Effective Date: March 15, 2023
The Sage Intacct Services are operated by Sage Intacct, Inc. and its subsidiaries. Sage Intacct, Inc. is a subsidiary of the Sage Group plc, a UK-headquartered publicly traded company. Sister companies of Sage Intacct within the Sage group administer sales and customer relationship management for customers of the Sage Intacct Services in certain territories: Sage Business Solutions Pty Ltd for customers in Australia, Sage Software Canada Limited for certain customers in Canada, and Sage (UK) Ltd for customers in the United Kingdom and Ireland. The operations of these sister companies are governed by the general privacy notice of the Sage group, available here.
This policy refers to Sage Intacct, Inc. and its subsidiaries as “we,” “us” and “our.” References to “you” and “your” are to the controllers of the data input into the Sage Intacct Services. This generally is our customers, the companies and organizations that have subscribed to the Sage Intacct Services, and their users. In some cases, this may be our partners with respect to data provided by them in the course of their use of the Sage Intacct Services. If you are an individual whose data is controlled by a customer or partner of ours and input into the Sage Intacct Services by that customer or partner, please direct your privacy-related inquiries to them. You can find further details in “Your Responsibilities and Rights” below.
You provide us with several kinds of information: Customer Data, Administrative Data, and Billing Data.
Customer Data is the information submitted into the Sage Intacct Services when you use the Sage Intacct Services, when the Sage Intacct Services interoperate with third party applications, or when you receive customer support. This includes accounting information, transactions (for example, with suppliers or customers), bank account information and other financial information, as well as information derived by the operation of the Sage Intacct Services from those submissions at your instruction, such as reports. Customer Data may be submitted directly by you or indirectly through our partners.
Our system processes and stores Customer Data strictly on your behalf in order to provide you the Sage Intacct Services and as otherwise provided in our agreement with you. We restrict our employees’ access to Customer Data in production and backup environments to (1) support, client services and technical staff, who with your permission may have access to your Customer Data to provide customer support, technical troubleshooting, error fixing, professional services, and product development, and (2) a limited number of operations personnel, who may have controlled access to Customer Data for troubleshooting and system maintenance. We use Customer Data as your processor to provide you the Sage Intacct Services and to address customer support requests and technical problems.
Administrative Data is information you provide during sign-up, purchase or administration of the Sage Intacct Services. This includes (i) company name, address, email and phone number, and (ii) individual users’ names, job titles, emails, phone numbers and account credentials.
We collect, store and use Administrative Data as a controller in the context of providing our products and services to you, including to perform our contractual obligations to you and/or for our legitimate business interests. Specifically, we use Administrative Data to provide the Sage Intacct Services to you, administer your account, administer your subscriptions and renewals and contact you to discuss your subscription needs, provide customer support and professional services, keep a record of our dealings with you, notify you of changes, updates and availability of the Sage Intacct Services, understand your experience using the Sage Intacct Services (for example, by sending you surveys), conduct research, improve the Sage Intacct Services, plan and host events, contact you with marketing communications, notify you of new product offerings, and identify and prevent fraud.
Billing Data is financial qualification and billing information you provide as our customer when you purchase, subscribe to, renew or expand the Sage Intacct Services. This includes company name (and in some cases the name of a contact person for billing matters), billing address, credit card information, financial checks (business credit references), and other financial data.
We use Billing Data as a controller in the context of providing our products and services to you, including to enter into a contract with you and/or for our legitimate business interests: to process or collect payment for your transactions with us, keep a record of our dealings with you, and prevent fraud. We store Billing Data for use in your future transactions with us.
If you do not wish to provide Administrative Data and/or Billing Data to us, we will not able to provide the Sage Intacct Services to you or administer them for your account with us.
