Legal

Privacy Policy

Last updated: March 28, 2026

Breadwinner Integrations Inc. d/b/a Breadwinner AI ("Breadwinner," "Company," "We," "Our") respects your privacy and is committed to protecting it through our compliance with this policy. This document details the types of information we may collect or that you may provide when you access, use, or register with any of our services, including the Breadwinner AI conversational finance intelligence platform and our Salesforce-native integration applications (collectively, "Services"), and our practices for using, maintaining, protecting, and disclosing that information.

Please read this carefully to understand our policies and practices regarding your information and how we will treat it. By using or registering with our Services, you agree to this Privacy Policy. Your continued use of our Services after we make changes is deemed to be acceptance of those changes, so please check this policy periodically for updates.

This policy is organized in three parts. Part 1 applies to all Breadwinner services. Part 2 contains additional terms specific to the Breadwinner AI platform. Part 3 contains additional terms specific to our ISV / Salesforce applications.

Part 1: General Privacy Policy

Information We Collect and How We Collect It

We collect information from and about users of our Services:

  • Directly from you when you provide it to us.
  • Automatically when you use the Services.

Information You Provide to Us

When you use or register with the Services, we may ask you to provide information by which you may be personally identified, such as your name, email address, postal address, phone number, and any other identifier by which you may be contacted or identified online or offline ("Personal Information").

This information includes:

  • Information that you provide by filling in forms in the Services, including at the time of registering to use the Services.
  • Details of transactions you carry out through the Services and of the fulfillment of your orders and requests.
  • Records and copies of your correspondence, including email addresses and phone numbers, if you contact us or report a problem with the Services.
  • Your responses to surveys that we might ask you to complete for research purposes.

Automatic Information Collection

When you access or use the Services, we may automatically collect:

  • Usage Details. Certain details of your access to and use of the Services, including traffic data, location data, logs, and other communication data and the resources you access through the Services.
  • Device Information. Information about your device and internet connection, including IP address, operating system, and browser type.

Cookies, Web Beacons, and Tracking

Our Services use cookies, which are small text files that help make the Services better for you to use. Cookies are used to retain preferences and provide data to analytics tools.

We may also use web beacons, which help us understand what content on our Services is effective. Web beacons are small graphics with a unique identifier used to track online interactions. They are not stored on your device and are not linked to your personally identifiable information.

We use third-party analytics to track the performance of our Services and understand how you use them. Such usage data will not be shared with third parties in identifiable form.

Use of Personal Information We Collect

We may use the information we collect in the following ways:

  • To set up and manage your account with us.
  • To provide the Services and perform transactions on your behalf.
  • To deliver service messages, including confirmations, invoices, technical notices, security alerts, and support and administrative messages.
  • To personalize your experience and deliver content in which you are most interested.
  • To conduct aggregated analysis of the performance of our Services.
  • To comply with our legal obligations.

All data we collect is necessary for us to deliver the Services you use. The amount we collect has been minimized wherever possible to respect your privacy.

How We May Share Information We Collect

We may share personal information as follows:

  • With third-party service providers that perform services on our behalf, such as payment processing, hosting, and analytics.
  • In connection with a business transaction such as a merger, acquisition, financing, or sale of all or part of our business or assets. We will notify you before your personal information becomes subject to a different privacy policy.
  • To respond to lawful requests and legal processes.
  • To protect the rights and property of Breadwinner, our agents, customers, and others, including enforcing our agreements and policies.
  • In an emergency, to protect the safety of our employees, customers, or any person.

We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties except as described in this policy.

SMS Communications

We may collect your mobile phone number when you voluntarily provide it via a web form or account registration. Mobile numbers are used solely for transactional SMS communications, such as account notifications, security alerts, onboarding assistance, and customer care messages. We do not use mobile numbers for marketing purposes without your explicit consent, and we do not sell or share mobile numbers with third parties. SMS opt-in data and consent records are never sold, shared, or disclosed to third parties under any circumstances.

Providing a mobile number and opting in to SMS communications is entirely optional and is not a condition of purchasing or using our Services. If you opt in, you may opt out at any time by replying STOP to any message. Reply HELP for assistance. Message frequency varies. Message and data rates may apply. For full SMS terms including consent procedures, see our Terms of Service.

Data Retention

We retain personal information we collect from you where we have an ongoing legitimate business need to do so — for example, to provide you with the Services, or to comply with applicable legal, tax, or accounting requirements.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or securely store it and isolate it from any further processing until deletion is possible.

Product-specific data retention practices are described in Part 2 and Part 3 of this policy.

Security of Your Personal Information

The security of your Personal Information is important to us. We encrypt sensitive information in transit using industry-standard protocols and take reasonable security measures to protect your Personal Information against loss, misuse, unauthorized access, disclosure, alteration, and destruction.

Please be aware that despite our efforts, no security measures are impenetrable. If you use a password on the Services, you are responsible for keeping it confidential. If you believe your credentials have been compromised, please notify us immediately.

Legal Basis for Processing Personal Information under the General Data Protection Regulation (GDPR)

Our legal basis for collecting and using personal information will depend on the information concerned and the specific context in which we collect it.

