AskBaxter.AI

Privacy Policy

Last updated: December 15, 2025

Introduction

AskBaxter.AI ("AskBaxter," "we," "us," or "our") provides an AI-powered communication assistant for accounting firms. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using AskBaxter, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (encrypted)
  • Firm name

Client/Entity Information

To provide our services, we store information about your clients (entities), including:

  • Names (first name, last name, business name)
  • Phone numbers
  • Email addresses
  • Relationships between individuals and businesses

This information may be imported from connected integrations (such as Canopy) or entered manually.

Communication Data

When clients interact with your AskBaxter phone number, we collect:

  • Call and SMS metadata (timestamps, duration, phone numbers involved)
  • AI-generated summaries of conversations
  • Call status and outcomes

Note: We do not store actual financial data from your accounting systems. When clients request financial information (such as account balances), our AI queries your connected accounting software in real-time and does not retain that data.

Integration Credentials

When you connect third-party services, we securely store:

  • QuickBooks Online: Company identifier (realm ID) and OAuth tokens
  • Canopy: Team identifier and OAuth tokens
  • Calendly: User and organization identifiers and OAuth tokens
  • Twilio: Account identifier and authentication credentials

All OAuth tokens and API credentials are encrypted at rest using Supabase Vault.

Automatically Collected Information

We automatically collect certain information when you use our service:

  • IP address
  • Browser type and user agent
  • Actions taken within the platform (for audit logging)

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our service
  • Enable AI-powered voice and SMS interactions with your clients
  • Connect to your accounting and scheduling software on your behalf
  • Identify callers and match them to your client records
  • Generate conversation summaries and interaction logs
  • Improve and optimize our service
  • Respond to your inquiries and provide customer support
  • Send administrative communications about your account
  • Maintain security and prevent fraud
  • Comply with legal obligations

Third-Party Data Access

QuickBooks Online

When you connect QuickBooks Online, our AI assistant can access financial information on behalf of authorized clients. This may include account balances, invoice details, and payment history. This data is queried in real-time to answer client questions and is not stored in our database.

You can disconnect QuickBooks at any time through the Integrations page in your dashboard or through QuickBooks' "My Apps" settings.

Canopy

When you connect Canopy, we import client contact information (names, phone numbers, emails, and relationships) to enable caller identification. We sync this data periodically to keep records current.

Calendly

When you connect Calendly, our AI assistant can schedule appointments on behalf of clients using your available time slots.

Twilio

We use Twilio to provide voice and SMS capabilities. Call and message content is processed through Twilio's infrastructure. Please review Twilio's Privacy Policy for information on their data practices.

Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

  • Service Providers: We share information with third-party vendors who provide services on our behalf (hosting, communication infrastructure, AI processing)
  • Connected Integrations: When you authorize connections, we exchange data with those services as described above
  • Legal Requirements: We may disclose information if required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred
  • With Your Consent: We may share information for other purposes with your explicit consent

Data Security

We implement appropriate technical and organizational measures to protect your information:

  • OAuth 2.0 with PKCE for secure authentication with third-party services
  • Encryption of sensitive credentials using Supabase Vault
  • Row-level security ensuring multi-tenant data isolation
  • HTTPS encryption for all data in transit
  • Immutable audit logs for security monitoring

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your information for as long as your account is active or as needed to provide services. Interaction logs (calls and messages) are retained to provide conversation history and analytics.

When you disconnect an integration, we delete the associated OAuth tokens. When you delete your account, we delete your firm data, entity records, and interaction logs.

Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Delete your personal information, subject to certain exceptions
  • Opt-out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

To exercise these rights, please contact us at privacy@askbaxter.ai.

All Users

You can:

  • Access and update your account information through your dashboard
  • Disconnect integrations at any time
  • Request deletion of your account and associated data
  • Contact us with questions about your data

Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@askbaxter.ai