Privacy Policy

Payable by Cephgate  ·  Effective Date: April 3, 2026  ·  Last Updated: April 9, 2026

This Privacy Policy describes how Cephgate LLC ("we," "us," or "our") collects, uses, and protects information when you use Payable, our Gmail add-on for accounts payable automation ("the Service"). By using Payable, you agree to the practices described in this policy.

1. Information We Collect

Payable accesses the following information solely to provide the Service:

• Gmail email content — subject lines, email body text, and file attachments (PDFs, images, DOCX files) from emails you open while using Payable. We only process emails you actively open; we do not scan your entire inbox.
• QuickBooks data — vendor records, purchase orders, payment accounts, and payment methods from your connected QuickBooks Online account, used to match and route invoices.
• Google account email address — used to associate your QuickBooks connection with your account.
• User preferences — settings you configure within Payable (approval thresholds, payment defaults, categories), stored locally in Google Apps Script User Properties.

2. How We Use Your Information

AI Processing Disclosure: When you open an email in Gmail while using Payable, the following information from that email is sent to Anthropic's Claude AI model for analysis:

• The email subject line
• The email body text (up to 2,000 characters)
• Any invoice, receipt, or document attachments (PDFs, images, Word documents)

This data is transmitted to Anthropic's API servers to extract financial information such as vendor name, invoice number, amount, payment terms, and vendor contact details. Only emails you actively open while the Payable sidebar is active are processed. We do not scan, read, or transmit your entire inbox.

We also use your information to:

• Match invoices to existing vendors and purchase orders in your QuickBooks account
• Create bills, expenses, and vendor records in QuickBooks on your behalf when you click Save
• Attach invoice documents to QuickBooks records for audit purposes

AI model training: We do not use your data to train AI models. Anthropic's API usage policies prohibit training on API data. We do not sell, rent, or share your data with third parties for marketing purposes.

3. Data Storage and Retention

• QuickBooks OAuth tokens are stored encrypted in Upstash Redis (a secure, SOC 2 compliant service) and are used solely to authenticate API calls to QuickBooks on your behalf. Tokens are automatically refreshed and expire when you disconnect.
• Email content and attachments are transmitted to Anthropic's Claude API for analysis and are not stored on our servers. Anthropic processes this data per their Privacy Policy and does not retain API request data for model training.
• User preferences are stored in Google Apps Script User Properties, which are tied to your Google account and are not accessible to Cephgate.

4. Third-Party Services

• Anthropic Claude — AI analysis of invoice content. Data sent to Anthropic is subject to Anthropic's Privacy Policy. Anthropic does not use API data to train models.
• Intuit QuickBooks Online — accounting data access and record creation. Subject to Intuit's Privacy Statement.
• Vercel — API hosting. Subject to Vercel's Privacy Policy.
• Upstash — encrypted token storage. Subject to Upstash's Privacy Policy.

5. Google API Scopes

Payable requests the following Google API scopes, limited to what is strictly necessary:

• gmail.addons.current.message.readonly — read the currently open email and its attachments
• gmail.addons.execute — run the add-on in Gmail
• userinfo.email — identify your Google account to associate your QuickBooks connection
• script.storage — store your preferences locally

Payable's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

6. Security

• Encrypted token storage (AES-256) for all OAuth credentials
• HTTPS-only API communication
• Shared secret authentication between the Gmail add-on and our API servers
• No logging of email content or attachment data

7. Your Rights and Controls

• Disconnect QuickBooks — you can disconnect at any time from Payable Settings. This immediately revokes our access to your QuickBooks data and deletes your stored tokens.
• Uninstall — removing the Payable add-on from Gmail stops all data processing. Your preferences stored in Apps Script User Properties are deleted automatically.
• Data deletion — to request deletion of any data associated with your account, email us at support@cephgate.ai.

8. Children's Privacy

Payable is designed for business use and is not directed at children under 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last Updated" date above. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact