← Baker Software Solutions

Privacy Policy

Effective 2026-05-16. Last updated 2026-05-16.

1. Who we are

Baker Software Solutions ("BSS," "we," "us") provides AI-assisted audit, automation, and integration services to small and mid-sized operating businesses. We are based in Phoenix, Arizona, United States. Contact: [email protected].

2. Data we collect

We collect the following categories of data from customers:

  • Contact and business information — name, email, phone, company name, role, and similar details you submit through our intake forms or share during discovery calls.
  • Audit survey responses — answers you provide in our self-serve audit survey describing your workflows, tools, and pain points.
  • Call transcripts and recordings — when you participate in a discovery, intake, or working session conducted via our voice assistant or scheduled meeting platforms, we may record and transcribe the conversation.
  • Integration tokens — when you authorize a third-party integration (e.g., QuickBooks Online, Trello, Google Workspace), we store the OAuth refresh token required to call that integration on your behalf, encrypted at rest.
  • Uploaded files and artifacts — documents, spreadsheets, or other files you share with us during an engagement.
  • Billing information — when applicable, processed through Stripe. We do not store full payment card numbers; Stripe holds those.
  • Usage and technical data — server logs, IP addresses, and standard request metadata necessary for security, debugging, and abuse prevention.

3. How we use your data

We use your data to:

  • Deliver the audit, automation, or integration work you engaged us to perform;
  • Connect to and operate authorized third-party integrations on your behalf;
  • Generate reports, recommendations, and deliverables tailored to your business;
  • Communicate with you about your engagement, billing, and service updates;
  • Improve our internal tooling and prevent abuse, security incidents, or fraud.

We do not sell your data. We do not use your data to train general-purpose AI models for parties other than you.

4. Sub-processors

We rely on the following third-party sub-processors to deliver the Service. Each sees only the data necessary for its function, and all are bound by their own contractual data protection terms. We update this list when sub-processors change.

  • Anthropic — LLM inference for audit-survey response analysis and report generation. United States.
  • Vapi.ai — Voice assistant hosting for telephone intake. United States.
  • Cloudflare — DNS, DDoS protection, and HTTPS edge for our domains. Global edge network.
  • DigitalOcean — Compute hosting for the BSS application and per-customer project droplets. United States.
  • Google (Drive, Calendar, Gmail) — File storage for customer deliverables and scheduling. United States.
  • Resend — Outbound transactional email delivery. United States.
  • Stripe — Payment processing for BSS billing. United States.
  • Trello (Atlassian) — When the Trello integration is connected, your Trello board and card data. United States.
  • Intuit (QuickBooks Online) — When the QBO integration is connected, your QBO accounting data. United States.
  • Fathom — Recording and transcription of BSS-hosted discovery calls. United States.

5. Data residency and security

All primary storage of customer data is in United States-region infrastructure. Cloudflare's edge is global by design. We employ the following safeguards:

  • Integration tokens are encrypted at rest using AES-256-GCM with a key isolated from application-level secrets via systemd-managed credentials.
  • All web traffic uses TLS in transit.
  • Every access to a stored integration token is logged with a caller identifier and reason, retained for audit.
  • Internal access is restricted to BSS personnel with operational need.

6. Data retention and deletion

We retain customer data for as long as your engagement with BSS is active and for a reasonable period thereafter for legal, tax-record, and dispute-resolution purposes (typically up to seven years for financially material records). You may request deletion of your data at any time by emailing [email protected]. We will delete identifiable customer data within thirty (30) days of a verified deletion request, except where retention is required by law.

7. Your rights

You have the right to:

  • Access — request a copy of the data we hold about you within fourteen (14) days of a verified request;
  • Correction — request that inaccurate data be corrected;
  • Deletion — request deletion within thirty (30) days, subject to the retention exceptions above;
  • Revoke integration authorizations — disconnect any third-party integration at any time from your customer dashboard or by emailing us;
  • Know who has accessed your integration tokens — request the audit log of token accesses.

8. Breach notification

In the event of a confirmed data breach affecting your data, we will notify you within seventy-two (72) hours of confirmation.

9. Sub-processor changes

We will notify affected customers at least thirty (30) days before adding a new sub-processor that will receive identifiable customer data.

10. Children

The Service is intended for business use. We do not knowingly collect personal information from children under 16.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email and by updating the "Last updated" date at the top of this page.

12. Contact

Privacy questions, data requests, and concerns should be sent to [email protected]. We aim to respond within five business days.