Effective Date: June 30, 2023
This policy describes how the companies within the Sage group collect and handle personal information that customers provide through or in conjunction with the Sage Intacct financial management software-as-a-service business application (the “Sage Intacct Services”). It also describes your rights regarding use, access and correction of your personal information within the Sage Intacct Services. The Privacy Policy of the Sage Intelligent Time timekeeping services (the “Timekeeping Services”) describes the collection and handling of customer-provided personal information within those services. Other products and services that you buy from Sage, even if you buy them alongside the Sage Intacct Services, may have separate privacy policies. If that product or service is operated by a company within the Sage group, then the general privacy notice available here applies. If the product or service is operated by a third party, then that third party’s privacy policy applies.
The Sage Intacct Services are generally operated by Sage Intacct, Inc. and its subsidiaries. Sage Intacct is an indirect subsidiary of the Sage Group plc, a UK-headquartered publicly traded company. Sister companies of Sage Intacct within the Sage group administer sales and customer relationship management for customers of the Sage Intacct Services in certain territories: Sage Business Solutions Pty Ltd for customers in Australia, Sage Software Canada Limited for certain customers in Canada, Sage (UK) Ltd for customers in the United Kingdom and Ireland, and Sage SAS for customers in France. Sister companies of Sage Intacct also deliver certain functionality and features that integrate or interoperate with the Sage Intacct Services. The operations of these sister companies are governed by the general privacy notice of the Sage group, available here.
This policy does not apply to information collected through the corporate website for the Sage group of companies (www.sage.com) or outside the operation of the Sage Intacct Services. The Sage Privacy Notice describes Sage’s practices with respect to information collected from websites linking to that privacy notice. If you are considering applying for a job with Sage, currently work for Sage, or have worked for Sage, then the HR Privacy Notice applies to information we collect or have collected as a part of those relationships.
This policy refers to Sage Intacct, Inc. and its subsidiaries as "Sage Intacct," “we,” “us” and “our.” References to “you” and “your” are to the controllers of the data input into the Sage Intacct Services. This generally is our customers, the companies and organizations that have subscribed to the Sage Intacct Services, and their users. In some cases, this may be our partners with respect to data provided by them in the course of their use of the Sage Intacct Services. If you are an individual whose data is controlled by a customer or partner of ours and input into the Sage Intacct Services by that customer or partner, please direct your privacy-related inquiries to them. You can find further details in “Your Responsibilities and Rights” below.
You provide us with several kinds of information: Customer Data, Administrative Data, and Billing Data.
Customer Data is the information submitted into the Sage Intacct Services when you use the Sage Intacct Services, when the Sage Intacct Services interoperate with third party applications, or when you receive customer support. This include accounting information, transactions (for example, with suppliers or customers), bank account information and other financial information, as well as information derived by the operation of the Sage Intacct Services from those submissions at your instruction, such as reports. Customer Data may be submitted directly by you or indirectly through our partners.
Our system processes and stores Customer Data on your behalf in order to provide you the Sage Intacct Services and as otherwise provided in our agreement with you. We restrict our employees’ access to Customer Data in production and backup environments to (1) support, client services and technical staff, who with your permission may have access to your Customer Data to provide customer support, technical troubleshooting, error fixing and professional services, and (2) a limited number of operations personnel, who may have controlled access to Customer Data for troubleshooting and system maintenance. We use Customer Data as your processor to provide you the Sage Intacct Services and to address customer support requests and technical problems. We also use Customer Data for product research, development, and innovation. We will not otherwise use Customer Data for our own purposes without your consent, unless we are required to do by applicable law. Please see your agreement(s) for further details.
The Privacy Policy of the Timekeeping Services describes collection and handling of Customer Data in the Timekeeping Services.
Administrative Data is information you provide during sign-up, purchase or administration of the Sage Intacct Services. This includes (i) company name, address, email and phone number, and (ii) individual users’ names, job titles, emails, phone numbers and account credentials.
We collect, store and use Administrative Data as a controller in the context of providing our products and services to you, including to perform our contractual obligations to you and/or for our legitimate business interests. Specifically, we use Administrative Data to provide the Sage Intacct Services to you, administer your account, administer your subscriptions and renewals and contact you to discuss your subscription needs, provide customer support and professional services, keep a record of our dealings with you, notify you of changes, updates and availability of the Sage Intacct Services, understand your experience using the Sage Intacct Services (for example, by sending you surveys), conduct research, improve the Sage Intacct Services, plan and host events, contact you with marketing communications, notify you of new product offerings, and identify and prevent fraud.
