Privacy Policy

Effective date: April 22, 2026

1. Who we are

Conifer Labs LLC (“Conifer Labs,” “we,” “us,” “our”) is the data controller responsible for this website and the AI-powered integrations we build and operate for our customers.

Contact: admin@coniferlabs.com

2. Scope

This Privacy Policy covers:

• Information we collect when you visit coniferlabs.com.
• Information we access through the AI-powered integrations and applications we operate on behalf of our customers, including integrations with third-party business platforms such as QuickBooks Online and similar systems.

By using our website, services, or authorizing a Conifer Labs application to connect to a third-party platform on your behalf, you consent to the practices described below.

3. Information we collect

3.1 Information from our website

• Contact form submissions: name, email, message contents, and any other information you choose to provide.
• Usage data: standard web request logs (IP address, browser type, pages visited, timestamps) used for security, abuse prevention, and aggregate analytics.

3.2 Information from integrated third-party platforms

When you authorize a Conifer Labs application to connect to a third-party platform, you grant us access to information controlled by that platform. The specific data we access is limited to what the application requires to perform the services you have requested and is bounded by the OAuth scopes you authorize. Depending on the integration, this may include customer, contact, and vendor records; transaction data such as estimates, invoices, bills, and payments; product and service catalog information; and other account-configuration data returned by the platform's API in response to our authorized requests.

We do not request or access data outside the scopes you authorize.

3.3 Authentication credentials

OAuth refresh tokens and related identifiers (such as company or realm IDs) issued by the third-party platform when you authorize our application.

4. How we use your information

We use the information described above to:

• Provide the specific services you have requested or engaged us to build.
• Maintain the security and integrity of our systems.
• Respond to your inquiries and support requests.
• Comply with legal obligations.

5. Data processing and storage

5.1 We do not retain data from integrated platforms

Data we access from third-party platforms (such as customer, transaction, or catalog data from QuickBooks Online) is processed transiently in memory solely to perform the service you have requested. We do not persist or store this data in Conifer Labs databases or long-term storage.

5.2 What we do store

• OAuth refresh tokens and related connection metadata, encrypted at rest, for as long as you maintain an active authorization. Revoking the authorization in the third-party platform immediately invalidates the token; we delete our copy promptly thereafter.
• Operational logs (request timestamps, error codes, non-content metadata) for a limited period sufficient to support debugging, security monitoring, and compliance.
• Contact form submissions and related correspondence necessary to respond to your inquiries.

6. Third parties and sub-processors

To deliver our services we rely on a small number of reputable sub-processors, including:

• Cloud hosting and infrastructure providers that host our applications and operational data. Our production infrastructure runs on Amazon Web Services (AWS) in the United States.
• Artificial intelligence model providers that process data transiently to generate the outputs our integrations produce. The specific AI provider used may vary by engagement; all providers we use are established companies with published security and data-handling practices, and we configure their services to disallow training on customer data. We do not use AI providers that retain or train on data we send them.
• Security, monitoring, and support tooling used to operate our services reliably.

We do not sell your information, and we do not share integration data with any party other than the sub-processors described above as needed to deliver the services you have requested.

7. Security

We apply industry-standard safeguards appropriate to the sensitivity of the data, including:

• TLS encryption for all data in transit.
• Encryption at rest for credentials and any persisted operational data.
• Principle-of-least-privilege access controls.
• Secrets management through dedicated key-management services.
• Monitoring and audit logging of access to production systems.

No system is perfectly secure. If we become aware of a security incident that affects you, we commit to notifying you promptly in accordance with applicable law.

8. Your rights

Depending on your jurisdiction, you may have the right to request access to, correction of, or deletion of your personal data; withdraw consent or revoke authorization (for integrations, by disconnecting our application in the third-party platform's settings); object to or restrict certain processing; and lodge a complaint with a data-protection authority. To exercise any of these rights, contact us at admin@coniferlabs.com.

9. Children

Our services are intended for businesses and are not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children.

10. International transfers

We operate in the United States, and our sub-processors may process data in multiple jurisdictions. By using our services, you understand that your information may be transferred to and processed in jurisdictions that have different data-protection laws than your own.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Effective date” above and, where appropriate, by additional notice.

12. Contact

Questions? Contact us at:
Conifer Labs LLC
admin@coniferlabs.com