Privacy Policy

Herbert is built on a principle of minimal intervention and maximum user autonomy.

We collect and process data only when it provides clear, direct value to the user. We minimize unnecessary data exposure and avoid centralized data collection where possible.

We do not and will never sell user personal or financial data.

We use your data to:

• Provide and improve Herbert's functionality
• Enable integrations (e.g., QuickBooks API)
• Organize, analyze, and present your data
• Personalize your experience
• Maintain security and prevent fraud
• Maintain audit logs for system integrity and operational insight
• Communicate important updates or support responses

We do not use your data for unrelated advertising or resale.

Herbert may use AI systems to assist with:

• Data organization
• Insights and recommendations
• Workflow suggestions

Herbert is designed to assist, not replace, human decision-making.

• Users retain full control over all actions
• Any automation is user-authorized
• AI outputs may not always be accurate

Herbert does not initiate financial transactions or execute critical actions without user involvement.

Herbert integrates with third-party services such as QuickBooks.

When you connect an integration:

• You authorize Herbert to access specific data required for functionality
• We request only the minimum permissions necessary
• Authentication is handled via secure OAuth flows

Herbert does not store third-party service credentials (e.g., QuickBooks login details).

You may revoke integration access at any time through your account settings or directly through the third-party provider.

We are not responsible for third-party privacy practices.

We may share data only:

• With trusted service providers (e.g., hosting via Supabase, infrastructure, analytics)
• To comply with legal obligations
• To protect rights, safety, and system integrity

All providers are required to safeguard your data.

Herbert stores data using secure infrastructure providers, including Supabase.

We implement industry-standard safeguards, including:

• Encryption in transit (HTTPS)
• Encryption of sensitive tokens and credentials at rest
• Secure authentication systems
• Role-based access controls

Access to user data is restricted to authorized personnel and only when necessary for system operation, maintenance, or support.

While no system is completely secure, we take reasonable measures to protect your information.

We retain data only as long as necessary to:

• Provide Herbert's services
• Meet legal and regulatory requirements
• Maintain system integrity and audit trails
• Resolve disputes

You may request deletion of your data at any time.

We respond to verified data deletion requests within a reasonable timeframe (typically within 30 days).

We aim to provide users with the ability to export their data in a structured, commonly used format where feasible.

You may:

• Access your data
• Request correction or deletion
• Disconnect integrations
• Request export of your data

To exercise these rights, contact: herbert@herbert.wiki

We use minimal cookies or similar technologies to:

• Maintain secure sessions
• Improve system performance

We do not use invasive cross-site tracking or sell behavioral data.

In the event of a data breach affecting user information, we will take reasonable steps to notify affected users in accordance with applicable laws.

Herbert is operated in the United States. By using the service, you understand that your data may be processed and stored in the United States.

Herbert is intended only for individuals 21 years of age or older. We do not knowingly collect data from individuals under 21.

We may update this Privacy Policy periodically. Continued use of Herbert constitutes acceptance of updates.

Herbert herbert@herbert.wiki