← Back to Home

Privacy Policy

Effective Date: March 18, 2026

1. Introduction

Autofac ("we," "our," or "us") operates the Autofac platform, an AI-powered business operations service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

We collect the following categories of information:

  • Account Information: Your name and email address when you create an account.
  • OAuth Tokens: When you connect third-party services such as QuickBooks (Intuit) or Google, we store encrypted OAuth access and refresh tokens to act on your behalf.
  • Usage Data: Information about how you interact with the platform, including queries made, features used, and session timestamps.
  • Third-Party Account Data: Data retrieved from connected services (e.g., invoices from QuickBooks, calendar events from Google) as needed to provide the service.

3. How We Use Your Information

  • To provide, operate, and maintain the Autofac platform and its features.
  • To authenticate you and connect to your authorized third-party services.
  • To improve, personalize, and expand the service based on usage patterns.
  • To communicate with you about your account, updates, and support requests.
  • To detect, prevent, and address technical issues or security threats.

4. Third-Party Services

Autofac integrates with and relies on the following third-party services:

  • QuickBooks / Intuit: Accounting data access via OAuth 2.0 integration.
  • Google: Calendar and email access via OAuth 2.0 integration.
  • Neon: Serverless PostgreSQL database hosting for application data.
  • Vercel: Application hosting and deployment infrastructure.
  • Resend: Transactional email delivery.

Each third-party service has its own privacy policy governing its use of your data. We encourage you to review those policies.

5. Data Security

We implement industry-standard security measures to protect your information:

  • OAuth tokens are encrypted at rest using AES-256-GCM encryption.
  • All data in transit is protected with TLS (Transport Layer Security).
  • Database access is restricted and monitored with role-based access controls.
  • We conduct regular security reviews of our infrastructure and codebase.

6. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide the service. You may request deletion of your account and associated data at any time by contacting us. Upon account deletion, we will remove your personal information and revoke all stored OAuth tokens within 30 days. Anonymized, aggregated data may be retained for analytics purposes.

7. Cookies

We use minimal cookies strictly necessary for the operation of the service. These are limited to session tokens used for authentication. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

8. Your Rights

You have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your data.
  • Revoke third-party integrations at any time through your account settings.
  • Export your data in a portable format.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the effective date. Your continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at privacy@autofac.me.