasting Logo

CompassForecasting Global Privacy Policy

Last Updated: 11 June, 2026

1. Introduction

Welcome to CompassForecasting. This Privacy Policy explains how Compass Forecasting Pty Ltd (ABN 72 698 681 471) ("CompassForecasting", "we", "us", or "our") collects, uses, protects, and handles your information when you use our website (compassforecasting.com) and our Google Workspace™ Add-on (collectively, the "Service").

We understand that as a financial forecasting tool, privacy and data security are paramount. This policy is written to be completely transparent about our architecture, clearly separating the basic account data we need to run our software from your highly sensitive financial data—which we never touch.

2. Our "No-Access" Financial Data Philosophy

CompassForecasting operates on a strict No-Access Architecture regarding your raw financial data.

We do not collect, extract, host, or store your historical financial ledger data (such as Profit & Loss, Balance Sheets, Trial Balances, or individual transaction amounts) on our servers. When you use our Service to pull data from Xero into Google Sheets, the transfer occurs directly via Application Programming Interfaces (APIs). The resulting data, forecasts, and mathematical calculations are processed locally and live exclusively within your own Google Workspace environment.

3. The Information We Do Collect and Store

While your financial data stays with you, we do collect specific operational data necessary to authenticate you, manage your subscription, and allow our software to function.

A. Account & Subscription Data

To manage your license and billing, we store the following data securely within our cloud-based database infrastructure (hosted on Google Cloud):

  • Your email address (retrieved via your Google login).
  • The name of your connected Xero Organization.
  • Stripe billing identifiers (Customer ID, Subscription ID, Plan Type, and Expiry Date).

Note: We do not collect or store your credit card details; all payments are processed entirely by Stripe.

B. Application Configuration Data (Wizard State / Modeling Variables)

To ensure your forecasts load correctly each time you open the add-on, we store your user-defined configuration settings in our encrypted cloud database infrastructure. This data consists strictly of operational variables and mathematical constants, not your historical ledger records. This includes:

  • Forecast parameters (e.g., model start dates, projection period lengths).
  • Chart of Account structural mappings (e.g., how you have grouped your Xero account codes for display).
  • Specific modeling variables entered into our wizard engines (e.g., user-defined interest rate percentages, manual opening balance overrides, and customized repayment schedules).
  • User Interface preferences (e.g., toggles for showing/hiding specific forecast lines).

C. Customer Support Data

If you contact us via email or our in-app support sidebar, we collect:

  • Your Google email address.
  • The name of your actively connected Xero organization.
  • The version of the CompassForecasting app you are using.
  • The contents of your message.

Note: This data is securely routed via our transactional email service providers strictly to resolve your issue. We do not attach or transmit your spreadsheet contents or financial reports in support requests.

D. Website Visitors & Beta Signups

If you visit compassforecasting.com, we use Google Analytics to collect aggregated usage data to improve our website. Google Analytics uses cookies to track website traffic and user behavior. If you submit a form to join our beta or mailing list, we collect the email address provided to communicate product updates with you. You may unsubscribe at any time.

4. Xero Integration & Read-Only Access

Our Service requires a connection to your Xero accounting software. To protect your security, we use OAuth 2.0. We never see, collect, or store your Xero passwords. Xero authentication tokens are stored securely within your local Google Apps Script PropertiesService, not on our central databases.

We request the following scopes from Xero:

  • Identity Scopes (openid, profile, email): To verify your identity.
  • Persistent Connection (offline_access): To allow the add-on to refresh your session without requiring you to log in repeatedly.
  • Read-Only Accounting Scopes: We request strictly read-only access to your accounting settings and specific reports (Profit & Loss, Balance Sheet, Trial Balance).

NO WRITE ACCESS: CompassForecasting cannot and will not modify, create, edit, or delete any transactions, invoices, or records in your Xero ledger.

5. Google API Services User Data Policy & Limited Use Compliance

CompassForecasting requests and utilizes restricted Google Workspace scopes, including https://www.googleapis.com/auth/spreadsheets.currentonly (to read and write data solely within the actively open Google Sheet) and userinfo.email (to authenticate your software license).

