Privacy Policy

Last updated: 12 June 2026

This Privacy Policy explains how Confinity ("Confinity", "we", "us") handles information in connection with the document-workspace service we provide to accounting firms (the "Service"). Please read it together with our Terms of Service.

The short version. Confinity provides and operates the infrastructure your firm's workspace runs on. The accounting firm — not Confinity — decides what client documents are stored and who can access them. We do not sell data, we do not use client documents to train or improve any product, and we host workspaces and their backups in Canada.

1. Our role: who controls what

Confinity offers single-tenant document workspaces. Each firm receives its own isolated server.

Client documents and the user accounts a firm creates (the content stored inside a workspace): the firm is the data controller and Confinity acts as a service / infrastructure provider (processor). We process this content only to host and operate the workspace, and on the firm's instructions.
Account and operational information we hold about the firm itself (see Section 2): Confinity is the controller.

If you are a client of a firm using a Confinity workspace, the firm — not Confinity — is responsible for your documents and account. Please direct privacy requests about that content to your accounting firm.

2. Information we collect

Information you give us

Enquiry & account details — when a firm contacts us or signs up: name, firm name, email address, chosen workspace subdomain, and any details you include in your message.
Billing information — if applicable, the details needed to invoice and collect payment for the Service.

Information generated by operating the Service

Workspace content — the files, folders, and user accounts created within a firm's workspace. This is controlled by the firm; Confinity stores and serves it but does not access it in the ordinary course of operating the Service.
Operational logs & metadata — limited technical records (for example, server and security logs, provisioning records, and backup status) used to keep workspaces running, secure, and recoverable.

This website

This marketing website does not use advertising cookies or third-party analytics trackers. It is served as static pages through our content-delivery and DNS provider, which may process standard request metadata (such as IP address) to deliver and protect the site.

3. How we use information

To provision, host, operate, secure, back up, and support your workspace.
To respond to enquiries and communicate with you about the Service.
To bill for the Service and keep necessary financial records.
To detect, prevent, and respond to security incidents, abuse, or technical problems.
To comply with legal obligations.

We do not sell personal information, and we do not use client workspace content for advertising or to train machine-learning models.

4. Where data is hosted

Workspaces and their backups are hosted in Canada, in the Amazon Web Services ca-central-1 (Montréal) region. Backups are taken as daily whole-disk snapshots with a rolling retention window and are stored in the same region.

5. Sub-processors & service providers

We rely on a small number of providers to deliver the Service:

Amazon Web Services (AWS) — hosting, storage, and backups for workspaces, in the Canada (Montréal) region.
Cloudflare — DNS for the confinity.cloud domain and delivery of this website.

These providers process data on our behalf under their own security and privacy commitments.

6. Security

Each firm's workspace runs on its own dedicated, single-tenant server — there are no shared databases between firms. Connections are encrypted in transit with TLS, certificates are managed automatically, and workspaces are backed up daily. No method of transmission or storage is perfectly secure, but we take reasonable technical and organisational measures to protect the data we handle.

7. Data retention

Workspace content is retained for as long as a firm's workspace is active, plus the duration of the rolling backup window. When a workspace is decommissioned, its server, storage, backups, and DNS record are removed. We retain account and billing records for as long as needed to provide the Service and to meet legal and accounting obligations.

8. Your rights

Depending on where you live, you may have rights to access, correct, or delete personal information we hold about you, or to object to or restrict certain processing.

For information about a firm's account with Confinity, contact us using the details below.
For documents or accounts inside a firm's workspace, contact the accounting firm that controls that workspace — they decide what is stored and who may access it.

9. Children

The Service is intended for use by accounting firms and their clients in a professional context. It is not directed to children.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above. Material changes will be communicated to firms using the Service.

11. Contact

Questions about this policy or our data practices? Email info@kevinfilteau.com.

← Back to home