Privacy Policy

Last updated: April 2026

1. What We Collect

When you create an account we collect your name, work email address, and organization name. When you connect a third-party service (QuickBooks Online, Jobber, Gmail, or HubSpot), we store encrypted OAuth access and refresh tokens so we can call those APIs on your behalf. We store chat messages you send to CFO-Bot on a per-conversation basis, and Smart Booking data you enter (such as customer addresses and appointment details) so the feature can work. Billing information (card details, payment method) is handled by Stripe — we do not store your card number.

2. How We Use Your Data

We use your data solely to provide the CFO-Bot service: answering your questions about your connected accounts, creating or updating records at your explicit request, running follow-up automations you have configured, scoring appointment slots in Smart Booking, and sending documents or emails you ask us to send. We do not sell your data, share it with third parties for marketing, or use it for advertising.

3. Cookies

CFO-Bot uses two kinds of cookies:

  • Session cookies (required): keep you signed in and protect your account. These cannot be rejected — without them the app cannot function.
  • Analytics cookies (optional): help us understand which features are used and where users get stuck. You can reject these from the cookie banner at the bottom of any page.

We do not use advertising cookies or sell cookie data to third parties.

4. Third-Party Services

CFO-Botconnects to the following third-party services on your behalf. Your data with each service is governed by that service's own privacy policy.

  • QuickBooks Online (Intuit) — accounting data: invoices, estimates, customers, reports.
  • Jobber — field service data: clients, jobs, quotes, technician schedules.
  • Gmail (Google) — sending invoices, estimates, and follow-up reminders from your address.
  • HubSpot — CRM data: contacts, companies, deals (early access).
  • Stripe — subscription billing and payment processing. Card details are stored by Stripe, not by us.
  • Anthropic — AI processing. Your chat messages and relevant context are sent to Anthropic's Claude API to generate responses.
  • Google Maps — drive-time routing for Smart Booking slot scoring.

OAuth tokens for every connected service are stored encrypted and never exposed to your browser. You can disconnect any integration at any time from the Settings page, which immediately revokes our access.

5. Data Security

All data is transmitted over HTTPS. OAuth tokens and passwords are stored encrypted at rest. State is scoped per organization, with role-based access controls for owner, admin, and member roles. We follow industry-standard security practices to protect your information.

6. Data Retention

We retain your account data for as long as your subscription is active. If you cancel, your account data and all OAuth tokens are removed within 30 days of the end of your billing period. Chat history is retained according to your organization's settings. Live data fetched from QuickBooks, Jobber, or HubSpot is not mirrored into a permanent store — it is fetched on demand to answer your requests.

7. Your Rights

You have the right to access, export, or delete your personal data at any time. To make a request, contact us at the email below. We will respond within a reasonable time frame and in line with applicable data-protection laws.

8. Contact

If you have questions about this privacy policy, contact us at nexgen.aiautomations@gmail.com.

HomeTerms of Service