AI Use Policy
Crunch Accounting Services Limited — how we use AI tools responsibly in our practice.
Contents
1. Purpose & Scope
Crunch Accounting Services Limited uses AI-assisted tools to improve the quality, efficiency, and consistency of our services. This policy sets out how we use those tools responsibly — protecting client confidentiality, maintaining professional standards, and ensuring that AI outputs are always reviewed by a qualified person before they affect any client matter.
1.1 Who this applies to
This policy applies to all Crunch staff (full-time, part-time, casual), contractors, and any associate who uses AI tools in connection with Crunch client work — whether on Crunch-owned or personal devices.
1.2 AI tools covered
This policy covers all AI tools used in connection with Crunch work, including but not limited to:
- Claude (Anthropic)
- ChatGPT / OpenAI tools
- Microsoft Copilot
- Shortcut.ai (financial modelling)
- Xero AI features
- Any future AI-integrated tools adopted by Crunch
If you are unsure whether a tool is covered by this policy — ask before using it.
2. Client Data Privacy
2.1 The golden rule
2.2 What “real client data” means
You must not enter the following into any AI tool:
- Client names (individuals or businesses)
- IRD numbers, bank account numbers, or tax file references
- Specific financial figures tied to a named client
- Client addresses, phone numbers, or email addresses
- Payroll information, employee names, or salary details
- Scans or photos of client documents
2.3 Anonymisation — how to do it properly
If you need AI assistance with a client-specific scenario, anonymise all details before you type anything.
| Instead of typing this… | Type this instead… |
|---|---|
| “Smith Plumbing Ltd had $450k revenue and owes $32k GST” | “A tradie business had $450k revenue and owes $32k GST” |
| “John at 27 Kauri Rd, his IRD number is 123-456-789” | “A sole trader — no names, no IRD, no address” |
| “Upload this payslip for analysis” | “Manually type the relevant figures with names removed” |
2.4 NZ Privacy Act 2020 — Key Obligations
- Purpose limitation — only use client information for the purpose it was collected
- Security — don’t store client data in AI chat histories; clear conversation history regularly
- Disclosure — clients have not consented to their data being shared with AI platforms without explicit consent
- Accuracy — AI outputs may be incorrect; always verify figures, dates, and legislative references
- Breach reporting — if you suspect client data has been entered into an AI tool, notify the principal immediately
3. Staff Use Guidelines
This section tells you what’s allowed, what needs approval, and what’s off-limits. When in doubt — ask first.
| Status | Activity |
|---|---|
| ✅ Permitted | Drafting client-facing email templates (no real client data) |
| ✅ Permitted | Researching IRD rules, GST, income tax, or employment legislation |
| ✅ Permitted | Writing or improving internal process documents and checklists |
| ✅ Permitted | Proofreading and improving clarity of your own written drafts |
| ✅ Permitted | Excel formula help or Xero workflow questions (using dummy figures) |
| ✅ Permitted | Training material creation and staff onboarding documents |
| ✅ Permitted | Summarising publicly available accounting standards or legislation |
| ⚠️ Conditional | Using AI to draft a letter or report about a client — only if all client details are anonymised and output is reviewed before sending |
| ⚠️ Conditional | Using AI to help interpret a specific client scenario — only with anonymised data, cross-checked by a qualified person |
| ⚠️ Conditional | Using AI coding/automation to interact with Xero or payroll systems — requires principal approval and testing in a non-live environment first |
| 🚫 Prohibited | Entering any real client financial data, names + figures, or IRD numbers into any AI tool |
| 🚫 Prohibited | Uploading client documents, bank statements, payslips, or tax returns to AI platforms |
| 🚫 Prohibited | Using AI output as final advice without human review and sign-off |
| 🚫 Prohibited | Sharing AI-generated content with clients without disclosure and quality review |
| 🚫 Prohibited | Using personal AI accounts for Crunch client work |
3.2 Using Shortcut.ai specifically
Shortcut.ai is integrated into Crunch’s workflow for financial modelling and management reporting. Only connect it to client Xero files with the client’s knowledge and consent, and always review all outputs before presenting to clients.
4. Quality Control
4.1 The golden rule
AI output is a draft, not a final answer. Every piece of AI-assisted work that affects a client must be reviewed and verified by a qualified person before use.
4.2 Minimum review steps
- Read the full output, not just the summary
- Verify any figures, percentages, or calculations independently
- Check any legislative references against the actual IRD guidance or legislation
- Consider whether the output makes sense for the specific client’s situation
- If in doubt — do not use the output; ask the principal
4.3 Known AI limitations
- AI can “hallucinate” — confidently stating incorrect facts, figures, or legislation
- AI has training cutoff dates and may not reflect recent IRD rule changes
- AI does not know your client’s specific circumstances unless you tell it
- AI is not a substitute for professional judgement
5. Professional Standards
Our use of AI tools must comply with:
- Privacy Act 2020 — client information handling obligations
- CA ANZ Code of Ethics — competence, confidentiality, and professional behaviour
- Tax Administration Act 1994 — obligations as a registered tax agent
- AML/CFT Act 2009 — client identity and transaction obligations
6. Breach & Incident Reporting
- Stop using the tool immediately
- Do not attempt to delete or cover up what happened
- Notify the principal as soon as possible — same day
- Document what was entered, which tool was used, and when
7. Training & Staff Acknowledgement
All staff must read and understand this policy before using any AI tool in connection with Crunch work. New staff must complete their AI policy induction within their first two weeks. This policy is reviewed annually — updates will be communicated to all staff. All staff must sign an acknowledgement retained on their personnel file.
8. Policy Administration
| Policy Owner | Principal Accountant — Crunch Accounting Services Limited |
| Version | 1.1 |
| Effective Date | May 2025 |
| Last Reviewed | May 2026 |
| Next Review Date | May 2027 |
| Approved By | Principal Accountant / Director |
| Applies To | All Crunch staff, contractors, and associates |
| Related Documents | Privacy Policy, Terms & Conditions of Trade, Staff Handbook |
