Privacy Policy

Last updated: April 26, 2026

This Privacy Policy describes how Busic Digital, LLC, a Montana limited liability company ("Busic Digital," "we," "us"), collects, uses, and shares information when you install or use the CleanSync integration for Jobber, the cleansync.io website, the CleanSync email programs (including lifecycle emails, periodic digests, weekly scorecards, and any business-to-business outreach we send), the public Trusted Cleanersdirectory, the public CleanSync roadmap and changelog, and any related services (collectively, the "Service"). By installing or using the Service, or by responding to or interacting with our email programs, you agree to this Policy. If you do not agree, do not install the Service, uninstall it from your Jobber App Marketplace, and/or unsubscribe from any email program.

1. Who this Policy covers

This Policy applies to data we process in connection with the Service — primarily data from the Jobber account you connect, data you enter into the CleanSync dashboard, and data we fetch from third-party calendar feeds (Airbnb, Vrbo, or other iCal sources) that you configure. It also applies to:

• prospective customers located in the United States whose business email addresses appear on commercially-licensed or publicly-available B2B lists and whom we contact by email about CleanSync. We do not currently send outreach email to recipients outside the United States;
• visitors to cleansync.io who submit a feature request, click a directory entry, or write to our support inbox;
• cleaning businesses who opt in to be listed in the public Trusted Cleaners directory;
• authors of public business-context posts on industry forums (such as Reddit communities focused on cleaning businesses or short-term rentals, Hacker News threads about our product category, or comparable public professional forums) when we monitor industry-relevant keywords in order to publish a helpful public reply. We limit this to posts made in a clearly business or professional context, we do not reference personal-account posts, and we retain only what we need to draft the single reply (no long-term profile of the author is stored).

This Policy does not cover data handled directly by Jobber, Airbnb, Vrbo, or any other third party on their own platforms — those parties have their own privacy policies that govern their collection and use of your data.

Busic Digital is the controller of personal information processed through the Service for the purposes of the EU and UK General Data Protection Regulation ("GDPR"), and a "business" for the purposes of the California Consumer Privacy Act / California Privacy Rights Act ("CCPA/CPRA").

2. What we collect

From Jobber (via OAuth, once you authorize the app)

• Your Jobber account identifier and organization display name.
• OAuth access and refresh tokens issued to the Service by Jobber.
• Client, property, and job data returned by Jobber's API when we list pickers in the dashboard or when we create, update, or close jobs on your behalf.
• Webhook notifications from Jobber about changes you make in Jobber (client/job/visit create, update, destroy; app disconnect).

From you (via the CleanSync dashboard, support inbox, and public forms)

• A display nickname for each rental you add.
• Airbnb, Vrbo, and any additional iCal URLs you paste in.
• Cleaning preferences you configure: duration, start time, timezone, line-item name and description, unit price, quantity, and the Jobber team member you assign.
• A notification email address where we send sync-error alerts.
• Feature requests, bug reports, or other messages you submit through the in-app feedback widget or the /feedbackpage, including an optional email for follow-up and a "display first name on the public roadmap" opt-in toggle.
• Messages sent to support@cleansync.io, including subject, body, and any attachments.
• Trusted Cleaners directory listing information you submit if you opt in — business name, service area, city, service description, public contact method, and any additional facts you provide about your business.

From the iCal feeds you configure

• Booking identifiers (iCal UIDs) and event dates (check-in/check-out).
• Any summary or description text included in the iCal event by the source platform. We read the minimum needed to schedule a cleaning; we do not attempt to enrich or cross-reference this data.

From prospective customers we contact by email (outreach)

We currently limit outreach to business contacts located in the United States. If we identify you or your business as a potential U.S.-based customer for CleanSync through publicly-available information (for example, a business directory, your public business website, or a commercial B2B lead database we license), we may process the following for the purpose of a targeted outreach email:

• your business email address and the domain it is associated with;
• your business name, your role within that business (if publicly available), and public indicators of your use of short-term-rental booking platforms (for example, reviews referencing vacation-rental turnovers);
• whether you opened, clicked, or replied to our emails, and the content of any reply you send us.

