Privacy Policy
Effective Date: April 30, 2026
Last Updated: April 30, 2026
1. Who We Are
Confi Technologies, Inc. ("Confi," "we," "us," or "our") is a Delaware corporation. Confi Technologies, Inc. is a consumer-first commerce platform. Confi's V1 product helps users prevent avoidable loss in their post-purchase activity by analyzing order-related emails to track orders, return windows, refund eligibility, and subscription renewals.
Confi operates the Confi service ("Service"), which includes the Confi mobile application ("App") and supporting backend systems.
This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your data.
Contact:
Confi Technologies, Inc. Principal Office: 513 W Shoreview Drive, San Ramon, CA 94582, United States Delaware Registered Agent: Harvard Business Services, Inc., 16192 Coastal Highway, Lewes, DE 19958, United States Privacy Inquiries: privacy@confi.ai
For data subject requests (GDPR, CCPA, and equivalent), see Sections 8 and 9.
2. Supported Email Providers
Confi connects to the following email providers in Version 1:
- Gmail — via the Google Gmail API (
gmail.readonlyscope) - Personal Outlook.com — via the Microsoft Graph API (
Mail.Readscope)
Organizational or work Microsoft 365 accounts are not supported in Version 1. Only personal Outlook.com accounts are supported.
Additional email providers, if added in future versions, will be declared in an updated version of this Privacy Policy before any such version is released.
The OAuth scopes above are read-only. Confi does not send, draft, modify, delete, archive, mark as read, or move any email in your account.
3. What Data We Collect and Why
3.1 Account Data
When you create an account, we collect:
- Email address (from your OAuth provider)
- Display name (if provided by your OAuth provider)
Purpose: To create and maintain your account and associate your orders with your profile.
3.2 Email Data — Parsing Pipeline
When you connect your email account, our backend server queries your email provider's API using filters that target order-related emails only. We never perform a full mailbox fetch.
For each relevant email, the following process occurs server-side:
- The email is fetched from the provider API
- HTML is stripped and noise is removed (deterministic processing, no AI)
- Structured data is extracted: retailer name, order ID, amounts, dates, tracking numbers, return windows, subscription renewal dates, and order state
- The raw email body is discarded. It is never stored.
What we store: Structured extracted data only — retailer, order ID, amounts, dates, tracking numbers, return windows, subscription renewal information, and order state.
What we do not store: Raw email body, email headers, email attachments, non-order emails.
Lawful basis (GDPR): Contractual necessity — processing your emails is necessary to deliver the service you signed up for (Article 6(1)(b) GDPR). You authorize this access through OAuth consent at your email provider.
3.3 Email Data — Viewer Flow
When you tap "View Emails" for a specific order in the App:
- A fresh API call is made to your email provider
- The email body is fetched and rendered in the App in memory
- The content is session-scoped — it is not stored, cached, or retained by Confi
This is an ephemeral, on-demand fetch. No email body content is retained from this flow on Confi systems.
3.4 Subscription Monitoring
Confi monitors subscription renewal emails as part of its order tracking. This includes detecting upcoming renewal dates, price changes, and subscription status changes. Subscription monitoring is performed using the same parsing pipeline described in Section 3.2 and is subject to the same data handling rules. The raw subscription email body is not stored; only the structured renewal information is retained.
3.5 Device and Usage Data
We collect limited analytics and diagnostic data:
- Analytics (PostHog, EU region): Event names and non-personally-identifiable properties only. No order content, no email metadata, and no personally identifiable information ("PII") is included in any analytics event.
- Crash reporting (Sentry): Screen names in breadcrumbs, crash stack traces, and device information. Order IDs, email addresses, and order content are scrubbed before transmission via a
beforeSendhook. - Push notifications (Firebase Cloud Messaging): Notification payloads contain no order content. Notifications are limited to loss-prevention alerts only (return window expiring, refund overdue, subscription renewal approaching). The notification triggers the App to open; the App then fetches relevant context from our backend independently.
3.6 Customer Support Data
If you contact us through in-app support (Crisp), we collect the content of your support conversations and any information you voluntarily provide during those interactions.
4. How Email Data Is Processed — AI/LLM Disclosure
When our deterministic parsing (Layers 1–3 of our pipeline) cannot extract structured data with sufficient confidence, a limited excerpt of the email (600–800 characters, structured content only — not the full email body) is sent to a large language model ("LLM") for extraction.
The LLM endpoint depends on the email source:
| Email Source | LLM Provider | Why |
|---|---|---|
| Gmail | Google Cloud Vertex AI (Gemini) | Data stays within Google infrastructure. Google's Cloud Data Processing Addendum (CDPA), Section 17, prohibits training on customer data. Zero Data Retention is configured. |
| Personal Outlook.com | Anthropic API | Processing under signed Data Processing Agreement ("DPA"). Anthropic is prohibited from training on customer data under the DPA terms. |
Key protections:
- Only a short excerpt (not the full email) is sent to the LLM
- The raw email body is never sent to any LLM provider
- Vertex AI is configured with Zero Data Retention (no caching, no logging, and no Grounding with Google Search)
- Neither LLM provider trains on your data
- The LLM returns only structured fields (retailer, order ID, amounts, dates, tracking numbers, return windows) — no email content is returned or stored by the LLM
5. Data Retention
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Structured order data | Until you delete it or delete your account | User-initiated in-app deletion or account deletion |
| Raw email body (parsing) | Not retained — discarded immediately after extraction | Automatic — never stored |
| Email body (viewer flow) | Not retained — session-scoped, in memory only | Automatic — cleared when the session ends |
| Account data | Until account deletion | User-initiated account deletion |
| Analytics events | Per PostHog retention policy (EU region) | Automatic per PostHog policy |
| Crash reports | Per Sentry retention policy | Automatic per Sentry policy |
| Support conversations | Per Crisp retention policy | Request via privacy@confi.ai |
6. Data Sharing and Sub-Processors
Confi does not sell, rent, or share your personal information with third parties for their own purposes.