In relation to the use of the Sage Intacct Services, we collect the following information for our legitimate business purposes:
Cookies and similar technologies: Cookies are small data files that websites associate with visitors to facilitate the proper, efficient or secure operation of the website. The Sage Intacct Services use the following types of cookies:
|Session Identification (Required)||These cookies are required to access the Sage Intacct Services and for secure operation of the Sage Intacct Services. When a user logs in, a cookie with encrypted information tied to the user account is placed onto the browser. These cookies allow us to identify the user when he/she is logged in to perform online requests. One required cookie is also used to prevent the same user from logging into the Sage Intacct Services from multiple browsers at the same time.||When browser is closed, or in some cases on the earliest of session timeout, user logout or when browser is closed.|
|Persistent User Identification||These cookies allow the Sage Intacct Services to remember information a user has entered such as username, company name, and trusted device for 2-step verification. The Sage Intacct Services place these cookies onto the browser when a user selects “remember me” tick box (opt in).||Some of these cookies expire in 90 days and others in 1 year.|
|Non-Persistent User Identification||The Sage Intacct Services place these cookies onto the browser during user login. These cookies allow temporary identification of the user for various functional purposes such as verification of single sign-on (SSO) login, enablement of the “collaborate” feature, and keeping track of SSO.||In 5 minutes.|
|Functional||This cookie is placed to keep track of printed invoice record.||On the earliest of session timeout, user logout or when browser is closed.|
|User Interface Functionality||These cookies enable various user interface features (such as arranging components on the dashboard) by providing information about the browser screen’s width and height or keeping track of current selected menu in the user interface.||Some of these cookies expire immediately and others expire in 2 minutes.|
|Integration Functionality||The Sage Intacct Services use these cookies to remember the user session during the cloud storage authentication.||In 5 minutes.|
|Data Import Functionality||The Sage Intacct Services use these cookies to remember the user's last import settings. The next time a user imports data, the previous data import options are populated for the user in the user interface.||In 1 year.|
|Performance||The Sage Intacct Services use these cookies to measure the client response time to improve the performance and user experience.||In 2 seconds.|
|Infrastructure||These cookies are used by infrastructure components such as load balancer and content delivery network (CDN) and do not collect any customer or user specific information.||When user closes the browser.|
|Maintenance||These cookies are placed to show the system maintenance message page.||When user closes the browser.|
|CDN||These cookies are used to track session state, store origin server IP to facilitate CDN service, and for testing purposes.||Some of these cookies expire immediately and others expire in 1 year.|
|Web Security||These cookies are used to detect malicious visitors to our website and minimize blocking legitimate users.||In up to 7 days.|
|Media Playback||These cookies enable viewing of videos and other media content related to product functionality. These cookies do not collect any customer or user specific information.||In 1 hour.|
The cookies above are essential for the proper operation of the Sage Intacct Services; without them, the Sage Intacct Services will lack major functionality. We do not provide an opt out for cookies identified as “Required” in the table above. In your browser, you can opt out of or delete the other cookies. We do not recommend opting out of cookies, as this will adversely impact the functionality of, and your access to, the Sage Intacct Services and the Sage Intacct Services may not operate as intended without these cookies.
In addition, we use Google Analytics for certain pages on our product website. If you look for them in your browser, they all begin with “_ut” or “_ga”. Google Analytics helps us understand how often users visit our product website and what pages they visit. We use this information to analyze how our website is used and for website and product development and improvement. We have set the Google analytics tool to anonymize IP addresses. The cookies collect information in an anonymous form, including the number of visitors to the Sage Intacct website, where visitors have come to the website from and the pages they visited. You can opt out of Google Analytics across all sites by using this tool.
IP Addresses: We collect the Internet Protocol (IP) address of the computer used to access the Sage Intacct Services. We use IP addresses for added security of the Sage Intacct Services, to optimize the delivery and/or performance of the Sage Intacct Services, and to monitor compliance with export and sanctions laws and our related internal policies. A security feature of the Sage Intacct Services allows a customer’s administrator to review the list of IP addresses from which the customer’s Sage Intacct account has been accessed.
