AFDBook a call
› Legal

Privacy Policy

Effective May 28, 2026 · Last updated May 28, 2026

AFD Technology Solutions Inc.(“AFD,” “we,” “us,” “our”) builds and operates AI integrations that connect customers' business systems — including accounting platforms (such as Intuit QuickBooks Online), inventory and manufacturing systems (such as Fishbowl), and the everyday productivity apps customers already use — to AI assistants. This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and the choices and rights you have.

This Policy applies globally to the AFD website at afdtechsolutions.com, to AFD-built integrations, and to any other service that links to or references this Policy.

Important — please read: AI services involve data that flows between your systems, AFD, and third-party AI providers (currently Anthropic, including Anthropic Cowork). The data protections that apply to your business data depend in part on the plans and configurations you choose with those third-party providers. We explain those choices below so you can make them informed.

1. Information we collect

1.1 Information you give us directly

  • Account and contact details: name, business name, business address, email, phone, and similar contact information you provide when you reach out, sign an engagement letter, or are added to a customer account.
  • Engagement information: the systems you use, the business processes you describe to us, the questions you want answered, and similar context shared during discovery, scoping, training, and ongoing engagements.
  • Billing information: billing contact and payment-method information. Payment processing is performed by third-party payment providers.

1.2 Information we receive when you authorize a connection

When you authorize AFD to access a third-party system on your behalf (for example, your QuickBooks Online company file or your Fishbowl instance), we receive and store the authorization credentials issued by that system — typically OAuth access tokens and refresh tokens. We use those credentials only to act on your behalf within the scope you authorized.

1.3 Business data we read on demand from connected systems

When you, your team, or your AI coworker asks a question that requires data from a connected system, we read the relevant data from that system on demand to answer the question or perform the task. Depending on what is asked and what you have authorized, this may include:

  • Accounting and financial data (e.g., customers, vendors, invoices, bills, payments, journal entries, account balances, reports).
  • Inventory and operational data (e.g., items, on-hand quantities, purchase orders, sales orders).
  • Productivity and document data (e.g., the content of emails, calendar events, files, spreadsheets, chat messages) accessible via the connectors you authorize through Anthropic Cowork.

We do not intentionally maintain long-term copies of your business data. Operational caches may exist briefly to complete a request and improve response time.

1.4 Operational and security information

  • Logs: timestamps, request and response sizes, the type of action attempted, and error traces. Used for service reliability, troubleshooting, and security.
  • Website analytics: standard server logs (e.g., IP address, browser type, referring URL, pages visited) for the afdtechsolutions.com website.

2. How we use your information

  • To deliver the services you engaged us for.
  • To answer the questions you and your AI coworker ask.
  • To support, debug, secure, and improve the integrations we build.
  • To communicate with you about your engagement, the service, or changes to it.
  • To meet legal, accounting, and contractual obligations.

We do not sell your data.We do not use your business data, your team's content, or your customers' information to train AI foundation models. As of the effective date of this Policy, our AI provider (Anthropic) has publicly committed not to train its commercial models on data sent through its commercial APIs and Anthropic Cowork. Anthropic's policies may change, and you should review Anthropic's current terms and privacy commitments before relying on them. See Section 4 for the role of third-party providers and your responsibility for their plan selections.

3. Legal basis for processing (where applicable)

Where data-protection law requires a legal basis for processing personal information (for example, under European GDPR or Quebec Law 25), we rely on one or more of: performance of a contract with you, our legitimate interests in operating and securing the service, your consent (where requested), and compliance with legal obligations.

4. Third-party providers and your responsibility

4.1 Sub-processors we use

To deliver the service, we rely on a small number of trusted providers, each bound by their own data-protection commitments:

  • Anthropic, PBC— AI model provider and operator of Anthropic Cowork. Processes the questions you ask and the data needed to answer them.
  • Vercel Inc.— hosting for the afdtechsolutions.com website.
  • Cloud infrastructure providers as required to host integrations we build for you. We will tell you which providers are involved in your specific engagement.

We do not share your data with marketers, ad networks, or third-party analytics platforms that track individuals across sites.

4.2 The plan you choose with third-party providers is your responsibility

AI providers (including Anthropic) and other third-party services offer multiple plans, tiers, and configurations with different data-protection commitments — for example, different rules around retention, training, regional processing, audit access, or zero-data-retention. You are responsible for selecting the plan, tier, and configuration that meet your business, regulatory, and risk requirements. We will help you understand the options; we will not choose them for you, and we are not responsible for the consequences of a plan choice that does not match your needs.

4.3 Independent controllers; AFD does not process data on a source-system provider's behalf

When AFD accesses data on your behalf from a third-party source system — including but not limited to Intuit QuickBooks Online — AFD does not process that data on the source-system provider's behalf. AFD acts on your authorization, for the purposes you direct, and independently determines the means of processing required to deliver the service.

To the extent applicable data-protection law characterizes the parties as data “controllers,” AFD and any source-system provider are independent controllers, not joint controllers, of any personal information involved. Each independently determines its own purposes and means of processing and is independently responsible for its own compliance with Applicable Law.

5. How we share information

We share your information only:

  • With the third-party providers in Section 4.1, to deliver the service.
  • With your direction — for example, when you ask an AI coworker to email a summary to someone or post to a chat channel.
  • When required by law, by a valid legal process, or to protect the rights, property, or safety of AFD, our customers, or the public.
  • In connection with a business transfer (such as a merger, acquisition, or sale of assets), in which case the receiving party will be required to honour this Policy.

6. How long we keep information

  • OAuth tokens and authorization credentials:generally retained only for the duration of your engagement and revoked promptly when you disconnect.
  • Account and engagement records: for the duration of the engagement plus a reasonable period for wind-down, legal, and accounting obligations.
  • Operational logs: generally retained for no longer than is reasonably necessary for service reliability, security, and investigation of any specific incident.
  • Operational caches of business data accessed on demand: generally expire as soon as they are no longer needed to complete a request. We work to ensure they do not persist longer than reasonably required.

7. Disconnect, deletion, and your rights

7.1 Disconnect at any time

You may revoke AFD's access to any connected system at any time. For QuickBooks Online specifically, see our disconnect instructions.

7.2 Other rights

Depending on where you are located and the applicable law, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate personal information.
  • Request deletion of personal information.
  • Object to or restrict certain processing.
  • Receive a copy of your personal information in a portable format.
  • Withdraw consent (where processing relies on consent).
  • Lodge a complaint with a data-protection authority in your jurisdiction.

To exercise any of these rights, contact privacy@afdtechsolutions.com. We will respond within the timeframes required by applicable law, or as soon as reasonably practicable.

8. International data transfers

AFD is incorporated in Canada and operates globally. Your information — including business data accessed on demand — may be processed in countries other than your own, including Canada and the United States, by the sub-processors listed in Section 4.1. Where required by law, we work to put appropriate safeguards in place for cross-border transfers and rely on our sub-processors' own cross-border-transfer mechanisms.

9. Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect your information, including (without limitation) encryption of authorization credentials and the use of TLS for data in transit. No system is perfectly secure, and we cannot guarantee absolute security. In the event of a material security incident affecting your information, we will notify affected customers and, where required, regulators within the timeframes required by applicable law, or as soon as reasonably practicable.

10. Children

AFD's services are intended for businesses. We do not knowingly collect personal information from children under the age of 13 (or the equivalent minimum age in your jurisdiction).

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date. Where required by law, we will give you additional notice.

12. Contact us

Questions about this Policy, or to exercise any rights described above, contact privacy@afdtechsolutions.com.

AFD Technology Solutions Inc.
Ontario, Canada