top of page

Last Updated: February 27th, 2024




Welcome to AccoAI! We specialize in transforming the workflow of accounting firms through our AI-powered workspace. Our platform is designed to automate tasks and streamline workflows, enhancing productivity and efficiency. This Privacy Policy details our approach to collecting, using, protecting, and sharing information in accordance with industry standards and regulatory requirements.


Information We Collect


Account and Profile Information

Details Collected: We collect names, email addresses, firm information, and profile settings to create and manage your AccoAI account. 


Google Data Access

Purpose and Use: To synchronize tasks and manage calendar events, we access and store information from Google Calendar, enhancing our automation and scheduling features. To synchronize the user’s inbox and allow for email sending, notifications, and response drafting, we also store access to the user’s email inbox, incoming notifications, and threads.


Email Communications

Management and Processing: Our system automates email management by processing incoming communications, which helps in updating client profiles and workspace tasks efficiently. 


Usage Data

Collection and Analysis: We gather data on service usage, including interactions with our Atlas AI assistant and task management activities, to understand and improve user experience.


Use of Information


Service Improvement 

To continuously improve and maintain AccoAI, including Atlas AI functionalities.


Task Automation

Automating the creation of tasks, email management, and calendar synchronization for streamlined operations.

Email Data

A core feature of AccoAI is automated email management. Email data is collected for display purposes and to automate responses and sorting.


Service Enhancement

Using usage data to enhance our offerings and optimize user experience.


Data Security


Data sanitization and encryption

- All HTML data sanitized before displaying

- XSS attack prevention by not rendering directly in DOM and using libraries such as DOMPurify

- Lowest required permission set given to each user to prevent unauthorized data modification

- Validate input types and values before modifying database

- Firebase encrypts all user data up to modern security standards. Cloud Firestore, the service AccoAI uses to store user data, is certified to be compliant with: ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, and SOC 3 requirements.


Network Security

- Incorporating Cloudflare to implement WAF, IP restriction, DDoS protection, and rigorous user - input validation to safeguard our network.


User Authentication

- Utilizing Firebase for secure user sessions and managing JWT tokens, refresh rate set to every hour

- JWT tokens checked for validity and cross referenced with provided user ID on every request

- JWT token refresh required for sensitive data endpoints



- Using TLS 1.3 only for encryption to secure all data during transit.

- HSTS, CORS, CSRF, and other security headers


Regular Audits

- Conducting security audits and updates to ensure the highest level of data protection.


Incident Response Plan

- Plans in place to prevent and detect incidents. All network activity logged and scanned in real time for suspicious requests, with quick shut down and “panic mode” created for further loss prevention


Privacy Protections


Data Access Control

Limited scanning of personal data and mandatory user consent for any Atlas AI activity.


Data Minimization

Adherence to data minimization principles, ensuring no unnecessary data collection and no sharing with third parties for marketing purposes. We will never sell, distribute, or provide client data to any third party or organizations.


Data Retention and Deletion


Retention Policy

Data is retained as long as necessary to provide our services or as required by law. Periodic data deletion occurs for old, unused data that isn’t beneficial to store.


User-Controlled Deletion

Users can request the deletion or modification of their data by contacting us at


Changes to This Policy


Policy Updates

We reserve the right to modify this policy. Significant changes will be communicated through our website and the updated policy will be reflected by the "Last Updated" date.


Contact Us

For any inquiries or concerns regarding this Privacy Policy, please reach out to us at

bottom of page