Statistical and Usage Data: When you use the Sage Intacct Services, we may collect statistical information (metadata), such as server log files, usage patterns and frequency, and volume and value of transactions. That statistical information does not include Customer Data. We may use this statistical information for product improvement and billing. In addition, features of the Sage Intacct Services collect audit trail data, which includes records of each user’s manipulation of Customer Data (for example, creation, editing, reporting, deletion) and, if you subscribe for advanced audit trail functionality, further includes each user’s viewing of, and access to, specific objects containing Customer Data.
Product Development Data: If our agreements with you permit us, we may use elements of Customer Data for product research, development and innovation. Unless otherwise agreed by you, personal data contained in Customer Data in a personally identifiable form will only be used as described in the “Information Provided by You – Customer Data” disclosures above.
Aggregate Data: If Statistical and Usage Data is used by us for any other purposes, we aggregate this data in a way that does not identify or otherwise permit the identification of you or any of your users. We may use and disclose Aggregate Data for training, quality assurance, product development, marketing, promotion, statistical analysis, market analysis, financial analysis, benchmarking and other business purposes.
Do Not Track signals: Some browsers contain features that signal that the user does not want to be tracked, known as “Do Not Track” or DNT. The Sage Intacct Services currently do not respond to those signals.
Third-Party Provided Data: We partner with third parties (for example, payment service providers) who provide products and services within, or related to, the Sage Intacct Services. These third parties may provide us with your Customer Data or Billing Data. We treat this information in the same manner as we treat Customer Data and Billing Data that you provide directly to us.
Audio and Video Information: With your knowledge and consent, we may record phone or video conversations with our professional services or support personnel that include your voice and likeness. We use this information to provide you and the business that you represent implementation services, customer support, to assess the compliance, quality and effectiveness of our customer support program, to collect feedback on our products, and for training purposes.
The Sage Intacct Community is a community forum where customers and partners may share information about the Sage Intacct Services. You should be aware that any information you provide in the Community may be read, collected, and used by others who access the Community. To request removal of your personal information from the Community, contact us as described in “Further Information” below.
We retain Customer Data for the duration of your subscription to the Sage Intacct Services. After your subscription expires, we retain Customer Data for at least 90 days and may store it for up to an additional 90 days. Customer Data may be retained beyond that period in data backups, which may be stored for up to 5 years. We retain Customer Data as necessary to exercise our rights and obligations under our agreement with you, comply with our legal obligations, or resolve disputes.
We keep Administrative Data and Billing Data as part of our business and accounting records for the duration of your relationship with us and thereafter for so long as necessary for our legitimate business purposes. We retain credit cardholder data for no longer than 90 days from the card expiration date. We do not store card-verification code or value (CVV).
Please, refer to the table above for information on cookie expiration. We currently do not delete on a set schedule IP addresses, Statistical Data, Product Development Data, Aggregate Data and call recordings.
We will disclose your information to third parties only as directed by you, as described in your agreements with us and in this policy, or as required by law.
We maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of your Customer Data that are consistent with industry standards. You can learn more about our Information Security Management Program here.
Generally, we store, Administrative Data and Billing Data for all our offerings in the United States. We store Customer Data as follows:
Sage Intacct Services: Production, backup, and disaster recovery copies of Customer Data are stored in the following regions:
Australia: Customer Data of Australian customers is stored in Australia. A copy of production data of Australian customers participating in a customer preview will be transferred to the United States and stored for an eight (8) week preview period.
Canada: Production and backup Customer Data of Canadian customers is stored in Canada. For disaster recovery purposes for Canadian customers, we synchronize Customer Data of Canadian customers to servers in the United States.
South Africa: Customer Data of South African customers is stored in the European Union.
United Kingdom: Customer Data of customers in the United Kingdom is stored in the European Union.
United States: Customer Data of customers in the United States is stored in the United States.
