Privacy Policy

Last updated: April 23, 2026

This Privacy Policy describes how Busic Digital, LLC, a Montana limited liability company ("Busic Digital," "we," "us"), collects, uses, and shares information when you install or use the CleanSync integration for Jobber, the cleansync.io website, and any related services (collectively, the "Service"). By installing or using the Service you agree to this Policy. If you do not agree, do not install the Service, or uninstall it from your Jobber App Marketplace.

1. Who this policy covers

This Policy applies to data we process in connection with the Service — primarily data from the Jobber account you connect, data you enter into the CleanSync dashboard, and data we fetch from third-party calendar feeds (Airbnb, Vrbo, or other iCal sources) that you configure. It does not cover data handled directly by Jobber, Airbnb, Vrbo, or any other third party on their own platforms — those parties have their own privacy policies that govern their collection and use of your data. Busic Digital is the controller of personal information processed through the Service for the purposes of the EU and UK General Data Protection Regulation ("GDPR"), and a "business" for the purposes of the California Consumer Privacy Act / California Privacy Rights Act ("CCPA/CPRA").

2. What we collect

From Jobber (via OAuth, once you authorize the app):

• Your Jobber account identifier and organization display name.
• OAuth access and refresh tokens issued to the Service by Jobber.
• Client, property, and job data returned by Jobber's API when we list pickers in the dashboard or when we create, update, or close jobs on your behalf.
• Webhook notifications from Jobber about changes you make in Jobber (client/job/visit create, update, destroy; app disconnect), which we use to keep our records consistent with yours.

From you (via the CleanSync dashboard):

• A display nickname for each rental you add.
• Airbnb, Vrbo, and any additional iCal URLs you paste in.
• Cleaning preferences you configure: duration, start time, timezone, line-item name and description, unit price, quantity, and the Jobber team member you assign.
• A notification email address where we send sync-error alerts.

From the iCal feeds you configure:

• Booking identifiers (iCal UIDs) and event dates (check-in/check-out).
• Any summary or description text included in the iCal event by the source platform. We read the minimum needed to schedule a cleaning; we do not attempt to enrich or cross- reference this data.

Automatically:

• Operational metadata: timestamps of syncs, counts of jobs created/updated/cancelled, error categories and messages tied to your account, and webhook processing logs.
• Standard server logs when you visit cleansync.io (IP address, user agent, referrer, timestamps) for security and debugging. These are kept short-term and are not used to build marketing profiles.

We do not intentionally collect payment information, government IDs, health information, precise geolocation, biometric data, or data from children. We do not ask you for Jobber passwords — access is always granted via Jobber's OAuth flow and can be revoked at any time from your Jobber App Marketplace.

3. How we use your data and legal bases

• Service delivery. Read bookings from your iCal feeds on the schedule you choose, and create, update, or cancel corresponding Jobber cleaning jobs.
• Support and notifications. Send you error-alert emails to the address you configure; respond to your support requests.
• Service operations. Operate, secure, monitor, debug, and improve the Service; prevent abuse; plan capacity.
• Legal and enforcement. Comply with applicable law and enforce our Terms of Service.

Where GDPR or UK GDPR applies, our legal bases are: (a) performance of a contract with you (to provide the Service); (b) our legitimate interests in operating and securing the Service, preventing abuse, and improving our product (balanced against your rights); and (c) compliance with our legal obligations. We do not rely on consent for the core Service, but where consent is required we will ask for it.

We do not sell your personal information. We do not share your data with advertisers, we do not use it for cross-context behavioral advertising, and we do not train machine-learning models on it. For CCPA/CPRA purposes we do not "sell" or "share" personal information as those terms are defined.

4. Who we share it with (sub-processors & dependencies)

The Service relies on a small set of service providers. Each processes data only as needed to perform the function we pay them for:

• Amazon Web Services, Inc. — hosting, storage (DynamoDB), compute (Lambda), and transactional email (SES), located in the us-east-2 region (Ohio, USA).
• Vercel Inc. — hosting and delivery of the cleansync.io web dashboard.
• Jobber (Octopusapp Inc.) — the platform the Service integrates with. All data flowing to or from Jobber is subject to Jobber's own terms and privacy policy.
• Airbnb, Vrbo, and any additional iCal sources you configure — we fetch the iCal URLs you paste in. We do not send them data; we only read.