We use this data only to contact you, to measure whether our outreach is relevant, and to honor your requests (including unsubscribes and deletion requests). We do not sell, share, or disclose your contact information to third parties other than the sub-processors listed in Section 4.

From public posts when we monitor relevant keywords (social listening)

We may review posts made in public business or professional contexts (for example, posts in subreddits focused on cleaning businesses or short-term rentals, Hacker News threads about our product category, or comparable public professional forums) that mention our product category or relevant keywords, solely to identify questions we can helpfully answer with a public reply. We reference only posts that the author clearly intended to be public and business-relevant; we do not reference personal-account posts, private messages, or content from platforms that restrict third-party reuse. We do not store personal data from these posts beyond what is necessary to draft and send a single public reply, we do not compile author profiles, and we do not attempt to identify or contact the author outside the platform where the post was made.

Automatically

• Operational metadata: timestamps of syncs, counts of jobs created/updated/cancelled, error categories and messages tied to your account, and webhook processing logs.
• Standard server logs when you visit cleansync.io (IP address, user agent, referrer, timestamps) for security, rate-limiting, and debugging. These are kept short-term and are not used to build marketing profiles.
• Referral / affiliate attribution parameters. If you arrive at cleansync.io from a tracked link (for example, our Jobber affiliate link, or a referral from an existing CleanSync customer), we and our affiliate-tracking sub-processor (see Section 4) record that attribution so that credit or commission can be assigned correctly.
• Email-delivery telemetry.Whether your transactional or lifecycle email was delivered, bounced, or was marked as spam, via the email service provider's standard delivery reports.
• A derived 0–100 account health score, computed daily for your own CleanSync account from your own operational metrics (sync freshness, error rate, property-count trend, activation signals). The score is used only to proactively help you if your integration appears to be failing; it is not shared, sold, or displayed outside our internal operations dashboard.
• Interaction data with our lifecycle emails and digests — whether you opened or clicked the email — used operationally, for example to suppress further messages to an address that consistently bounces.

What we do not collect

We do not intentionally collect payment information, government IDs, health information, precise geolocation, biometric data, or data from children. We do not ask you for Jobber passwords — access is always granted via Jobber's OAuth flow and can be revoked at any time from your Jobber App Marketplace.

3. How we use your data and legal bases

• Service delivery. Read bookings from your iCal feeds on the schedule you choose, and create, update, or cancel corresponding Jobber cleaning jobs.
• Support and customer-success communications.Send error-alert emails to the address you configure; respond to your support requests; send onboarding, lifecycle, retention-save, and customer-success messages; send periodic digests or scorecards about your account's health and results.
• Service operations and abuse prevention. Operate, secure, monitor, debug, and improve the Service; prevent abuse; apply rate limits to public submission endpoints; plan capacity.
• Business-to-business outreach. Contact prospects described in Section 2 with a limited volume of relevant emails about CleanSync; measure engagement; suppress further contact when you unsubscribe, indicate non-interest, or bounce.
• Trusted Cleaners directory (opt-in). Publish the business information you submit on a public page at cleansync.io/cleaners; present referral and ranking information to visitors of that page.
• Feature-request intake and public roadmap.Triage, respond to, and (where we choose to build it) ship features that customers and prospects request. Display request titles, vote counts, and, where you opted in, the requester's first name on the public roadmap.
• Affiliate program participation. Record clicks on our Jobber affiliate link and attribute resulting Jobber signups, for commission purposes.
• Operational triage and drafting. Use automated processes — some of which rely on third-party sub-processors listed in Section 4 — to triage support inquiries and feature requests, classify replies to outreach, score account health, and prepare drafts of operational content. A human at Busic Digital reviews every draft before it is sent to you or made public; we do not make decisions with legal or significant effect on you by solely automated means. See Section 11.
• Legal and enforcement. Comply with applicable law and enforce our Terms of Service.

