Last Updated: February 27th, 2024
Introduction
Welcome to AccoAI! We specialize in transforming the workflow of accounting firms through our AI-powered workspace. Our platform is designed to automate tasks and streamline workflows, enhancing productivity and efficiency. This Privacy Policy details our approach to collecting, using, protecting, and sharing information in accordance with industry standards and regulatory requirements.
Information We Collect
Account and Profile Information
Details Collected: We collect names, email addresses, firm information, and profile settings to create and manage your AccoAI account.
Google Data Access
Purpose and Use: To synchronize tasks and manage calendar events, we access and store information from Google Calendar, enhancing our automation and scheduling features. To synchronize the user’s inbox and allow for email sending, notifications, and response drafting, we also store access to the user’s email inbox, incoming notifications, and threads.
Email Communications
Management and Processing: Our system automates email management by processing incoming communications, which helps in updating client profiles and workspace tasks efficiently.
Usage Data
Collection and Analysis: We gather data on service usage, including interactions with our Atlas AI assistant and task management activities, to understand and improve user experience.
Use of Information
Service Improvement
To continuously improve and maintain AccoAI, including Atlas AI functionalities.
Task Automation
Automating the creation of tasks, email management, and calendar synchronization for streamlined operations.
Email Data
A core feature of AccoAI is automated email management. Email data is collected for display purposes and to automate responses and sorting.
Service Enhancement
Using usage data to enhance our offerings and optimize user experience.
Data Security
Data sanitization and encryption
- All HTML data sanitized before displaying
- XSS attack prevention by not rendering directly in DOM and using libraries such as DOMPurify
- Lowest required permission set given to each user to prevent unauthorized data modification
- Validate input types and values before modifying database
- Firebase encrypts all user data up to modern security standards. Cloud Firestore, the service AccoAI uses to store user data, is certified to be compliant with: ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, and SOC 3 requirements.
Network Security
- Incorporating Cloudflare to implement WAF, IP restriction, DDoS protection, and rigorous user - input validation to safeguard our network.
User Authentication
- Utilizing Firebase for secure user sessions and managing JWT tokens, refresh rate set to every hour
- JWT tokens checked for validity and cross referenced with provided user ID on every request
- JWT token refresh required for sensitive data endpoints
Encryption
- Using TLS 1.3 only for encryption to secure all data during transit.
- HSTS, CORS, CSRF, and other security headers
Regular Audits
- Conducting security audits and updates to ensure the highest level of data protection.
Incident Response Plan
- Plans in place to prevent and detect incidents. All network activity logged and scanned in real time for suspicious requests, with quick shut down and “panic mode” created for further loss prevention
Privacy Protections
Data Access Control
Limited scanning of personal data and mandatory user consent for any Atlas AI activity.
Data Minimization
Adherence to data minimization principles, ensuring no unnecessary data collection and no sharing with third parties for marketing purposes. We will never sell, distribute, or provide client data to any third party or organizations.
Data Retention and Deletion
Retention Policy
Data is retained as long as necessary to provide our services or as required by law. Periodic data deletion occurs for old, unused data that isn’t beneficial to store.
User-Controlled Deletion
Users can request the deletion or modification of their data by contacting us at business@accoai.com.
Changes to This Policy
Policy Updates
We reserve the right to modify this policy. Significant changes will be communicated through our website and the updated policy will be reflected by the "Last Updated" date.
Contact Us
For any inquiries or concerns regarding this Privacy Policy, please reach out to us at business@accoai.com