The Privacy Policy of the Timekeeping Services describes collection and handling of Administrative Data in the Timekeeping Services.
Billing Data is financial qualification and billing information you provide as our customer when you purchase, subscribe to, renew or expand the Sage Intacct Services. This includes company name (and in some cases the name of a contact person for billing matters), billing address, credit card information, financial checks (business credit references), and other financial data.
We use Billing Data as a controller in the context of providing our products and services to you, including to enter into a contract with you and/or for our legitimate business interests: to process or collect payment for your transactions with us, keep a record of our dealings with you, and prevent fraud. We store Billing Data for use in your future transactions with us.
If you do not wish to provide Administrative Data and/or Billing Data to us, we will not able to provide the Sage Intacct Services to you or administer them for your account with us.
In relation to the use of the Sage Intacct Services, we collect the following information for our legitimate business purposes:
Cookies and similar technologies: Cookies are small data files that websites associate with visitors to facilitate the proper, efficient or secure operation of the website. The Sage Intacct Services use the following types of cookies:
Type | Description | Expiry |
Session Identification (Required) | These cookies are required to access the Sage Intacct Services and for secure operation of the Sage Intacct Services. When a user logs in, a cookie with encrypted information tied to the user account is placed onto the browser. These cookies allow us to identify the user when he/she is logged in to perform online requests. One required cookie is also used to prevent the same user from logging into the Sage Intacct Services from multiple browsers at the same time. | When browser is closed, or in some cases on the earliest of session timeout, user logout or when browser is closed. |
Persistent User Identification | These cookies allow the Sage Intacct Services to remember information a user has entered such as username, company name, and trusted device for 2-step verification. The Sage Intacct Services place these cookies onto the browser when a user selects “remember me” tick box (opt in). | Some of these cookies expire in 90 days and others in 1 year. |
Non-Persistent User Identification | The Sage Intacct Services place these cookies onto the browser during user login. These cookies allow temporary identification of the user for various functional purposes such as verification of single sign-on (SSO) login, enablement of the “collaborate” feature, and keeping track of SSO. | In 5 minutes. |
Functional | This cookie is placed to keep track of printed invoice record. | On the earliest of session timeout, user logout or when browser is closed. |
User Interface Functionality | These cookies enable various user interface features (such as arranging components on the dashboard) by providing information about the browser screen’s width and height or keeping track of current selected menu in the user interface. | Some of these cookies expire immediately and others expire in 2 minutes. |
Integration Functionality | The Sage Intacct Services use these cookies to remember the user session during the cloud storage authentication. | In 5 minutes. |
Data Import Functionality | The Sage Intacct Services use these cookies to remember the user's last import settings. The next time a user imports data, the previous data import options are populated for the user in the user interface. | In 1 year. |
Performance | The Sage Intacct Services use these cookies to measure the client response time to improve the performance and user experience. | In 2 seconds. |
Infrastructure | These cookies are used by infrastructure components such as load balancer and content delivery network (CDN) and do not collect any customer or user specific information. | When user closes the browser. |
Maintenance | These cookies are placed to show the system maintenance message page. | When user closes the browser. |
CDN | These cookies are used to track session state, store origin server IP to facilitate CDN service, and for testing purposes. | Some of these cookies expire immediately and others expire in 1 year. |
Web Security | These cookies are used to detect malicious visitors to our website and minimize blocking legitimate users. | In up to 7 days. |
Media Playback | These cookies enable viewing of videos and other media content related to product functionality. These cookies do not collect any customer or user specific information. | In 1 hour. |
Pendo Cookies | We use Pendo to provide help and guidance within the product. These cookies allow us to display these guides in the product at the right time. These cookies collect information in a way that does not identify anyone. The Pendo privacy policy is available here. | In up to 100 days. |
The cookies above are essential for the proper operation of the Sage Intacct Services; without them, the Sage Intacct Services will lack major functionality. We do not provide an opt out for cookies identified as “Required” in the table above. In your browser, you can opt out of or delete the other cookies. We do not recommend opting out of cookies, as this will adversely impact the functionality of, and your access to, the Sage Intacct Services and the Sage Intacct Services may not operate as intended without these cookies.