Where GDPR or UK GDPR applies, our legal bases are:

(a) performance of a contract with you (to provide the Service, the Trusted Cleaners listing, and support for customers);
(b) our legitimate interests in operating and securing the Service, preventing abuse, improving our product, and promoting the Service to relevant business contacts by email, each balanced against your rights — and in the case of outreach, always subject to an immediate unsubscribe mechanism;
(c) consent where required, including for the optional public display of your first name on our roadmap and for your opt-in to the Trusted Cleaners directory; and
(d) compliance with our legal obligations.

We do not sell your personal information. We do not share your data with advertisers, we do not use it for cross-context behavioral advertising, and we do not train machine-learning models on it. For CCPA/CPRA purposes we do not "sell" or "share" personal information as those terms are defined.

4. Who we share it with (sub-processors and dependencies)

The Service relies on a small set of service providers. Each processes data only as needed to perform the function we pay them for:

• Amazon Web Services, Inc. — hosting, storage (DynamoDB, S3), compute (Lambda), transactional email (SES), web application firewall, and key management (KMS), located in the us-east-2 region (Ohio, USA).
• Vercel Inc. — hosting and delivery of the cleansync.io web dashboard and public site.
• Jobber (Octopusapp Inc.)— the platform the Service integrates with. All data flowing to or from Jobber is subject to Jobber's own terms and privacy policy.
• Airbnb, Vrbo, and any additional iCal sources you configure — we fetch the iCal URLs you paste in. We do not send them data; we only read.
• Instantly.ai (Bizzy Inc.) — outbound-email service used to deliver our business-to-business outreach campaigns, process replies, and manage suppression/unsubscribe. Data shared with Instantly is the outreach-lead record (business email, company name, public role indicators) and any reply content you send us in response to our outreach.
• Anthropic, PBC — cloud service provider used for text classification and drafting assistance (support triage, reply classification, lifecycle-email personalization, content drafting). We redact email addresses, phone numbers, tokens, and other identifying fields from content before it is sent to Anthropic, and Anthropic is contractually prohibited from using our inputs or outputs to train its models.
• Google Analytics 4 (Google LLC) — web analytics for cleansync.io. Google Analytics uses cookies (_ga, _ga_*) and processes IP addresses to attribute visits and conversions. We have configured the IP-anonymization setting (anonymize_ip) and Consent Mode v2 with default-denied storage, so cookies are only set when a visitor explicitly accepts via our cookie banner; otherwise Google receives only aggregated, cookieless signals. Server-side conversion events (install funnel, affiliate clicks) flow through Google’s Measurement Protocol independently of the browser consent banner because they originate from our own servers, not from cookies set in your browser.
• Microsoft Clarity (Microsoft Corporation) — produces aggregate heatmaps and session-replay recordings of how visitors interact with cleansync.io. Clarity sets cookies (_clck, _clsk) and records mouse movement, clicks, and scroll position. Recording is gated on the same cookie-banner consent as Google Analytics: until you click "Accept all," Clarity loads in a no-recording / no-cookie mode and we receive no session-replay data for your visit. Clarity by default masks form input fields and any element containing the class data-clarity-mask; we use Clarity only for product UX improvement (e.g. spotting where visitors get stuck during onboarding) and never sell or share recordings.
• PartnerStack (GrowSumo, Inc.) — tracks clicks on our Jobber affiliate link and records resulting commissions. PartnerStack processes the minimum identifiers required to attribute a click and a downstream signup.
• Cloudflare, Inc. — provides rate-limiting, a web application firewall, and CAPTCHA-free bot mitigation (Turnstile) for our public web endpoints. Cloudflare processes minimum traffic metadata (including IP address and user agent) for these functions.

