Privacy Policy

This page explains what Client API stores, what it sends to connected providers, and how access is scoped.

Information we store

Client API stores the account details required to authenticate users, keep provider connections active, and issue company-scoped API endpoints.

This can include your email address, encrypted or hashed credentials, provider access tokens, refresh tokens, company identifiers, company names, endpoint metadata, and endpoint usage timestamps.

How provider data is used

When you connect a provider account, Client API exchanges authorization details with that provider and may request company, customer, job, or related operational records that your connected application is permitted to access.

That data is used only to support the API features you enable and to return results through the scoped endpoints you create.

Scoped access controls

Each generated endpoint is tied to a specific provider account and company. API keys are shown once at creation or re-issue time and should be stored securely by the receiving system.

Re-issue a key immediately if access should be revoked or if a credential is shared with the wrong party.

Contact

If you need this policy updated with company-specific legal language, data retention commitments, or platform-specific privacy details, use the contact form and include the requirements your team needs reviewed.