Legal

Privacy Policy

How data is collected, used, disclosed, and protected when firms connect third-party systems to 360 Centric.

Effective Date

This Privacy Policy is effective as of the date it is published on 360centric.com.

Overview

360 Centric provides an operational governance platform for accounting, tax, and professional services firms. This Privacy Policy explains how data is collected, used, disclosed, and protected when firms connect third-party systems such as Microsoft 365, Intuit platforms, Xero, and other integrated services.

Data Sources

360 Centric may receive data from connected systems including identity providers, email and calendar platforms, accounting systems, tax preparation systems, e-signature providers, payment processors, and voice or communications platforms. Data is accessed only with explicit authorization from the firm.

Types of Data Collected

Collected data may include user identity information, metadata from communications and calendars, client and engagement identifiers, workflow status signals, financial or accounting metadata, tax workflow indicators, and system-generated audit logs. Content within third-party systems remains governed by those systems unless explicitly stored within 360 Centric.

Purpose of Data Use

Data is used solely to provide governance, workflow coordination, evidence retention, auditability, and operational clarity. 360 Centric does not sell data or use it for advertising.

System of Record

360 Centric operates as a governing and coordination layer. Integrated platforms such as Microsoft 365, Intuit, Xero, and others remain systems of record for their native data unless explicitly copied or stored by the firm within 360 Centric.

Data Sharing

360 Centric does not share firm data with third parties except as required to provide authorized integrations, comply with legal obligations, or with the firm’s explicit instruction.

Security

360 Centric employs administrative, technical, and organizational safeguards designed to protect data integrity, confidentiality, and availability, including access controls, audit logging, and encryption.

Regulated Data

Where firms process regulated data (including PHI or financial records), 360 Centric acts in accordance with applicable contractual obligations. Business Associate Agreements or similar agreements apply only where explicitly executed between 360 Centric and the firm.

Data Retention

Data is retained according to firm configuration, contractual requirements, and legal obligations. Firms may request data export or deletion subject to retention rules.

User Rights

Firms control user access and permissions. Requests for access, correction, or deletion should be directed to the firm administrator.

Changes

This Privacy Policy may be updated periodically. Material changes will be posted on 360centric.com.

Contact

Questions regarding this Privacy Policy may be directed to privacy@360centric.com.