Privacy Policy

This policy explains how Client API handles account information, provider connections, scoped endpoint configuration, request logs, and support communications.

Last updated: April 20, 2026

What this policy covers

Client API helps internal teams connect supported field service providers, choose a customer or company scope, and issue API endpoints that only return records for that selected scope. This policy applies to the Client API website, dashboard, provider connection flow, support pages, contact form, and public scoped API endpoint service.

Information we collect

We collect the information needed to operate accounts, authenticate users, maintain provider connections, issue scoped endpoints, and respond to requests.

  • Account information, such as email address and password authentication data.
  • Provider connection data, such as provider names, OAuth access tokens, refresh tokens, granted scopes, and expiration details.
  • Scoped endpoint configuration, such as provider, company or client identifiers, company names, access mode, endpoint status, and key hints.
  • Endpoint request logs, such as request method, resource, status code, item count, duration, query parameters, error details, IP address, user agent, and timestamps.
  • Contact and support communications, such as name, email address, company, and message content submitted through the contact form.

Provider data

When you connect a provider account, Client API exchanges authorization details with that provider and requests provider data only as needed to support the features you use. This can include company, customer, client, job, attachment, invoice, line item, or related operational records made available by the connected provider account.

Provider data is filtered through the endpoint scope you configure before it is returned through a public scoped endpoint. For read-write endpoints, Client API may also send write requests to the connected provider when an authorized caller submits a supported write operation.

How we use information

We use collected information to provide, secure, maintain, troubleshoot, and improve Client API.

  • Authenticate users and maintain account sessions.
  • Connect provider accounts and refresh provider access when needed.
  • Create, activate, deactivate, and rotate scoped API endpoints.
  • Filter provider records to the configured company or client scope.
  • Process read and write requests that authorized endpoint callers submit.
  • Display usage metrics, investigate errors, prevent abuse, and support customer requests.
  • Send operational, support, or administrative communications.

How we share information

We do not sell personal information. We share information only where needed to operate Client API, comply with law, protect the service, or follow your instructions.

  • With connected providers when you authorize a connection or submit provider API requests.
  • With infrastructure, email, analytics, security, and other service providers that help us run the service.
  • With administrators or users you authorize to manage your account, provider connections, or endpoints.
  • When required by law, legal process, security needs, fraud prevention, or rights enforcement.
  • As part of a merger, acquisition, financing, reorganization, or sale of relevant assets.

Security and access controls

Each generated endpoint is tied to a specific user, provider account, company or client scope, access mode, and endpoint status. Endpoint keys are displayed once at creation or reissue time and stored as hashes, so they cannot be retrieved later from the dashboard.

You are responsible for storing endpoint keys securely, sharing them only with intended recipients, and reissuing or deactivating keys if access should change. Client API also records endpoint activity to help detect errors, investigate misuse, and support account administration.

Cookies and sessions

Client API uses essential cookies and similar technologies to support login sessions, authentication, security, and basic site functionality. If analytics or optional tracking tools are added, they should be disclosed in this policy before use.

Retention

We keep information for as long as needed to provide Client API, maintain security and audit records, comply with legal obligations, resolve disputes, and enforce agreements. You may deactivate scoped endpoints from the dashboard when access is no longer needed.

Provider authorization data may remain stored while the provider connection is active. Endpoint request logs may be retained after individual requests are completed so account owners can review usage and troubleshoot issues.

Your choices

  • You can choose which supported providers to connect.
  • You can choose which company or client each endpoint is scoped to.
  • You can choose whether supported endpoints are read-only or read-write.
  • You can deactivate endpoints or reissue keys from the dashboard.
  • You can contact us to request help with account access, corrections, deletion, or privacy questions.

International use

Client API may process information in the United States and other locations where we or our service providers operate. By using the service, you understand that information may be transferred to and processed in locations outside your state, province, or country.

Changes to this policy

We may update this policy as Client API changes or as legal, security, or operational requirements evolve. The updated version will be posted on this page with a revised last updated date.

Contact

For privacy questions or requests, use the contact form. Your use of Client API is also governed by the Terms of Service.