How Long To Keep Business Records In Australia: Document Retention Rules

Running a small business means you’re constantly juggling sales, customers, suppliers, staff, and compliance. Record-keeping can feel like the least exciting part of the job - until you need a document urgently (or you’re asked for it by the ATO, ASIC, a bank, an insurer, or you’re dealing with a customer dispute).

If you’ve ever wondered how long to keep business documents in Australia (and which ones you can safely shred), you’re not alone. The tricky part is that “business records” isn’t one single category. Different documents have different retention periods, and the rules can come from multiple places (tax law, corporations law, employment laws, and even privacy expectations).

In this practical guide, we’ll walk you through the common record types small businesses hold, the typical retention periods that often apply in Australia, and a simple system you can implement so record retention becomes routine - not stressful.

Why Record Retention Matters For Small Businesses

Keeping documents for the right amount of time is about more than “being organised”. It’s a risk-management tool.

Good record retention helps you:

• Prove what happened if there’s a dispute with a customer, supplier, contractor, or employee.
• Respond to ATO/ASIC requests without scrambling.
• Protect cash flow by chasing unpaid invoices with evidence.
• Comply with legal obligations (some record-keeping is mandatory).
• Support business decisions (pricing, profitability, staff rostering, stock levels, etc.).

Just as importantly, keeping records for too long can create its own problems. The more information you store, the more you need to secure (especially if it contains personal information). That’s why having a clear retention policy is a practical win.

So, How Long To Keep Documents In Australia (The General Rule)?

When business owners ask how long to keep documents in Australia, they’re often looking for one clear number. A common baseline (particularly for tax-related records) is:

Keep business and tax records for at least 5 years.

In many cases, the “5 years” starts from the later of:

• the date you prepared or obtained the record, or
• the date the transaction was completed (or the relevant act was done).

This 5-year baseline broadly aligns with typical ATO record-keeping expectations for many businesses. That said, there are important exceptions and nuances (for example, where records relate to CGT assets or where you need records to substantiate positions over a longer period). If you’re unsure what applies to your tax situation, it’s worth speaking with your accountant or tax adviser.

However, not everything fits neatly into a 5-year box. Some documents should be kept longer (sometimes much longer), particularly if they relate to:

• company governance (ASIC and Corporations Act obligations),
• employment (Fair Work-related records and dispute risk),
• long-term contracts (because claims can arise after work is done), or
• property and major assets (because they affect capital gains tax and ownership history).

Think of “5 years” as your starting point - not your entire record retention strategy.

What Records Do I Need To Keep (And For How Long)?

Below is a small business-friendly way to group your documents. We’ll focus on “typical” retention timeframes that apply across many industries, and point out where longer retention is often sensible.

1) Tax And Accounting Records (Often 5+ Years)

These are usually the first records people think of when asking how long to keep records in Australia.

Common examples include:

• income records (sales invoices, receipts, merchant reports)
• expense records (supplier invoices, receipts, reimbursements)
• bank statements and loan statements
• BAS and GST working papers (if registered for GST)
• PAYG withholding records
• superannuation contribution records
• asset purchase documents and depreciation schedules

Practical retention guide: Keep these for at least 5 years. In practice, many businesses keep core tax records for 7 years as a cautious admin benchmark, but it’s not a universal rule and your accountant can confirm what’s appropriate for your circumstances.

If you use standard trading terms (credit accounts, invoicing terms, late fees), it can also help to keep the version history of your Terms of Trade so you can prove what terms applied at the time of a transaction.

2) Employee And Payroll Records (Often 7 Years Is A Sensible Benchmark)

If you employ staff, you’ll have records that relate to wages, entitlements, and workplace compliance. These can become important fast if there’s a Fair Work query, an underpayment claim, or a dispute about leave or termination.

Common examples include:

• employment contracts and variations
• pay slips, timesheets, rosters
• leave records (annual leave, personal/carer’s leave, unpaid leave)
• superannuation records
• performance management notes (where appropriate and lawful)
• termination letters and final pay calculations

Practical retention guide: Many Fair Work-related employee records have specific minimum retention requirements, and a common small business approach is to keep key employment and payroll records for around 7 years. However, not every document or note is treated the same way, and what you should keep can depend on your Award, enterprise agreement (if any), and the type of record. If you’re unsure, get tailored HR/legal advice.

