Legal

Privacy Policy

Last updated: July 1, 2026

Breadwinner Integrations Inc. (“Breadwinner,” “We,” “Our”) respects your privacy and is committed to protecting it through our compliance with this policy. This document details the types of information we may collect or that you may provide when you access, use, or register with any of our services, including our Salesforce-native integration applications (collectively, “Services”), and our practices for using, maintaining, protecting, and disclosing that information.

Please read this carefully to understand our policies and practices regarding your information and how we will treat it. By using or registering with our Services, you agree to this Privacy Policy. Your continued use of our Services after we make changes is deemed to be acceptance of those changes, so please check this policy periodically for updates.

This policy is organized in two parts. Part 1 applies to all Breadwinner services. Part 2 contains additional terms specific to our Salesforce-native integration applications.

Part 1: General Privacy Policy

Information We Collect and How We Collect It

We collect information from and about users of our Services:

  • Directly from you when you provide it to us.
  • Automatically when you use the Services.

Information You Provide to Us

When you use or register with the Services, we may ask you to provide information by which you may be personally identified, such as your name, email address, postal address, phone number, and any other identifier by which you may be contacted or identified online or offline (“Personal Information”).

This information includes:

  • Information that you provide by filling in forms in the Services, including at the time of registering to use the Services.
  • Details of transactions you carry out through the Services and of the fulfillment of your orders and requests.
  • Records and copies of your correspondence, including email addresses and phone numbers, if you contact us or report a problem with the Services.
  • Your responses to surveys that we might ask you to complete for research purposes.

Automatic Information Collection

When you access or use the Services, we may automatically collect:

  • Usage Details. Certain details of your access to and use of the Services, including traffic data, location data, logs, and other communication data and the resources you access through the Services.
  • Device Information. Information about your device and internet connection, including IP address, operating system, and browser type.

Cookies and Tracking

Our website and Services use cookies and similar tracking technologies. We use the following categories of tools:

Analytics. We use Umami, a privacy-first, cookieless analytics tool, to understand how visitors use the Site. Umami does not use cookies and does not track visitors across websites.

Cookie Controls. Most browsers allow you to refuse or delete cookies. Doing so may affect the functionality of the Site. You can also use browser extensions or privacy tools to limit tracking.

Use of Personal Information We Collect

We may use the information we collect in the following ways:

  • To set up and manage your account with us.
  • To provide the Services and perform transactions on your behalf.
  • To deliver service messages, including confirmations, invoices, technical notices, security alerts, and support and administrative messages.
  • To personalize your experience and deliver content in which you are most interested.
  • To conduct aggregated analysis of the performance of our Services.
  • To send you marketing and promotional communications, which you may opt out of at any time.
  • To comply with our legal obligations.

The data we collect is generally limited to what supports the Services you use, and we aim to minimize collection wherever possible.

How We May Share Information We Collect

We may share personal information as follows:

  • With third-party service providers that perform services on our behalf, such as payment processing, hosting, and analytics.
  • In connection with a business transaction such as a merger, acquisition, financing, or sale of all or part of our business or assets.
  • To respond to lawful requests and legal processes.
  • To protect the rights and property of Breadwinner, our agents, customers, and others, including enforcing our agreements and policies.
  • In an emergency, to protect the safety of our employees, customers, or any person.

We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties except as described in this policy.

Sub-Processors

We use the following categories of third-party sub-processors to operate the Service. We work to ensure these providers handle data appropriately and in a manner consistent with this policy. You may request our current sub-processor list by contacting us.

  • Cloud infrastructure: Amazon Web Services (AWS) — hosting, databases, storage, and compute
  • Error monitoring: Sentry — application error tracking and diagnostics
  • Analytics: Umami — privacy-first, cookieless website analytics
  • Payment processing: Stripe (and other processors as applicable) — billing and subscription management
  • CRM and marketing: Salesforce, including Salesforce Pardot (Account Engagement) — stores information submitted through our forms and may be used to send periodic marketing communications, such as product updates. Every marketing email includes an unsubscribe option.
  • Recruiting: Ashby — job listings and applicant tracking on our Careers page. Ashby’s embedded content only loads after you click to view open roles, so no data is sent to Ashby until you take that action.
  • Video hosting: Wistia — hosts and serves embedded product demo videos. According to Wistia, video playback is served in Privacy Mode, which anonymizes IP addresses and disables session and cookie tracking.
  • Scheduling: Calendly — meeting and demo booking on our booking pages. Calendly’s embedded scheduler only loads after you click to load it, so no data is sent to Calendly until you take that action.
  • Meeting recording: Fathom — records and transcribes sales and support calls conducted over Zoom. Fathom announces its presence when joining a call, and participants consent before recording begins.
  • Interactive demos: Arcade — hosts interactive product walkthroughs embedded on select product pages. Where a demo is gated behind a form, Arcade content only loads after you submit that form.

We may update our list of sub-processors from time to time; the current list is always reflected on this page.

