Cobenian Oversight

Privacy Policy

Last updated: March 26, 2026

Cobenian Corporation ("Company," "we," "us"), a Virginia corporation, operates the Oversight application ("Service"). This Privacy Policy explains how we collect, use, and protect your information.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile image from your Google or Microsoft account through OAuth authentication.

Email Metadata

We access email metadata from your connected email accounts, including: sender and recipient addresses, subject lines, timestamps, thread identifiers, and attachment presence indicators. We never access, request, or store the body content of your emails.

Calendar Data

We access calendar event data including event titles, descriptions, times, locations, and attendee lists from your connected Google or Microsoft calendar.

Financial Data

If you connect QuickBooks, we access customer records, invoice data (amounts, dates, statuses), and estimate data for the purpose of providing the Service.

Usage Data

We collect standard server logs including IP addresses, browser type, pages visited, and timestamps for the purpose of operating and improving the Service.

2. How We Use Your Information

We use your information solely to provide and operate the Service, including:

  • Computing communication baselines and detecting business oversights
  • Generating items, suggested clients, and inferred deadlines
  • Sending weekly report emails and first look reports
  • Authenticating your identity and managing your account
  • Diagnosing technical issues and improving the Service

3. AI Processing

The Service uses AI (Anthropic's Claude API) to classify email subjects as proposal-like or deadline-related, and to generate natural language summaries for reports. Only email subject lines and calendar event titles are sent to the AI service for classification. Email body content is never sent to any AI service.

4. Information We Do NOT Collect or Share

  • We do not read, access, or store email body content
  • We do not sell your data to third parties
  • We do not share your data with third parties for their marketing purposes
  • We do not use your data for advertising
  • We do not share your data with other users or accounts

5. Data Sharing

We do not sell or share your personal information except in the following limited circumstances:

  • Service providers: We use third-party services to operate the Service (cloud hosting, email delivery, AI classification). These providers process data only on our behalf and are bound by contractual obligations to protect your data.
  • Legal requirements: We may disclose information if required by applicable law, regulation, legal process, or governmental request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you of any such change.

6. Data Security

We implement reasonable security measures to protect your data, including:

  • Encryption of OAuth tokens at rest using AES-GCM encryption
  • HTTPS encryption for all data in transit
  • Account-scoped data isolation (no cross-account data access)
  • Rate limiting on authentication endpoints

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion or subscription cancellation, we will retain your data for 30 days to allow for account recovery, after which all data associated with your account will be permanently deleted.

8. Your Rights

You have the right to:

  • Access: Request a copy of the data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data and account
  • Portability: Request your data in a machine-readable format
  • Disconnect: Revoke access to connected services at any time through the Service settings or through the third-party provider directly

To exercise these rights, contact us at info@cobenian.com.

9. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect information from minors. If we learn that we have collected data from a minor, we will delete it promptly.

10. International Data

The Service is operated from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

12. Contact

For questions or concerns about this Privacy Policy, contact us at:

Cobenian Corporation
Email: info@cobenian.com