We may disclose information if required by law, subpoena, or valid legal process, or to protect the rights, property, or safety of Busic Digital, our users, or others. If Busic Digital or the Service is acquired, merged, or sold, data may be transferred to the successor entity subject to this Policy or a successor policy with comparable protections.

5. Where data is stored and international transfers

Data is stored in the United States (AWS us-east-2, Ohio). If you are located outside the United States — including in the European Economic Area, the United Kingdom, Canada, Australia, or elsewhere — your personal data will be transferred to, stored, and processed in the United States, which may have data-protection laws that differ from those in your country. For transfers from the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Agreement / UK Addendum, and the equivalent Swiss transfer mechanisms, as applicable. By using the Service you consent to that transfer.

6. How long we keep it

We retain data for the period necessary to provide the Service and to meet our legal and operational needs, as follows:

• Installed-account data (your Jobber account record, rentals, bookings, error history, dashboard preferences). Retained for as long as the Service is installed. When you uninstall, we immediately invalidate cached tokens and schedule your account data for permanent deletion 30 days later. The 30-day window lets you reinstall and resume without losing your settings. If you want immediate, irreversible deletion instead, email support@cleansync.io from the email address on the connected Jobber account and ask for immediate purge.
• Outreach and lead data. If you are a U.S.-based prospect on our B2B outreach list, we retain your contact record for up to 24 months after our last contact attempt or your last response, whichever is later, unless you request suppression or unsubscribe sooner. Suppression requests are honored indefinitely: we keep a minimal suppression record (email address and suppression date) so that we can continue to comply with CAN-SPAM §5 and our own commitment never to contact you again. You may request full deletion of your outreach record at any time; even after deletion we retain the minimal suppression record unless you specifically direct us otherwise and accept that we may not be able to detect a future re-addition of the same address from a subsequent list.
• Support inbox. Emails sent to support@cleansync.io and their classifications are retained for 90 days in the default case. Longer retention applies only if a specific message is linked to an open customer issue, a legal hold, or an abuse investigation.
• Feature requests. Stored until the requested feature ships plus 90 days, or until you ask us to delete your submission.
• Account health score. The daily score for your account is retained for 90 days; older rows are deleted by automated TTL.
• Trusted Cleaners directory. Your listing persists as long as you remain opted in. Upon opt-out, deletion request, or our discretionary removal for quality or abuse reasons, we remove your public listing within 7 days.
• Limited operational logs (for example, anonymized request traces, aggregate metrics, audit logs of administrative actions) may be retained longer for security, debugging, and legal-compliance purposes, but are not used to re-identify you.

7. How we protect it

• All traffic to and from cleansync.io and our APIs is encrypted over HTTPS (TLS).
• Data at rest in AWS is encrypted. Tables holding sensitive data (WorkItems, support-email metadata, feature requests, health scores, outreach audit logs) are encrypted using an AWS KMS customer-managed key in addition to the default encryption at the storage layer.
• OAuth tokens are stored only as long as needed to operate the Service and are rotated on refresh.
• Webhook requests from Jobber are verified using HMAC signatures before we act on them. Webhook requests from Instantly.ai are verified using a shared HMAC secret.
• Public forms, including /feedback, are protected by bot mitigation (Cloudflare Turnstile), per-IP and per-account rate limits, honeypot fields, and server-side input validation.
• Access to our operations dashboard requires a password (stored in AWS Secrets Manager) plus a magic-link email confirming control of the Busic Digital inbox. All administrative actions are logged to an audit table for forensic review.
• Source-code repositories are scanned for accidental credential exposure before each commit.
• Least-privilege IAM policies are enforced per Lambda function; no single service has access beyond what it needs to do its job.

No system is perfectly secure. We cannot guarantee that unauthorized access, data loss, or disclosure will never occur, and you use the Service at your own risk. If we become aware of a breach affecting your data, we will notify you in accordance with applicable law.