It also helps to ensure your core employment paperwork is consistent from day one - including a properly drafted Employment Contract that matches your Award coverage and workplace practices.

3) Customer Files, Sales Records, And Consumer Law Issues (Usually 5+ Years)

Even if you don’t think of your business as “contract-heavy”, most customer relationships involve some form of contract - even if it’s an online checkout, a quote acceptance, or standard service terms.

Customer records might include:

• quotes, proposals, and scopes of work
• signed agreements, purchase orders, and order confirmations
• delivery dockets, completion sign-offs, inspection reports
• warranty communications and return/refund correspondence
• customer complaints and dispute resolution notes

Practical retention guide: Keep key customer transaction records for at least 5 years (often longer if your products/services have long lifecycles or if disputes can arise well after delivery, including due to limitation periods).

If you sell online or provide services with standard terms, keeping an archived copy of your customer terms (including the version in force on the date of sale) is vital. For many businesses, that means having clear Business Terms and saving version history whenever you update them.

4) Supplier And Contractor Records (Usually 5+ Years, Longer For Big Projects)

Your supplier and contractor documents can protect you when there are quality issues, late delivery disputes, unpaid invoices, or disagreements about scope.

These records often include:

• supply agreements and purchase orders
• contractor agreements and statements of work
• insurance certificates (public liability, professional indemnity)
• work orders, change requests, variation approvals
• emails confirming instructions and acceptance

Practical retention guide: Keep for at least 5 years, and consider longer where:

• the project is high value,
• your obligations extend beyond delivery (e.g. support and maintenance), or
• defects and warranty issues may arise later.

If you engage contractors and want to reduce misclassification risk and scope disputes, having a proper Contractors Agreement (and keeping signed copies plus variations) is one of the simplest ways to keep your working relationships clear.

5) Company Records (Keep Many Of These For 7 Years Or Permanently)

If you operate through a company, there are corporate records that you should treat differently from “normal business paperwork”. These aren’t just useful - they can be legally important.

Examples include:

• ASIC company registration documents
• share registers and share certificates
• director consents and resignations
• minutes of meetings and resolutions
• financial statements (especially where required or prepared)
• changes to company structure or ownership

Practical retention guide:

• Keep key corporate governance records for at least 7 years (and longer where they’re needed to show ownership, decision-making, or compliance).
• Keep foundational documents (like your constitution and share structure documents) permanently or for the life of the company plus a buffer period.

Many businesses store their signed Company Constitution permanently, along with shareholder records, because you may need them years later for investment, a sale, or internal disputes.

6) Privacy And Sensitive Information (Keep Only As Long As You Need It)

Small businesses often collect personal information without thinking about it as “data”. It can include:

• customer names, addresses, email addresses, phone numbers
• payment details (and related transaction logs)
• employee personal details (bank details, emergency contacts)
• health information (e.g. medical certificates)
• identity documents (e.g. copies of IDs for onboarding or verification)

Practical retention guide: Don’t keep personal information “just in case”. A sensible approach is:

• Keep it only as long as it’s needed for the purpose you collected it for, and
• securely delete or de-identify it once you no longer need it.

If you collect personal information from customers or users (particularly online), it’s also important that your Privacy Policy matches what you actually do - including how long you retain certain types of information and how people can request access or deletion.

What About Emails, Text Messages, And Digital Records?

Many small businesses run on email threads, DMs, and SMS messages. The problem is that if your “real contract” is scattered across a mailbox and someone’s phone, it’s easy to lose evidence when staff leave, devices break, or accounts get locked out.

From a retention point of view, digital records are still records. If an email is evidence of:

• an agreement being formed,
• scope changes,
• pricing approvals,
• complaints and how you handled them, or
• instructions that affect safety or compliance,

then it should be retained in the same way you’d retain a signed contract.

