Privacy Policy (v2025-06)
Effective Date:
1. Who We Are
Fatbaby LLC (“Conto,” “we,” “our,” or “us”) provides an AI-enabled platform that helps U.S. tax professionals manage and collect client documents. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information.
2. Scope & U.S.-Only Service
Conto is intended for use solely within the United States. By using the Service, you consent to your information being stored and processed in the United States.
3. Information We Collect
| Category | Examples | Purpose |
|---|---|---|
| Account Data | Name, email | Account creation, login, support |
| Client Data | Client names/emails entered by accountants | Sending document requests |
| Documents & Extracted Data | Tax forms (W-2, 1099), receipts, SSNs contained therein | Provide core Service (classification, extraction, storage) |
| Usage Data | IP address, device/browser info, page views, events | Analytics, performance, security |
| Communications | Support emails, in-app messages | Respond to inquiries, improve Service |
4. How We Use Information
- Provide, maintain, and improve the Service
- Facilitate document requests and secure uploads
- Operate AI models, including third-party data processing services, to classify and extract data
- Monitor security and prevent fraud
- Send transactional emails via email delivery services and, with consent, product updates
- Meet legal obligations and enforce Terms
5. Sharing & Disclosure
We do not sell personal information. We share it only with:
-
Service Providers (Processors).
- Database and storage providers
- Cloud hosting services
- AI Inference APIs configured so data is not used to train their public models
- Email delivery services
- Third-party document processing services – data stored on cloud infrastructure with encryption at rest and in transit, access limited to secure execution environments, files deleted after 24 hours and never used for training; SOC 2 Type II, HIPAA pipelines available
- Product analytics providers
-
Your Counterparties. Accountants and the clients they invite necessarily share documents between them.
-
Legal or Safety Reasons. To comply with law or protect rights, property, or safety.
-
Business Transfers. In a merger or acquisition, subject to confidentiality.
-
Aggregated/De-identified Data. Non-identifiable statistics for analytics or marketing.
6. Cookies & Tracking
We use essential cookies for authentication and analytics provider cookies for analytics. You can disable cookies in your browser, but some features may break.
7. Data Security
- TLS encryption in transit; database encryption at rest
- Role-based access controls; audit logging
- Regular patching and security monitoring
- Documents processed by third-party processing services are stored on cloud infrastructure with encryption at rest and in transit, access restricted to secure execution environments, and deleted after 24 hours without being used for training
- No internet transmission is 100% secure. You use Conto at your own risk.
8. Data Retention
We keep personal data as long as needed to provide the Service and comply with legal obligations. Deletion occurs upon (i) your request, (ii) account closure, or (iii) the end of required retention periods. Backup data is purged on a rolling schedule. When we use third-party document processing services for analysis, their systems delete files after 24 hours and do not retain them for training.
9. Your Rights
- Access / Correction. View or update account info in-app or by request.
- Deletion. Request erasure of personal data (subject to legal exceptions).
- Opt-out of Non-essential Emails. Use unsubscribe links or contact us.
- California Users. We honor CCPA rights even if we are below formal thresholds; submit requests via the contact information below.
10. Children’s Privacy
The Service is not directed to children under 13. We do not knowingly collect their data. Contact us if you believe we have inadvertently done so.
11. Changes to This Policy
We may revise this Policy periodically. Material changes will be posted in the Service or emailed to account holders.