Data we access
BirchSight(“we”, “us”) provides software that connects property-management work-order email (Property Meld) to field-service dispatch tools (Jobber). This policy explains what data we access, how we use it, and how we protect it.
- Google account profile — email address and basic profile fields used for authentication.
- Gmail messages — message content, headers, and metadata for emails identified as Property Meld work-order notifications. Access is limited to inbox read and thread reply.
- Jobber account data — clients, properties, and jobs we create or update on your behalf via the Jobber API.
- Operational metadata — sync timestamps, error logs, and audit records of actions we take in your accounts.
How we use it
- Extract structured work-order details from Property Meld emails using a third-party large-language-model provider (currently Google Vertex AI; see §5).
- Create or update matching jobs in your Jobber account.
- Reply to the original Property Meld email thread with status updates when your team marks a job’s milestone in Jobber.
- Display sync history and error states in your BirchSight dashboard.
3. Google API Services User Data Policy — Limited Use
BirchSight’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We use Gmail data only to provide and improve user-facing features of BirchSight that are prominent in the application’s UI.
- We do not transfer Gmail data to third parties except to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
- We do not use Gmail data to serve advertisements, including retargeting, personalized, or interest-based advertising.
- Humans do not read Gmail data unless we have your specific consent, it is necessary for security purposes (e.g. investigating abuse), to comply with applicable law, or the data has been aggregated and anonymized for internal operations.
How we store and protect data
- Encryption in transit (TLS 1.2+) for all third-party API calls.
- OAuth refresh tokens for connected Google and Jobber accounts are encrypted at rest using AES-256-GCM with envelope encryption backed by AWS KMS. The tenant identifier and token purpose are bound into the cipher’s associated data so a leaked ciphertext cannot be decrypted into a different tenant’s context.
- Per-tenant logical isolation is enforced via Postgres row-level security on every tenant-scoped database row. The runtime database role cannot bypass RLS.
- Inbound emails are validated against DKIM, SPF, and DMARC; outbound replies are restricted to recipients on a per-tenant allowlist.
Subprocessors
We use the following third-party providers to operate the service:
- Google Cloud (Vertex AI) — work-order extraction from email content.
- Amazon Web Services (KMS) — envelope encryption of OAuth tokens.
- Neon (Postgres) — primary application database.
- Vercel — application hosting and serverless execution.
- Inngest — durable background-job orchestration.
- Clerk — authentication and organization management.
- Resend — transactional email (operator alerts).
Retention and deletion
Raw email payloads in our sync log are retained only as long as needed to complete sync and investigate failures: 7 days for successful syncs, up to 90 days for syncs that require manual investigation, after which they are automatically purged by a daily process. Sync summary records, which contain no email content, are retained for the lifetime of your account for audit and debugging purposes.
You may revoke BirchSight’s access to your Google or Jobber account at any time via the relevant provider’s settings; doing so stops further sync and marks your stored tokens as revoked. Deleting your BirchSight account triggers an immediate cascading deletion of all associated data, including stored OAuth credentials, work-order state, sync history, and outbound milestone records.
Contact
Questions or requests: support@birchsight.com.