8. Your rights and choices

Everyone who uses the Service has the following practical controls:

• Access. Review the rentals, settings, error log, and booking/job status directly in the CleanSync dashboard at any time.
• Correction. Edit any setting in the dashboard.
• Deletion. Disconnect the app from the Jobber App Marketplace at any time. See Section 6 for retention timing, or email us for immediate purge.
• Data portability. Your settings are visible in the dashboard and in Jobber itself; on request we will export your CleanSync-stored rentals and bookings in JSON.
• Revoke OAuth.Revoke the Service's access to your Jobber account at any time from the Jobber App Marketplace.

If you are a prospective customer contacted by our outreach:

• Unsubscribe. Every outreach email contains a one-click unsubscribe link and honors the List-Unsubscribeheader. You can also reply with "STOP" or "UNSUBSCRIBE"; we will honor it within one business day.
• Request deletion of your outreach record entirely (as distinct from suppression) by emailing support@cleansync.io. In that case we remove your record from our active outreach database but retain a minimal suppression entry so we do not re-add you.

If you are listed in the Trusted Cleaners directory:

• Edit your listing through the CleanSync dashboard while you remain opted in.
• Remove your listing by toggling off the opt-in switch in the dashboard, or by emailing us. We remove public listings within 7 days of a valid request.

If you submitted a feature request:

• Delete your submission by emailing us with the request title or the confirmation email you received.
• Withdraw public-display consent at any time; we will mask any first-name attribution associated with the request.

Additional rights under regional laws. Depending on where you live, you may have additional rights:

• EEA / UK / Switzerland (GDPR and UK GDPR): right of access, rectification, erasure, restriction of processing, data portability, objection (including a standing objection to direct-marketing processing), and to withdraw consent (where we rely on it). You may also lodge a complaint with your local supervisory authority.
• California (CCPA/CPRA):right to know/access, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and non-discrimination for exercising your rights. We do not "sell" or "share" personal information as defined.
• Canada (PIPEDA): right to access and correct your personal information and to ask how it is handled.
• Other U.S. states(including Montana under the Montana Consumer Data Privacy Act, as well as Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and others as applicable): analogous rights of access, deletion, correction, and opt-out from targeted advertising or "sales," where those laws apply.
• Australia (Privacy Act 1988): right to access and correct your personal information.
• New Zealand (Privacy Act 2020): right to access, correct, and complain to the Office of the Privacy Commissioner about the way we handle your personal information.
• South Africa (POPIA): right of access, correction, deletion, and objection to processing, where the Protection of Personal Information Act applies to you.

To exercise any of these rights, email support@cleansync.io. We will verify your identity before responding and may ask for information to confirm you are the owner of the affected Jobber account, outreach record, or directory listing. You may authorize an agent to act for you, subject to applicable law. You have the right not to be discriminated against for exercising any of these rights.

9. Children

The Service is intended for business users only and is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe a child's information has been submitted, contact us and we will delete it.

10. Cookies, tracking, and analytics

The cleansync.io dashboard uses cookies (or equivalent browser storage) necessary to keep you signed in and to remember your session preferences. We also use Google Analytics 4 cookies for website analytics (described below). We do not use third-party advertising cookies or cross-site tracking pixels. We do not currently respond to "Do Not Track" browser signals because there is no common industry standard for interpreting them; where legally required, we honor recognized opt-out preference signals such as Global Privacy Control (GPC).

Website analytics — Google Analytics 4. We use Google Analytics 4 (provided by Google LLC) to understand how visitors use cleansync.io. Google Analytics sets cookies named _ga and _ga_<property-id>in your browser. These cookies generate a randomized client identifier so Google can deduplicate repeat visits and attribute conversions across sessions. We have enabled the IP- anonymization setting so the last octet of your IP address is discarded by Google before storage. We have also enabled Consent Mode v2 with default-denied storage: when you first visit cleansync.io you will see a cookie banner with two choices — "Accept all" (Google Analytics cookies are set, full attribution data is collected) or "Essential only" (Google Analytics receives only cookieless aggregated signals; no _gacookie is set in your browser). Your choice is remembered in your browser's localStorage and is honored on every subsequent visit. You can clear it by clearing site data for cleansync.io.

Server-side conversion events.A small number of business-critical events (install completions, affiliate-link clicks, first-property-added, first-sync- completed, feature-request submissions) are sent to Google Analytics directly from our servers using Google's Measurement Protocol. These events do not rely on a browser cookie and are sent regardless of the cookie-banner choice; they are operational conversion telemetry, not behavioral tracking. Each event carries a deterministic, one-way-hashed identifier derived from your account ID (when you are signed in) or from a daily rotating hash of your User-Agent and IP address (when you are not), so Google can attribute the event without identifying you.

Heatmaps and session replay — Microsoft Clarity. We use Microsoft Clarity (provided by Microsoft Corporation) to record aggregate heatmaps and session replays of visitor interactions on cleansync.io. Clarity sets cookies (_clck,_clsk) and observes pointer movement, clicks, scroll position, and form field focus events (with input contents masked by default). Recording is gated on the same "Accept all" cookie-banner click as Google Analytics; until you accept, Clarity loads but does not record or set cookies. We use Clarity only to identify UX friction (e.g. where visitors get stuck during install or onboarding) and never sell, share, or republish recordings.

Outreach-email tracking. Our outreach emails may include an open-tracking pixel or link-redirect used solely to measure whether the message was delivered, opened, or clicked. This data is used operationally (for example, to stop sending to addresses that bounce) and is deleted with the underlying lead record.

Cloudflare Turnstile. Our public submission forms include Cloudflare Turnstile to prevent automated abuse. Turnstile is designed to work without tracking cookies and does not build a profile across sites.

11. Automated processing and human review

Busic Digital uses automated processes — including third-party sub-processors listed in Section 4 — to classify incoming email, compute your account's daily health score from your own operational metrics, score prospective-customer leads for relevance, and prepare drafts of operational content (support responses, lifecycle and onboarding emails, outreach-reply drafts, blog and changelog copy, directory moderation).

Before content that may contain personal data is sent to a sub-processor for assistance with classification or drafting, we redact email addresses, phone numbers, access tokens, and other identifying fields not required for the task. That sub-processor is contractually prohibited from using our inputs or outputs to train its own models.

A human at Busic Digital reviews every draft before it is sent to you or made public and holds editorial responsibility for the published or sent result. No decision that would produce legal effects concerning you or similarly significantly affect you — for example, whether we will support your account, respond to your inquiry, list you in the directory, or credit you for a referral — is made solely by automated means.

12. Affiliate program and referral disclosure

If you arrive at CleanSync via a link from our marketing content or from an affiliate of ours, the referring link may include a tracking parameter that lets our affiliate-tracking sub-processor (PartnerStack, Section 4) attribute the referral and credit the appropriate commission.

When you click our "Start a Jobber trial" link on cleansync.io (or in our marketing content or outreach emails), Busic Digital may earn a commission from Jobber if you subscribe to Jobber. There is no additional cost to you, and the commission does not change the terms of your relationship with Jobber.We disclose this relationship in accordance with the U.S. Federal Trade Commission's Guides Concerning the Use of Endorsements and Testimonials in Advertising and applicable analogues.

13. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date above. Material changes will also be announced via email to the notification address on file for your account (if you are a CleanSync customer) and to the contact address on our outreach list (if you are a prospective customer we are in contact with). Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

14. Contact

Privacy questions, access or deletion requests, or concerns: support@cleansync.io

Mailing address:
Busic Digital, LLC
Flathead County, Montana, United States

If you are in the EEA, UK, or Switzerland and need a specific point of contact for data protection inquiries, please email us at the address above and we will respond in accordance with applicable law.