Practical Tips For Retaining Digital Records

• Centralise storage: Use a shared system (cloud drive or document management system) rather than relying on individual inboxes.
• Save key threads as PDFs: For major projects or disputes, export and file the full email chain.
• Match your filing system to your business: Client folder > Project > Contract / Variations / Invoices / Correspondence works for many service businesses.
• Backups matter: Have automatic backups and access controls (especially for sensitive files).
• Lock down access: Limit who can access payroll, ID documents, and sensitive customer information.

If you operate an online store or platform, make sure your public-facing policies and terms are properly stored and versioned as well - including your E-Commerce Terms and Conditions.

How To Set Up A Simple Record-Retention System (Without Overcomplicating It)

You don’t need an enterprise compliance department to keep records properly. You just need a system that is simple, consistent, and followed.

Step 1: Create A Record-Retention “Cheat Sheet”

Start with 6–8 categories that match your business. For example:

• Tax & BAS
• Banking & Loans
• Customers & Sales
• Suppliers & Contractors
• Employees & Payroll
• Company & ASIC
• Insurance
• Privacy & Sensitive Information

Next to each category, write a retention period (e.g. 5 years, 7 years, permanent), and assign an owner internally (even if it’s just you).

Step 2: Keep “Final Versions” And A Clear Version History

A common issue in disputes is not having the final signed document, or not knowing which version applied. To avoid this:

• save a “signed” PDF copy in a dedicated folder
• save later variations as separate files (dated)
• avoid overwriting the old file without tracking changes

This is especially important for your standard business documents, like customer terms, supplier agreements, and internal policies.

Step 3: Decide What You’ll Delete (And When)

Retention is only half the story. You also need a deletion plan so you’re not holding sensitive information forever.

• Set calendar reminders (e.g. quarterly) to archive and delete files past their retention period.
• Use secure deletion methods for sensitive records.
• Make sure offboarding checklists include transferring business records from departing staff.

If you operate in a regulated sector (health services, childcare, financial services), you may have additional retention obligations. That’s a good time to get tailored advice so your policy fits your industry.

Common Record-Keeping Mistakes (And How To Avoid Them)

Most record-retention problems don’t come from bad intentions. They come from fast growth, messy systems, or assumptions like “we’ll find it later”. Here are some common pitfalls.

Keeping Records In Only One Person’s Inbox

If the relationship manager leaves, you can lose the entire history of the project. Make it standard practice to file key communications and signed documents in a central system.

Not Keeping Proof Of What Terms Applied

Whether it’s a refund dispute or a scope dispute, you’ll want to show the terms that applied at the time. Save a copy of your terms whenever you update them, especially if you run promotions or change delivery timeframes.

Over-Retaining Sensitive Data

Holding onto identity documents, medical certificates, or bank details longer than necessary increases your security obligations and risk exposure. Create a process for deleting or de-identifying data once it’s no longer needed.

Mixing Personal And Business Records

This is common for sole traders and early-stage businesses. But mixing personal and business records makes it harder to respond to audits and disputes - and it can create privacy issues too. Separate accounts and consistent filing help.

Assuming “Paperless” Means “No Records”

Digital records count. If it’s evidence of a transaction, an agreement, or compliance activity, keep it in a retrievable format.

Key Takeaways

• If you’re asking “how long to keep documents in Australia”, a practical baseline is at least 5 years for many tax and business transaction records, but some documents should be kept longer depending on the record type and your circumstances.
• Employment and payroll records often have minimum retention requirements, and keeping key records for around 7 years is a common approach, but the right period can depend on the specific record and your workplace obligations.
• Company governance documents (ASIC and corporate records) should be kept carefully, with foundational documents often retained permanently.
• Digital records (emails, texts, online transactions) are still business records, and should be stored centrally and in an accessible format.
• Don’t keep personal information forever - a good retention policy includes a deletion plan to reduce privacy and security risks.
• A simple system (categories, owners, retention periods, and version control) is usually enough to keep your business compliant and prepared.

This guide is general information only, not legal or tax advice. If you’d like help setting up a practical record-retention approach for your business (including the contracts and policies that support it), you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.