We will normally collect personal information from you only (i) where we need it to perform a contract with you; (ii) where the processing is in our legitimate interests and not overridden by your rights; or (iii) where we have your consent to do so. We have a legitimate interest in operating our Services and communicating with you as necessary to provide them, including responding to your queries, improving our platform, and detecting or preventing illegal activities.

In some cases, we may also have a legal obligation to collect personal information, or may need it to protect your vital interests or those of another person. Where we ask you to provide personal information to comply with a legal requirement or to perform a contract, we will make this clear at the relevant time.

Your Data Protection Rights Under the General Data Protection Regulation (GDPR)

If you are a resident of the European Union, you have the following data protection rights:

  • The right to access, correct, update, or request deletion of your personal information.
  • The right to object to processing, request restriction of processing, or request portability of your personal information.
  • The right to opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email we send you.
  • Where we rely on your consent to process personal information, the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
  • The right to complain to your local data protection authority.

We respond to all requests from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

If you are a resident in the European Economic Area and believe we are unlawfully processing your personal information, you have the right to complain to your local data protection supervisory authority.

If you are a resident in Switzerland, the relevant authority is the Federal Data Protection and Information Commissioner.

To exercise your GDPR rights, please contact us.

Your Data Protection Rights under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have the right to:

  • Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we have shared it.
  • Request deletion of personal information we have collected from you, subject to certain exceptions recognized by the CCPA.
  • Opt out of the sale of your personal information. We do not sell personal information.

We will not charge you different prices or provide a different quality of service based on your exercise of CCPA rights. To exercise your CCPA rights, please contact us.

Your Rights under Canada's Anti-Spam Legislation (CASL)

If you are located in Canada, we comply with Canada's Anti-Spam Legislation (CASL). We will only send you commercial electronic messages — including emails and SMS messages — with your express or implied consent. Every commercial message we send will include a clear and easy mechanism to withdraw consent. You may withdraw consent at any time by using the unsubscribe link in any email, by replying STOP to any SMS message, or by contacting us directly. We will honor all withdrawal requests promptly.

Updating and Accessing Your Personal Information

If your Personal Information changes, we invite you to correct or update it. We will retain your information for as long as your account is active or as needed to provide you Services. If you wish to cancel your account or request deletion of your Personal Information, please contact us. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Choices About Use of Your Information

You may request that your account be deleted. Certain financial recordkeeping information may be retained where we have a legitimate legal or financial interest in doing so.

You may unsubscribe from promotional emails by following the instructions at the end of any such email. Even if you unsubscribe, we may still contact you for transactional, account-related, or administrative purposes.

Most browsers allow you to disable cookies. Please note that disabling cookies may affect the functionality of our Services.

Third-Party Disclosure and Links

The Services may include links to third-party websites whose privacy practices may differ from ours. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to review the privacy policy of any third-party website you visit.

Notice Concerning the Information of Children

Our Services are not directed to children under the age of 13 and we do not intentionally collect information from children under 13. Please contact us if you believe a child has provided Personal Information to us and we will delete it.

Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will update the "Last Updated" date at the top of this page and may notify you by email. We encourage you to review this Policy periodically.

Questions About This Policy

If you have any questions about this Policy or our privacy practices, please contact us.

Part 2: Breadwinner AI Platform

This section applies to users of the Breadwinner AI conversational finance intelligence platform, including its Slack, Microsoft Teams, and other integrations. It supplements Part 1 and prevails in the event of any conflict with respect to the Breadwinner AI platform specifically.

Finance Data

To provide the Breadwinner AI platform, we connect to finance systems you authorize and store a copy of relevant financial data on our servers. This stored data is read-only — we cannot use it to make changes to your finance system. It is used solely to respond to queries submitted through the platform and is not sold or shared with third parties.

All queries submitted through the platform are logged for security, audit, and service improvement purposes.

Data Retention

Stored finance data is retained for as long as your account remains active. Upon account closure or disconnection of a finance system, data associated with that connection is deleted within a reasonable period. Query logs are retained for a period consistent with our security and audit obligations and are then deleted or anonymized.

Access Controls

Access to finance data within the Breadwinner AI platform is governed by data access configurations set by your organization's account administrator. Different users or teams within your organization may be granted access to different subsets of data in accordance with these configurations.

Part 3: ISV / Salesforce Applications

This section applies to users of Breadwinner's Salesforce-native integration applications, including Breadwinner for QuickBooks, Breadwinner for Xero, Breadwinner for NetSuite, and Breadwinner Payments. It supplements Part 1 and prevails in the event of any conflict with respect to these applications specifically.

Finance Data

Our Salesforce applications sync data between your Salesforce environment and your connected finance system. Data from your finance system is processed through our servers in order to perform this sync but is not persistently stored beyond what is necessary to complete the synchronization. Your Salesforce data remains within your Salesforce environment and is not stored on our servers.

We retain only the minimum billing-related metadata necessary to operate and invoice for the Services, such as transaction volume counts.

Data Retention

Because finance and Salesforce data is not persistently stored on our servers, there is no cached finance data to delete upon account closure. Billing metadata is retained for as long as required to comply with our legal and financial obligations and is then deleted or anonymized.