Privacy Policy — Core365 InvoiceLink

This Privacy Policy applies to Core365 InvoiceLink, a Microsoft AppSource certified add-on for Dynamics 365 Business Central. Published by Core365 Pty Ltd (ABN 44 681 184 001), Sydney NSW Australia. Effective: 1 March 2026.

For privacy questions contact: support@core365.com.au

Who We Are

Core365 InvoiceLink is a product of Core365 Pty Ltd (ABN 44 681 184 001), an Australian company registered in New South Wales. We develop and publish Microsoft Dynamics 365 Business Central add-on extensions via Microsoft AppSource.

This Privacy Policy applies to the Core365 InvoiceLink application and all related services operated by Core365 Pty Ltd.

What Information We Collect

We collect the minimum information necessary to provide the InvoiceLink service:

  • Business identity data — Company name, ABN, Peppol Participant ID

  • Invoice data — Invoice numbers, dates, amounts, GST components, line items required to generate PINT A-NZ compliant Peppol XML

  • Customer and vendor data — Business names, ABNs, Peppol IDs, email addresses of your business contacts

  • Transaction logs — Peppol send/receive status, timestamps, message IDs for audit trail purposes

  • Setup configuration — Access point API credentials (stored encrypted), approval workflow settings

  • Usage telemetry — Anonymous feature usage data via Microsoft Business Central telemetry

We do not collect personal data of individual consumers. InvoiceLink is a B2B product and all data processed is business data.

How We Use Your Information

We use your information only to provide and improve the InvoiceLink service:

  • Generating PINT A-NZ compliant Peppol XML invoices from your Business Central data

  • Transmitting invoices to recipients via your chosen ATO-accredited Peppol Access Point

  • Validating Australian Business Numbers (ABN) against the ATO ABR register

  • Maintaining the 5-year ATO-compliant e-invoice audit trail within your Business Central environment

  • Calculating and displaying your Peppol compliance readiness score

  • Sending approval workflow notifications to designated approvers within your organisation

  • Providing product support and resolving technical issues

We do not: sell your data to third parties, use your invoice data for advertising, share your financial data with any party other than your chosen Peppol Access Point for the purpose of invoice delivery, or store invoice content on Core365 infrastructure.

Data Sharing

Your data is shared only with these parties and only as required to deliver the service:

  • Your Peppol Access Point provider — Invoice XML is transmitted to your chosen ATO-accredited access point to deliver invoices over the Peppol network. You select and contract directly with your access point provider.

  • ATO ABR (abr.business.gov.au) — ABN numbers are validated against the free public ATO ABR API. No personal data is sent — only ABN numbers for lookup.

  • Microsoft — InvoiceLink operates within Microsoft Dynamics 365 Business Central. Microsoft's privacy policy governs the underlying platform. See microsoft.com/privacy.

We do not share your data with any other third parties, advertisers, data brokers, or analytics services.

Data Storage and Security

InvoiceLink is designed with a data-minimal architecture:

  • All invoice data and transaction logs are stored within your Microsoft Business Central environment — not on Core365 servers

  • Access point API credentials are stored encrypted within your Business Central environment

  • Core365 does not operate any database containing your financial data

  • The 5-year audit trail required by the ATO is maintained within Business Central's native document storage

  • Microsoft Business Central is hosted in Microsoft Azure data centres in Australia (Australia East / Australia Southeast regions for Australian tenants)

Because your data resides in your own Business Central environment, your existing Microsoft data governance, backup, and security arrangements apply.

Your Rights

Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the right to:

  • Access personal information we hold about you or your business

  • Request correction of inaccurate information

  • Request deletion of your data (subject to ATO retention requirements)

  • Opt out of non-essential communications

  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

To exercise any of these rights, contact us at privacy@core365.com.au. We will respond within 30 days.

Microsoft Business Central Data

InvoiceLink reads data from your Business Central environment to generate Peppol invoices. This includes sales invoice data, customer records, vendor records, and company setup information.

This data access is governed by the permissions you grant when installing InvoiceLink from Microsoft AppSource, and by Microsoft's Business Central licensing terms. Core365 accesses only the data necessary to provide the InvoiceLink functionality.

Uninstalling InvoiceLink from your Business Central environment removes the extension and its configuration data. Historical Peppol transaction log entries remain in your Business Central database as required by ATO record-keeping obligations.

ATO Compliance and Record Keeping

The ATO requires businesses to retain e-invoice records for a minimum of 5 years. InvoiceLink maintains an audit trail of all Peppol transactions within your Business Central environment to satisfy this requirement.

This audit trail includes invoice numbers, dates, sender/receiver Peppol IDs, transmission timestamps, delivery confirmation status, and message IDs. This data cannot be deleted within the 5-year retention period to ensure ATO compliance.

Cookies and Tracking

The InvoiceLink Business Central extension does not use cookies. It operates entirely within the Business Central application environment.

The Core365 website (core365.com.au) may use standard website analytics cookies to understand how visitors use our site. You can disable cookies in your browser settings. This does not affect InvoiceLink functionality.

Children's Privacy

InvoiceLink is a business-to-business product intended for use by Australian businesses and their employees. It is not directed at or intended for use by children under the age of 18. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and notify active InvoiceLink subscribers via email.

Continued use of InvoiceLink after changes are posted constitutes acceptance of the updated policy.

Legal disclosure:

We will disclose any information we collect, use or receive if required or permitted by law, such as to comply with a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Contact information:

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may send an email to info@core365.com.au.

Core365 Pty Ltd

Australia's most agile Microsoft technology partner. Enterprise expertise, startup speed, personal service.

Solutions

  • Dynamics 365

  • Power BI

  • Cloud Infrastructure

  • IT Security

Support

info@core365.com.au

+61-049-014-7770

© 2025 Core365 Pty Ltd. All rights reserved.