CompassForecasting’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we enforce the following restrictions:

  • We do not use Google API user data to serve, target, or track advertisements.
  • We do not transfer or sell Google API user data to third-party ad networks, data brokers, or any other third parties.
  • We do not allow humans to read your Google API user data unless we have obtained your explicit written consent for a specific customer support ticket, it is necessary for security purposes (such as investigating a bug), or it is required to comply with applicable law.

6. Third-Party Service Providers

We use trusted third-party service providers to run our infrastructure. We do not sell, rent, or trade your personal information to third parties. Our core subprocessors and integration partners include:

  • Google Cloud Platform: For secure cloud database hosting, application execution, and diagnostic error logging.
  • Stripe: For secure payment processing and subscription management (acting as an independent Data Controller for your payment data).
  • Transactional Email Providers: For securely routing customer support inquiries and operational notifications.
  • Google Analytics: For public website visitor analysis and aggregated traffic reporting.

7. Security & Error Logging

We employ industry-standard security measures, including HTTPS encryption in transit and database-level encryption at rest for your configuration data.

To maintain system stability, we utilize cloud-based diagnostic error logging. We utilize automated redaction protocols to ensure that no Personally Identifiable Information (PII) or raw financial data (such as specific ledger balances or mathematical variances) is written to our diagnostic error logs.

8. Data Retention and Deletion

We retain your Account Data and Configuration Data for as long as your subscription is active.

  • Revoking Access: You may revoke CompassForecasting's access to Xero at any time via your Xero Connected Apps dashboard, or by disconnecting the company from the CompassForecasting sidebar, which destroys the local connection tokens.
  • Data Deletion: If you cancel your subscription and wish for your Account and Configuration data to be permanently erased from our cloud database, please email support@compassforecasting.com. We will delete your records within 30 days of the request.

9. Global Privacy Rights (GDPR, CCPA, APA)

Depending on your location (including the UK, EU, California, Australia, and New Zealand), you have specific rights regarding your personal data under laws such as the GDPR, CCPA, and the Australian Privacy Act. These include the right to:

  • Request access to the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your personal data ("Right to be Forgotten").
  • Object to or restrict our processing of your data.

To exercise any of these rights, please contact us using the details below.

9.1. European Union and United Kingdom (GDPR/UK GDPR) Disclosures

For the purposes of the General Data Protection Regulation (GDPR), Compass Forecasting Pty Ltd (ABN 72 698 681 471) acts as a "Data Controller" solely for the Account Data, Configuration Data, and Support Data outlined in Section 3. We do not act as a Data Controller or Data Processor for your Xero financial data, as we never access, collect, or store it.

Our legal basis for collecting and processing your personal data is primarily the performance of a contract (to deliver the Service under our Terms of Service) and our legitimate business interests (such as ensuring system security and responding to support requests).

If you are an EU or UK resident and wish to escalate a privacy complaint, you have the right to lodge a grievance with your local Supervisory Authority. For all European privacy inquiries, please direct correspondence to support@compassforecasting.com with the subject line "GDPR Data Request."

10. Children's Privacy

CompassForecasting is a B2B enterprise software product. The Service is not directed to, nor intended for, individuals under the age of 18. We do not knowingly collect personal information from minors.

11. Trademarks

Google Workspace, Google Sheets, and Google Analytics are trademarks of Google LLC. Xero is a trademark of Xero Limited. All other trademarks, service marks, and trade names are the property of their respective owners. CompassForecasting is an independent service and is not formally endorsed by or affiliated with Google LLC or Xero Limited.

12. Contact Us

If you have any questions or concerns about this Privacy Policy, our data practices, or if you wish to exercise your data privacy rights, please contact us at:

  • Email: support@compassforecasting.com
  • Entity: Compass Forecasting Pty Ltd (ABN 72 698 681 471)
  • Jurisdiction: Australian Capital Territory (ACT), Australia