FirmSync FirmSync

Privacy Policy

Last updated: February 3, 2025

1. Introduction

FirmSync ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoice reconciliation platform and related services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, firm name, and contact details when you create an account.
  • Billing Information: Payment card details, billing address, and transaction history (processed securely through our payment processor).
  • Invoice Data: Vendor invoices you upload for reconciliation, including vendor names, amounts, dates, and line item descriptions.
  • Communications: Information you provide when contacting our support team or participating in surveys.

2.2 Information from Third-Party Integrations

  • Clio Data: When you connect your Clio account, we access time entries, expenses, matters, and related billing data necessary for invoice reconciliation. We only access data you explicitly authorize through Clio's OAuth process.
  • Future Integrations: Similar data from other practice management systems you choose to connect (e.g., MyCase, PracticePanther).

2.3 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on the Service, and other analytics.
  • Device Information: Browser type, operating system, device identifiers, and IP address.
  • Cookies: We use essential cookies for authentication and optional analytics cookies (with your consent).

3. How We Use Your Information

We use the collected information to:

  • Provide, operate, and maintain the Service
  • Process invoice reconciliation using AI-powered matching algorithms
  • Sync and display data from your connected practice management systems
  • Process payments and manage your subscription
  • Send transactional emails (account confirmations, invoices, security alerts)
  • Provide customer support and respond to inquiries
  • Improve and optimize the Service based on usage patterns
  • Detect, prevent, and address technical issues or security threats
  • Comply with legal obligations

4. AI Processing and Data Use

Our Service uses artificial intelligence (AI) to extract information from invoices and match them against your billing data. Here's how we handle data in AI processing:

  • Invoice Analysis: Uploaded invoices are processed by our AI system to extract vendor information, line items, amounts, and dates.
  • Data Isolation: Your data is processed in isolation and is not used to train AI models or shared with other customers.
  • Third-Party AI Services: We use Anthropic's Claude API for AI processing. Data sent to these services is subject to their privacy policies and data processing agreements.
  • No Persistent Storage in AI: Invoice content sent for AI analysis is processed in real-time and not retained by AI service providers beyond the processing session.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With vendors who assist us in operating the Service (cloud hosting, payment processing, email delivery, analytics).
  • Integration Partners: With Clio and other practice management systems to facilitate data synchronization (only with your explicit authorization).
  • Legal Requirements: When required by law, subpoena, or other legal process, or to protect our rights, privacy, safety, or property.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice and protections.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Secure cloud infrastructure with leading providers
  • Regular security assessments and monitoring
  • Access controls and authentication requirements
  • Employee security training and access limitations

For more details, please see our Security page.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide you with the Service. Upon account termination:

  • Active data is deleted within 30 days of account closure
  • Backups are purged within 90 days
  • We may retain certain data as required by law or for legitimate business purposes (e.g., billing records)

8. Your Rights and Choices

8.1 All Users

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Data Portability: Export your data in a machine-readable format
  • Disconnect Integrations: Revoke access to connected services at any time

8.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

8.3 Exercising Your Rights

To exercise any of these rights, please contact us through our contact form. We will respond to your request within 30 days.

9. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

10. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email or through the Service.

12. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us through our contact form.