We use the following sub-processors to operate the Service:
| Sub-Processor | Purpose | Data Processed | DPA in Place |
|---|---|---|---|
| PostHog (EU region) | Analytics | Event names and non-PII properties only | Yes |
| Sentry | Crash reporting | Crash data with PII scrubbed | Yes |
| Crisp | Customer support | Support conversation content | Yes |
| Firebase Cloud Messaging (FCM) | Push notifications | Device tokens; no order content in payloads | Google first-party service — no third-party DPA required |
| Google Cloud Vertex AI (Gemini) | Gmail email parsing (Layer 4 of parsing pipeline) | Short email excerpts (600–800 characters) from Gmail only | Yes (Google CDPA) |
| Anthropic API | Outlook email parsing (Layer 4 of parsing pipeline) | Short email excerpts (600–800 characters) from Outlook only | Yes |
We will update this sub-processor list before releasing any version of the App that adds or removes a sub-processor.
7. International Data Transfer
Confi's backend infrastructure is hosted in the United States. If you are located in the European Economic Area ("EEA"), United Kingdom, or Switzerland, your data is transferred to and processed in the United States.
We rely on Standard Contractual Clauses ("SCCs") as approved by the European Commission for international data transfers. These SCCs are executed with each sub-processor that processes personal data of EU users.
8. Your Rights Under GDPR
If you are located in the EEA, United Kingdom, or Switzerland, you have the following rights:
- Right to Know / Access: Request a copy of your personal data. Submit a request via in-app support (Crisp) or by emailing privacy@confi.ai.
- Right to Delete / Erasure: Delete all your data using the in-app data deletion flow. This is a functional, self-service feature — not a support request.
- Right to Correct / Rectification: Request correction of inaccurate data via in-app support (Crisp) or by emailing privacy@confi.ai.
- Right to Data Portability: Request an export of your data via in-app support (Crisp) or by emailing privacy@confi.ai.
- Right to Object: You may object to processing by disconnecting your email account or by deleting your account.
- Right to Withdraw Consent: You may revoke OAuth access to your email at any time through your email provider's settings (Google Account → Security → Third-party apps, or Microsoft Account → Apps and services).
We will respond to all data rights requests within 30 days.
9. Your Rights Under CCPA
If you are a California resident, you have the following rights under the California Consumer Privacy Act ("CCPA"):
- Right to Know: Request what personal information we collect, use, and disclose.
- Right to Delete: Request deletion of your personal information. Use the in-app data deletion flow for immediate self-service deletion.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale or Sharing: Confi does not sell or share your personal information. There is nothing to opt out of.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise your rights, use the in-app data deletion flow (for deletion) or contact us at privacy@confi.ai.
Do Not Sell or Share My Personal Information: Confi does not sell or share your personal information as defined under the CCPA. We do not sell your data to third parties. We do not share your data with third parties for cross-context behavioral advertising.
10. Token Revocation
You may revoke Confi's access to your email at any time:
- Gmail: Go to your Google Account → Security → Third-party apps with account access → Remove Confi
- Outlook: Go to your Microsoft Account → Privacy → Apps and services → Remove Confi
When your OAuth token is revoked (either by you or by your email provider):
- Our backend detects the revocation and immediately stops making API calls to your email provider
- Your structured order data remains in your account until you choose to delete it
- No new emails will be fetched or processed
- You may reconnect at any time by re-authorizing through OAuth
If you want your stored data deleted after revoking access, use the in-app data deletion flow or contact privacy@confi.ai.
11. Data Deletion
Confi provides a functional, in-app data deletion flow. This is not a policy statement or a support email — it is a working feature in the App.
When you request deletion:
- All structured order data associated with your account is permanently deleted
- Your account information is permanently deleted
- Analytics and crash data are handled per the retention policies of PostHog and Sentry respectively
- Support conversations are handled per Crisp's retention policy
Deletion is irreversible. We recommend revoking OAuth access before deleting your account if you do not wish to reconnect.
12. Children's Privacy
Confi is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at privacy@confi.ai and we will delete the data.
Users must confirm they are 13 or older during onboarding before accessing the App.
13. Security
We implement industry-standard security measures to protect your data, including:
- All data transmitted between the App, our backend, and third-party services is encrypted in transit (TLS)
- Structured data at rest is encrypted
- OAuth tokens are stored securely on our backend and are never exposed to the client
- Access to production systems is restricted
14. Changes to This Privacy Policy
We will update this Privacy Policy if our data practices change. Material changes will be communicated through the App. The "Last Updated" date at the top of this policy reflects the most recent revision.
We will update the sub-processor list in Section 6 before any version of the App is released that adds or removes a sub-processor.
15. Contact Us
For any questions, concerns, or data rights requests:
Confi Technologies, Inc. Privacy Inquiries: privacy@confi.ai Principal Office (mailing): 513 W Shoreview Drive, San Ramon, CA 94582, United States Delaware Registered Agent: Harvard Business Services, Inc., 16192 Coastal Highway, Lewes, DE 19958, United States