In addition, we use Google Analytics for certain pages on our product website. If you look for them in your browser, they all begin with “_ut” or “_ga”. Google Analytics helps us understand how often users visit our product website and what pages they visit. We use this information to analyze how our website is used and for website and product development and improvement. We have set the Google analytics tool to anonymize IP addresses. The cookies collect information in an anonymous form, including the number of visitors to the Sage Intacct website, where visitors have come to the website from and the pages they visited. You can opt out of Google Analytics across all sites by using this tool.
IP Addresses: We collect the Internet Protocol (IP) address of the computer used to access the Sage Intacct Services. We use IP addresses for added security of the Sage Intacct Services, to optimize the delivery and/or performance of the Sage Intacct Services, and to monitor compliance with export and sanctions laws and our related internal policies. A security feature of the Sage Intacct Services allows a customer’s administrator to review the list of IP addresses from which the customer’s Sage Intacct account has been accessed.
Statistical and Usage Data: When you use the Sage Intacct Services, we may collect statistical information (metadata), server log files, usage patterns and frequency, and volume and value of transactions. That statistical information does not include Customer Data. We may use this statistical information for product improvement and billing. In addition, features of the Sage Intacct Services collect audit trail data, which includes records of each user’s manipulation of Customer Data (for example, creation, editing, reporting, deletion) and, if you subscribe for advanced audit trail functionality, further includes each user’s viewing of, and access to, specific objects containing Customer Data.
Product Development Data: If our agreements with you permit us, we may use elements of Customer Data for product research, development and innovation. Unless otherwise agreed by you, personal data contained in Customer Data in a personally identifiable form will only be used as described in the “Information Provided by You – Customer Data” disclosures above.
Aggregate Data: If Statistical and Usage Data is used by us for any other purposes, we aggregate this data in a way that does not identify or otherwise permit the identification of you or any of your users. We may use and disclose Aggregate Data for training, quality assurance, product development, marketing, promotion, statistical analysis, market analysis, financial analysis, benchmarking and other business purposes.
Do Not Track signals: Some browsers contain features that signal that the user does not want to be tracked, known as “Do Not Track” or DNT. The Sage Intacct Services currently do not respond to those signals.
Third-Party Provided Data: We partner with third parties (for example, payment service providers) who provide products and services within, or related to, the Sage Intacct Services. These third parties may provide us with your Customer Data or Billing Data. We treat this information in the same manner as we treat Customer Data and Billing Data that you provide directly to us.
Audio and Video Information: With your knowledge and consent, we may record phone or video conversations with our professional services or support personnel that include your voice and likeness. We use this information to provide you and the business that you represent implementation services, customer support, to assess the compliance, quality and effectiveness of our customer support program, to collect feedback on our products, and for training purposes.
The Sage Intacct Community is a community forum where customers and partners may share information about the Sage Intacct Services. You should be aware that any information you provide in the Community may be read, collected, and used by others who access the Community. To request removal of your personal information from the Community, contact us as described in “Further Information” below.
We retain Customer Data for the duration of your subscription to the Sage Intacct Services. After your subscription expires, we retain Customer Data for at least 90 days and may store it for up to an additional 90 days. Customer Data may be retained beyond that period in data backups, which may be stored for up to 5 years. We retain Customer Data as necessary to exercise our rights and obligations under our agreement with you, comply with our legal obligations, or resolve disputes.
We keep Administrative Data and Billing Data as part of our business and accounting records for the duration of your relationship with us and thereafter for so long as necessary for our legitimate business purposes. We retain credit cardholder data for no longer than 90 days from the card expiration date. We do not store card-verification code or value (CVV).
Please, refer to the table above for information on cookie expiration. We currently do not delete on a set schedule IP addresses, Statistical Data, Product Development Data, Aggregate Data and call recordings.
We will disclose your information to third parties only as directed by you, as described in your agreements with us and in this policy, or as required by law.
We maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of your Customer Data that are consistent with industry standards. You can learn more about our Information Security Management Program here.
Generally, we store, Administrative Data and Billing Data for all our offerings in the United States. We store Customer Data as follows:
Sage Intacct Services: Production, backup, and disaster recovery copies of Customer Data are stored in the following regions:
Australia: Customer Data of Australian customers is stored in Australia. A copy of production data of Australian customers participating in a customer preview will be transferred to the United States and stored for an eight (8) week preview period.
Canada: Production and backup Customer Data of Canadian customers is stored in Canada. For disaster recovery purposes for Canadian customers, we synchronize Customer Data of Canadian customers to servers in the United States.
