Privacy Policy

Effective date: April 23, 2026

Overview

Cypress Ops is a service of Conifer Labs LLC ("we," "us," or "our"). We provide AI-powered workflow automation services to small and medium-sized businesses, including automations that connect to third-party platforms such as QuickBooks Online, customer-relationship and scheduling systems, and industry-specific tools. This Privacy Policy explains how we collect, use, and protect information when you visit our website at cypressops.com, subscribe to our services, or authorize our application to connect to a third-party platform on your behalf.

Information We Collect

From our website

  • Contact information: Name, email address, business name, and website URL when you submit our contact form or book a call.
  • Communications: Messages, questions, and other information you provide when you contact us.
  • Scheduling information: When you book a call through our scheduling tool (Calendly), your name, email, and selected time slot are collected by Calendly and shared with us.
  • Usage data: Standard web server logs and analytics (IP address, browser type, pages visited, timestamps) used for security, abuse prevention, and aggregate analytics.

From subscription and billing

  • Account and billing information: Email address, company name, and subscription state. Payment card details are collected and stored by our payment processor (Stripe) and are not stored on our systems.
  • Terms acceptance records: Timestamp, email, and version of the Terms of Service you accepted at signup.

From integrated third-party platforms

When you authorize Cypress Ops to connect to a third-party platform (such as accounting software, communication tools, or other business systems), you grant us access to information controlled by that platform. The specific data we access is limited to what the service requires and is bounded by the scopes or permissions you authorize. Depending on the integration, this may include:

  • Customer, contact, and vendor records
  • Product and service catalog information
  • Other account-configuration data returned by the platform's API in response to our authorized requests

We do not request or access data outside the scopes you authorize.

Authentication credentials

OAuth refresh tokens and related identifiers (such as company IDs) issued by third-party platforms when you authorize our application, and API keys you provide for platforms that use key-based authentication.

How We Use Your Information

We use the information we collect to:

  • Provide the specific services you have subscribed to or engaged us to perform
  • Respond to your inquiries and schedule consultations
  • Process subscription payments and send account-related communications
  • Maintain the security and integrity of our systems
  • Comply with legal obligations

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

Data Processing and Storage

We do not retain data from integrated platforms

Data we access from third-party platforms is processed transiently solely to perform the service you have requested. We do not persist or store this data in Cypress Ops databases or long-term storage.

What we do store

  • OAuth refresh tokens and API keys along with related connection metadata, encrypted at rest using industry-standard encryption. Revoking the authorization at the third-party platform invalidates the token; we delete our copy thereafter.
  • Operational logs (request timestamps, error codes, non-content metadata) for a limited period sufficient to support debugging, security monitoring, and compliance.
  • Subscription, billing, and acceptance records necessary to administer your account and comply with tax and contract-retention obligations.
  • Contact form submissions and related correspondence necessary to respond to your inquiries.

AI and Automation Services

Our services involve the use of artificial intelligence and automation tools to process data and execute workflows on your behalf. Data accessed from your connected platforms may be passed transiently to our AI model provider(s) to generate the outputs the service produces. The specific AI provider used may vary by engagement; all providers we use are established companies with published security practices, and we configure their services to disallow training on customer data. AI-generated outputs should be reviewed by appropriate personnel before being relied upon for business decisions.

Data Security

We apply industry-standard safeguards appropriate to the sensitivity of the data, including TLS encryption for data in transit, encryption at rest for credentials and any persisted operational data, principle-of-least-privilege access controls, secrets management through dedicated key-management services, and monitoring and audit logging of access to production systems. No method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security. If we become aware of a security incident that affects you, we commit to notifying you promptly in accordance with applicable law.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal or reporting requirements. Contact information submitted through our website is retained until you request its deletion. OAuth tokens and API keys are retained until you revoke the authorization or cancel your subscription, then deleted promptly. Subscription, billing, and acceptance records are retained for the periods required by applicable tax and contract-law obligations.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Withdraw consent or revoke an integration authorization by disconnecting our application at the third-party platform
  • Opt out of marketing communications at any time
  • Lodge a complaint with a data-protection authority

To exercise any of these rights, contact us at contact@cypressops.com.

Children

Our services are intended for businesses and are not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children.

International Transfers

We operate in the United States, and our sub-processors may process data in multiple jurisdictions. By using our services, you understand that your information may be transferred to and processed in jurisdictions that have different data-protection laws than your own.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the effective date above.

Contact

If you have questions about this Privacy Policy, contact us at contact@cypressops.com.