Our Use of AI Tools — What It Means for Your Data

The Short Version

We use AI (specifically Anthropic’s Claude) to work faster and more accurately on your behalf. We supervise every output. We are accountable for everything that reaches you.

The Tools We Use — and Why This Is Not New

Your financial data already lives across multiple third-party platforms as a normal part of how modern accounting works:

Xero stores your full ledger, transactions, and financial history on cloud servers
Google Drive / Microsoft 365 holds your documents, correspondence, and reports
Email transmits sensitive financial information daily across third-party infrastructure
Bank feeds pipe live transaction data through third-party aggregators into your accounting software

You trust these tools because they are professionally operated, keep your data separate from other clients, and use your data only to deliver the service. We apply exactly the same standard to AI.

We use Claude Code — a professional developer tool built by Anthropic — to automate and accelerate accounting work. This means your financial data (including bank statements, asset registers, and Xero exports) is processed by Claude as part of delivering your work. Here is exactly what that means.

We Did Not Choose Our AI Tools Lightly

Anthropic’s Claude is the AI of choice for some of the most scrutinised organisations in global finance:

PwC Training 30,000 professionals on Claude across their client delivery work

KPMG Deploying Claude to 276,000 staff globally via their Digital Gateway platform

Intuit Embedding Claude across QuickBooks and TurboTax, serving 100 million customers

These organisations applied the same rigorous evaluation to Claude that we did. Their confidence in it — at a scale and under a level of regulatory scrutiny far beyond our own — is part of why we are confident in our choice.

FAQ — What Our Use of AI Means for Your Data

Question	Answer	Source
Is my full financial data going into an AI?	Yes, by design — the same way it goes into Xero or your bank feed. We process bank statements, asset registers, and Xero exports through Claude Code to do the work faster and more accurately.	Anthropic: What data is collected
Is Anthropic training its AI on my financials?	No. On paid plans (Claude Max and the API), Anthropic does not use submitted data to train its models by default — the same standard applied by Google Workspace and Microsoft 365.	Anthropic: How data is used Google Workspace AI privacy Microsoft 365 data & privacy
Can Anthropic staff read my data?	Data is processed by Anthropic’s infrastructure to generate a result — automated, not human. Google operates the same way: access is restricted to staff who need it to deliver the service.	Anthropic: Security controls Google: Staff access
Could my data end up in another user’s AI output?	Paid plans are fully isolated. Each client’s data is entirely separate. Your data is yours alone and surfaces only in your work.	Anthropic: Security controls
What security standards is Claude Code actually held to?	The same independently audited certifications required of tools like Xero and Google — not self-declared, verified by external auditors: SOC 2 Type II — the most demanding SOC audit tier. It doesn’t just check that controls exist; it verifies they operated effectively over a sustained period. Banks and financial institutions require this of their technology vendors. ISO 27001:2022 — the international standard for information security management. Requires systematic, documented controls over how data is stored, accessed, and protected — not ad hoc security, but a certified programme. ISO 42001:2023 — the AI-specific management standard. Addresses risks that general security certifications don’t cover: data governance in AI contexts, transparency, and controls over how AI systems handle information. No equivalent exists for Xero or Google Drive because they are not AI systems. HIPAA-ready — the healthcare data standard, widely regarded as one of the strictest data handling frameworks in existence. Meeting it signals infrastructure built to handle sensitive personal records — the same bar hospitals and insurers are held to.	Anthropic certifications Claude Code security Xero security
What if there’s a data breach at Anthropic?	The same risk exists with every cloud tool you use. Anthropic, Xero, and Google all hold SOC 2 and ISO 27001 certifications — the same baseline security standards required of any serious SaaS provider.	Anthropic Trust Center Xero security
Do you have a formal data agreement with Anthropic?	We operate under Anthropic’s standard privacy terms for paid plans — the same arrangement that covers our use of Xero, Microsoft, and every other professional tool we rely on.	Anthropic Privacy Policy Xero Data Processing Terms
What’s actually different about AI vs. the tools I already accept?	Two things: we tell you we’re using it, and AI processes your data transiently rather than storing it long-term the way Xero does. The data protection standards are comparable to the tools you already use every day.	Anthropic Trust Center Google Workspace AI privacy Microsoft 365 data & privacy

Lines We Will Never Cross

While AI brings real advantages to the quality and speed of our work, some lines remain fixed regardless of how convenient it might be to cross them:

AI advises; we act. Nothing is filed, submitted, sent, or executed without a qualified human reviewing and making a deliberate decision. Every consequential step is ours.
Professional judgement stays with us. AI informs our thinking — it does not determine tax positions, materiality calls, or anything that requires professional accountability.
Your data is used only to deliver your work. We use paid professional plans exclusively, make no silent integrations with your live systems, and your financials are never used to train or improve any AI model.
You will always know when AI was involved. We do not present AI-assisted work as purely our own.

The Same Professional Standards — Now Applied to AI

We have always been legally and professionally obligated to protect your financial data — under GDPR, under our professional body requirements, and under the terms of every engagement we take on. This is not new, and adopting AI has added nothing to that obligation. Claude operates within the same framework of accountability we have always maintained. The standards AI is held to are the standards we were already meeting.

Our Commitments

We use paid professional plans exclusively
All AI outputs are reviewed by us before they reach you
We are transparent about when and how AI is used on your engagement
We are happy to answer questions at any time

The tools have changed. Our responsibility to you has not. We hold ourselves to the same professional and ethical standards we always have — AI is how we do the work better, and it raises the bar on what we can deliver.