France: Customer Data of customers in France is stored in the European Union.
South Africa: Customer Data of South African customers is stored in the European Union.
United Kingdom: Customer Data of customers in the United Kingdom is stored in the European Union.
United States: Customer Data of customers in the United States is stored in the United States.
Certain customer support cases initiated by a customer (i.e., debugging requests) may require copying Customer Data to storage locations located in the United States.
Other Modules: Customer Data stored in AI/ML (artificial intelligence/machine learning) applications and modules, such as the Timekeeping Services, is stored and processed in the United States, the United Kingdom, and the European Union. Customer Data for the Sage Intacct Planning module is also stored and processed in the United States for all customers, except those in the United Kingdom. Planning module Customer Data for customers in the United Kingdom is stored and processed in the European Union. Customer Data for systems integrator modules (i.e., customizations made at a customer’s request by our professional services teams) is stored and processed in the United States.
Sage Colleagues: As part of our global operations, Sage Intacct colleagues or colleagues from companies in the Sage group may access information from other locations outside the United States. All Sage group companies are subject to Sage group data protection policies designed to protect data in accordance with applicable data protection laws.
If you do not want your personal data to be transferred outside the EEA you should not use our website, applications or services.
We are a processor of Customer Data, which is controlled by you, our customers. You are responsible for complying with all data protection laws and regulations applicable to you as a user of the Sage Intacct Service and controller of Customer Data. We have no direct relationship with the individuals whose personal data we process as part of Customer Data. We acknowledge that the individuals have the right to access their personal information. An individual who seeks access/port, or who seeks to correct, amend, or delete inaccurate data, or who wishes to restrict or object to processing of Customer Data, should direct his or her query to you, our customer (the controller). If requested to remove the data, we will respond to the individual within reasonable timeframe and direct the request to you, our customer.
Upon request, we will provide individuals with information about whether we hold any of their personal information in Administrative Data or Billing Data. If you (as a customer) want to edit and/or change any Administrative Data or Billing Data (other than company ID or user ID, which cannot be changed without creating a new account and/or new user), you can do so at any time by using your company ID, user ID, and password to access your account. Please contact Sage Intacct support via the Sage Intacct Communities page for further instructions about deleting or deactivating your Sage Intacct account.
You can opt out from our marketing messages by clicking on the “unsubscribe” link included in them or by contacting your Sage Intacct account manager. That opt out will not extend to transactional or relationship messages. If you wish to opt out from us sharing Administrative Data with third parties for marketing purposes, please contact your Sage Intacct account manager.
As an individual, you have the following rights pursuant to laws that may apply to you or us, such as the General Data Protection Regulation (GDPR):
If you are a California resident, you have the following rights if you submit a verifiable consumer request:
Please see “Administrative Data,” “Billing Data” and “Information Collected by Us” above for a description of the specific pieces of personal information we may collect about individuals and the business and/or commercial purposes for which the personal information is used. The personal information we collect falls into the following categories under the CCPA’s definition of “personal information”:
We obtain this data either directly from you, or from the administrator of your company’s Sage Intacct account who gives you access to the Sage Intacct Services, or from your interaction with the Sage Intacct Services. We do not sell consumers’ personal information. In the preceding 12 months, we have disclosed for a business purpose the following categories of personal information: personal identifiers (e.g., name, email, etc.), professional information (e.g., title), and internet activity information of users (e.g., via the audit trail functionality of the Sage Intacct Services). Please refer to “Disclosure of Information” above.
You may submit requests pursuant to this paragraph using the means described in “Further Information” below.
We may update this policy to reflect changes to our information practices. If we make any material changes that adversely affect you, we will notify you by email (sent to the email address of your Sage Intacct subscription representative on record with us) or by a notice posted in the Sage Intacct Services prior to the change becoming effective. We encourage you to periodically review this page for the latest information about our privacy practices.
If you have any questions about how we handle your information, the contents of this policy, your rights under local law, how to update your records or how to obtain a copy of the information that we hold about you, please write to privacy.intacct[@]sage.com, or by telephone to Sage Intacct’s customer support staff at 877-704-3700 (US), or via postal mail to Sage Intacct, Inc., 300 Park Avenue, Suite 1400, San Jose, CA, 95110, USA. If you wish to exercise your rights under the CCPA, you may also complete the form available here.
A copy of this privacy policy marked to show changes over the prior version is available here.
Give Feedback