Certain customer support cases initiated by a customer (i.e., debugging requests) may require copying Customer Data to storage locations located in the United States.
Other Modules: Customer Data stored in AI/ML (artificial intelligence/machine learning) applications and modules, such as the Timekeeping Services, is stored and processed in the United States, the United Kingdom, and the European Union. Customer Data for the Sage Intacct Planning module is also stored and processed in the United States for all customers, except those in the United Kingdom. Planning module Customer Data for customers in the United Kingdom is stored and processed in the European Union.
Sage Colleagues: As part of our global operations, Sage Intacct colleagues or colleagues from companies in the Sage group may access information from other locations outside the United States. All Sage group companies are subject to Sage group data protection policies designed to protect data in accordance with applicable data protection laws.
If you do not want your personal data to be transferred outside the EEA you should not use our website, applications or services.
We are a processor of Customer Data, which is controlled by you, our customers. You are responsible for complying with all data protection laws and regulations applicable to you as a user of the Sage Intacct Service and controller of Customer Data. We have no direct relationship with the individuals whose personal data we process as part of Customer Data. We acknowledge that the individuals have the right to access their personal information. An individual who seeks access/port, or who seeks to correct, amend, or delete inaccurate data, or who wishes to restrict or object to processing of Customer Data, should direct his or her query to you, our customer (the controller). If requested to remove the data, we will respond to the individual within reasonable timeframe and direct the request to you, our customer.
Upon request, we will provide individuals with information about whether we hold any of their personal information in Administrative Data or Billing Data. If you (as a customer) want to edit and/or change any Administrative Data or Billing Data (other than company ID or user ID, which cannot be changed without creating a new account and/or new user), you can do so at any time by using your company ID, user ID, and password to access your account. Please contact Sage Intacct support via the Sage Intacct Communities page for further instructions about deleting or deactivating your Sage Intacct account.
You can opt out from our marketing messages by clicking on the “unsubscribe” link included in them or by contacting your Sage Intacct account manager. That opt out will not extend to transactional or relationship messages. If you wish to opt out from us sharing Administrative Data with third parties for marketing purposes, please contact your Sage Intacct account manager.
As an individual, you have the following rights pursuant to laws that may apply to you or us, such as the General Data Protection Regulation (GDPR):
If you are a California resident, you have the following rights if you submit a verifiable consumer request:
To receive disclosure of:
Please see “Administrative Data,” “Billing Data” and “Information Collected by Us” above for a description of the specific pieces of personal information we may collect about individuals and the business and/or commercial purposes for which the personal information is used. The personal information we collect falls into the following categories under the CCPA’s definition of “personal information”:
We obtain this data either directly from you, or from the administrator of your company’s Sage Intacct account who gives you access to the Sage Intacct Services, or from your interaction with the Sage Intacct Services. We do not sell consumers’ personal information. In the preceding 12 months, we have disclosed for a business purpose the following categories of personal information: personal identifiers (e.g., name, email, etc.), professional information (e.g., title), and internet activity information of users (e.g., via the audit trail functionality of the Sage Intacct services). Please refer to “Disclosure of Information” above.
You may submit requests pursuant to this paragraph using the means described in “Further Information” below.
We may update this policy to reflect changes to our information practices. If we make any material changes that adversely affect you, we will notify you by email (sent to the email address of your Sage Intacct subscription representative on record with us) or by a notice posted in the Sage Intacct Services prior to the change becoming effective. We encourage you to periodically review this page for the latest information about our privacy practices.
If you have any questions about how we handle your information, the contents of this policy, your rights under local law, how to update your records or how to obtain a copy of the information that we hold about you, please write to privacy.intacct[@]sage.com, or by telephone to Sage Intacct’s customer support staff at 877-704-3700 (US), or via postal mail to Sage Intacct, Inc., 300 Park Avenue, Suite 1400, San Jose, CA, 95110, USA. If you wish to exercise your rights under the CCPA, you may also complete the form available here.