We may disclose information if required by law, subpoena, or valid legal process, or to protect the rights, property, or safety of Busic Digital, our users, or others. If Busic Digital or the Service is acquired, merged, or sold, data may be transferred to the successor entity subject to this Policy or a successor policy with comparable protections.

5. Where data is stored and international transfers

Data is stored in the United States (AWS us-east-2, Ohio). If you are located outside the United States — including in the European Economic Area, the United Kingdom, Canada, Australia, or elsewhere — your personal data will be transferred to, stored, and processed in the United States, which may have data-protection laws that differ from those in your country. For transfers from the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Agreement / UK Addendum, and the equivalent Swiss transfer mechanisms, as applicable. By using the Service you consent to that transfer.

6. How long we keep it

We retain your data for as long as the Service is installed in your Jobber account. When you uninstall the Service from the Jobber App Marketplace (or Jobber notifies us that the app was disconnected), we immediately invalidate cached tokens and schedule your account data — Jobber account record, rentals, bookings, error history — for permanent deletion 30 days later. The 30-day window lets you reinstall and resume without losing your settings.

If you want immediate, irreversible deletion instead of the grace period, email support@cleansync.io from the email address on the connected Jobber account and ask for immediate purge.

Limited operational logs (e.g., anonymized request traces, aggregate metrics) may be retained longer for security, debugging, and legal-compliance purposes, but are not used to re-identify you.

7. How we protect it

• All traffic to and from cleansync.io and our APIs is encrypted over HTTPS (TLS).
• Data at rest in AWS is encrypted using AWS-managed keys. Access is restricted via least-privilege IAM policies.
• OAuth tokens are stored only as long as needed to operate the Service and are rotated on refresh.
• Webhook requests from Jobber are verified using HMAC signatures before we act on them.

No system is perfectly secure. We cannot guarantee that unauthorized access, data loss, or disclosure will never occur, and you use the Service at your own risk. If we become aware of a breach affecting your data, we will notify you in accordance with applicable law.

8. Your rights and choices

Everyone who uses the Service has the following practical controls:

• Access. Review the rentals, settings, error log, and booking/job status directly in the CleanSync dashboard at any time.
• Correction. Edit any setting in the dashboard.
• Deletion. Disconnect the app from the Jobber App Marketplace at any time. See Section 6 for retention timing, or email us for immediate purge.
• Data portability. Your settings are visible in the dashboard and in Jobber itself; on request we will export your CleanSync-stored rentals and bookings in JSON.
• Revoke OAuth. Revoke the Service's access to your Jobber account at any time from the Jobber App Marketplace.

Additional rights under regional laws. Depending on where you live, you may have additional rights:

• EEA / UK / Switzerland (GDPR and UK GDPR): right of access, rectification, erasure, restriction of processing, data portability, objection, and to withdraw consent (where we rely on it). You may also lodge a complaint with your local supervisory authority.
• California (CCPA/CPRA): right to know/access, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and non-discrimination for exercising your rights. We do not "sell" or "share" personal information as defined.
• Canada (PIPEDA): right to access and correct your personal information and to ask how it is handled.
• Other U.S. states (including Montana under the Montana Consumer Data Privacy Act, as well as Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and others as applicable): analogous rights of access, deletion, correction, and opt-out from targeted advertising or "sales," where those laws apply.
• Australia (Privacy Act 1988): right to access and correct your personal information.

To exercise any of these rights, email support@cleansync.io. We will verify your identity before responding and may ask for information to confirm you are the owner of the affected Jobber account. You may authorize an agent to act for you, subject to applicable law. You have the right not to be discriminated against for exercising any of these rights.

9. Children

The Service is intended for business users only and is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe a child's information has been submitted, contact us and we will delete it.

10. Cookies and tracking

The cleansync.io dashboard uses only the cookies (or equivalent browser storage) necessary to keep you signed in and to remember your session preferences. We do not use third-party advertising cookies or cross-site tracking pixels. We do not currently respond to "Do Not Track" browser signals because there is no common industry standard for interpreting them; where legally required, we honor recognized opt-out preference signals such as Global Privacy Control (GPC).

11. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date above. Material changes will also be announced via email to the notification address on file for your account, and continued use of the Service after the effective date constitutes acceptance of the updated Policy.

12. Contact

Privacy questions, access or deletion requests, or concerns: support@cleansync.io

Mailing address:
Busic Digital, LLC
Flathead County, Montana, United States

If you are in the EEA, UK, or Switzerland and need a specific point of contact for data protection inquiries, please email us at the address above and we will respond in accordance with applicable law.