Data Retention

We retain personal information we collect from you where we have an ongoing legitimate business need to do so — for example, to provide you with the Services, or to comply with applicable legal, tax, or accounting requirements.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or securely store it and isolate it from any further processing until deletion is possible.

Product-specific data retention practices are described in Part 2 of this policy.

Security of Your Personal Information

The security of your Personal Information is important to us. We use administrative, technical, and physical safeguards designed to protect your Personal Information against loss, misuse, unauthorized access, disclosure, alteration, and destruction.

Please be aware that despite our efforts, no security measures are impenetrable. If you use a password on the Services, you are responsible for keeping it confidential. If you believe your credentials have been compromised, please notify us immediately.

Data Breach Notification

In the event of a data breach that is reasonably likely to result in a risk to your rights or freedoms, we will notify affected individuals and, where required, applicable regulators as required by applicable law.

References in this Privacy Policy to “GDPR” include both the European Union General Data Protection Regulation (“EU GDPR”) and the United Kingdom General Data Protection Regulation (“UK GDPR”), where applicable.

Our legal basis for collecting and using personal information will depend on the information concerned and the specific context in which we collect it.

We will normally collect personal information from you only (i) where we need it to perform a contract with you; (ii) where the processing is in our legitimate interests and not overridden by your rights; or (iii) where we have your consent to do so. We have a legitimate interest in operating our Services and communicating with you as necessary to provide them, including responding to your queries, improving our platform, and detecting or preventing illegal activities.

In some cases, we may also have a legal obligation to collect personal information, or may need it to protect your vital interests or those of another person. Where we ask you to provide personal information to comply with a legal requirement or to perform a contract, we will make this clear at the relevant time.

Your Data Protection Rights Under the General Data Protection Regulation (GDPR)

If you are a resident of the European Union, you have the following data protection rights:

  • The right to access, correct, update, or request deletion of your personal information.
  • The right to object to processing, request restriction of processing, or request portability of your personal information.
  • The right to opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email we send you.
  • Where we rely on your consent to process personal information, the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
  • The right to complain to your local data protection authority.

We aim to respond to requests from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

If you are a resident in the European Economic Area and believe we are unlawfully processing your personal information, you have the right to complain to your local data protection supervisory authority.

If you are a resident in Switzerland, the relevant authority is the Federal Data Protection and Information Commissioner.

To exercise your GDPR rights, please contact us.

Your Data Protection Rights under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have the right to:

  • Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we have shared it.
  • Request deletion of personal information we have collected from you, subject to certain exceptions recognized by the CCPA.
  • Opt out of the sale or sharing of your personal information. We do not sell or share personal information.

We will not charge you different prices or provide a different quality of service based on your exercise of CCPA rights. To exercise your CCPA rights, please contact us.

Updating and Accessing Your Personal Information

If your Personal Information changes, we invite you to correct or update it. We will retain your information for as long as your account is active or as needed to provide you Services. If you wish to cancel your account or request deletion of your Personal Information, please contact us. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Choices About Use of Your Information

  • You may request that your account be deleted. Certain financial recordkeeping information may be retained where we have a legitimate legal or financial interest in doing so.
  • You may unsubscribe from promotional emails by following the instructions at the end of any such email. Even if you unsubscribe, we may still contact you for transactional, account-related, or administrative purposes.
  • Most browsers allow you to disable cookies. Please note that disabling cookies may affect the functionality of our Services.

The Services may include links to third-party websites whose privacy practices may differ from ours. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to review the privacy policy of any third-party website you visit.

Notice Concerning the Information of Children

Our Services are not directed to children under the age of 18 and we do not intentionally collect information from children under 18. Please contact us if you believe a child has provided Personal Information to us and we will take steps to delete such information.

Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will update the “Last Updated” date at the top of this page and may notify you by email. We encourage you to review this Policy periodically.

Questions About This Policy

If you have any questions about this Policy or our privacy practices, please contact us.

Part 2: ISV / Salesforce Applications

This section applies to users of Breadwinner’s Salesforce-native integration applications, including Breadwinner for QuickBooks, Breadwinner for Xero, Breadwinner for NetSuite, and Breadwinner Payments. It supplements Part 1 and prevails in the event of any conflict with respect to these applications specifically.

Finance Data

Our Salesforce applications sync data between your Salesforce environment and your connected finance system. Data from your finance system passes through our servers to perform this sync and is generally cached only briefly rather than persistently stored; logs and error records may retain limited details for troubleshooting and support purposes. Your Salesforce data is designed to remain within your Salesforce environment rather than being stored on our servers.

We retain only the minimum billing-related metadata necessary to operate and invoice for the Services, such as transaction volume counts.

Data Retention

Because finance and Salesforce data is generally not persistently stored on our servers, there is minimal cached finance data to delete upon account closure. Any residual log or error data is retained and deleted in accordance with our standard data-retention practices. Billing metadata is retained for as long as required to comply with our legal and financial obligations and is then deleted or anonymized.