Your Privacy is Protected

1. Introduction

Financial Frontera LLC d/b/a Conecta ("we," "our," or "us") operates the Conecta platform, a growth platform for tax professionals. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using Conecta, you consent to the data practices described in this Privacy Policy.

2. Information We Collect

Google API Data (Limited Use)

Conecta's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not send Google user data obtained via Google APIs to third-party AI services, and our systems enforce technical controls that prevent such data from being used for AI processing, training, or model improvement.

AI Services and Data Segregation

Conecta uses artificial intelligence ("AI") features to assist users with certain workflows. To comply with the Google API Services User Data Policy (Limited Use requirements), Conecta enforces strict technical data segregation controls.

  • Data obtained via Google APIs (including Google Calendar and Google Business Profile) is explicitly tagged as Google-sourced data.
  • Google-sourced data is never transmitted to, processed by, or shared with any AI services.
  • AI features are available only for content that users manually provide to Conecta (for example: text input or file uploads not obtained via Google APIs).
  • Any attempt to process Google-sourced data using AI services is programmatically blocked and logged.

Conecta does not use Google user data to train, fine-tune, or improve generalized AI or machine learning models.

2.1 Personal Information

  • Account Information: Name, email address, phone number, business address
  • Client Data: Contact information, tax returns, Social Security Numbers (SSNs), Employer Identification Numbers (EINs), financial documents
  • Payment Information: Billing address, payment method details (processed securely by our payment processors)
  • Communication Data: Messages, emails, and other communications with clients and team members

2.2 Technical Information

  • Usage Data: How you interact with our platform, features used, time spent
  • Device Information: IP address, browser type, operating system, device identifiers
  • Cookies and Tracking: Essential cookies for authentication, analytics cookies, marketing pixels

2.3 Meta Platforms Data (Facebook)

When you connect a Facebook account or Page to Conecta, we receive data from Meta Platforms via the Facebook Login and Graph API based on the permissions you grant:

  • Authentication Data: Facebook user ID, name, email address, profile picture, and access tokens required to maintain the connection
  • Page Access: Page IDs, Page names, Page access tokens, and Page roles necessary to manage content on your behalf
  • Content and Engagement Data: Page conversations, comments, messages, posts, scheduled content, insights, and engagement metrics that you explicitly authorize
  • Business Manager Data: Business IDs and asset assignments when you grant the business_management permission
  • Meta Analytics: Aggregated reporting metrics such as reach, impressions, audience demographics, and ad performance associated with the granted scopes

We do not receive any data from Meta Platforms that you have not explicitly authorized through Facebook Login consent dialogs.

2.4 Google Services Data

When you connect a Google account to Conecta, we receive data from Google via OAuth 2.0 and the Google Calendar API based on the permissions you grant:

  • Authentication Data: Google user ID, name, email address, profile picture, and OAuth access tokens required to maintain the connection
  • Calendar Data: Calendar metadata (title, description, default time zone) and calendar events (title, description, date, time, attendees) necessary to see your availability and manage events on your behalf
  • Account Information: Basic profile information associated with your Google account

We do not receive any data from Google that you have not explicitly authorized through Google OAuth consent dialogs. All email communications are sent through AWS SES.

2.5 Google Business Profile Data

When you connect a Google Business Profile to Conecta, we receive data from Google via OAuth 2.0 and the Google My Business API based on the permissions you grant:

  • Authentication Data: Google user ID, OAuth access tokens, and refresh tokens required to maintain the connection
  • Business Profile Data: Business name, location ID, address, phone number, website URL, and current hours settings (regular hours and special hours)
  • Account Information: Basic profile information associated with your Google account

We do not receive any data from Google that you have not explicitly authorized through Google OAuth consent dialogs. Conecta allows tax professionals to connect their Google Business Profile in order to manage and update business hours and special hours directly from our platform. The business.manage scope is required to see, edit, create and delete your Google business listings. Conecta does not access personal Google account data and does not use this data for advertising or analytics.

2.6 Zoom Services Data

When you connect a Zoom account to Conecta, we receive data from Zoom via OAuth 2.0 and the Zoom Meeting API based on the permissions you grant:

  • Authentication Data: Zoom account ID, OAuth access tokens, and refresh tokens required to maintain the connection
  • Meeting Data: Meeting ID, join URL, start URL, and passcode for meetings created through Conecta appointments. We store only these meeting identifiers to display them in booking details and send them to clients
  • Account Information: Basic account information associated with your Zoom account

We do not access or store meeting content, recordings, or any other meeting data beyond the meeting identifiers listed above. We do not receive any data from Zoom that you have not explicitly authorized through Zoom OAuth consent dialogs.

3. How We Use Your Information

  • Provide and maintain the Conecta platform
  • Process tax returns and financial documents securely
  • Enable client communication and workflow automation
  • Process payments and manage subscriptions
  • Provide customer support and technical assistance
  • Improve our services through analytics and user feedback
  • Comply with legal obligations and tax regulations
  • Send important service updates and notifications
  • Authenticate your identity and connect Facebook accounts using Facebook Login
  • Manage Facebook Pages on your behalf, including responding to messages and comments, and publishing or scheduling posts you request
  • Display insights, engagement metrics, and inbox activity retrieved from Facebook so your team can take action inside Conecta
  • Connect Google accounts using Google OAuth to enable calendar functionality
  • See availability and create, read, update, and delete calendar events in your Google Calendar to manage appointments, meetings, and client schedules
  • Connect Zoom accounts using Zoom OAuth to enable automatic meeting creation for appointments
  • Create, update, and optionally delete Zoom meetings when users manage appointments inside our app
  • Store meeting identifiers (meeting ID, join URL, start URL, passcode) to display in booking details and send to clients

4. Information Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, trade, or rent your personal information to third parties for marketing purposes.

4.2 Third-Party Service Providers

We share information with trusted third-party providers who assist us in operating our platform:

  • Firebase (Google): Authentication and security services
  • Google Calendar API: Calendar management, including seeing availability and managing events
  • Zoom Meeting API: Meeting creation, update, and deletion for appointments scheduled through Conecta
  • Neon: Secure database hosting with encryption
  • AWS: Document storage, cloud infrastructure, and mass email delivery via SES
  • n8n: Workflow automation and integrations
  • Payment Processors: Secure payment processing
  • Meta Platforms (Facebook): Facebook Login, Page management, messaging, publishing, analytics, and related Graph API services
  • Marketing Analytics: Google Analytics, LinkedIn Pixel, Facebook Pixel

4.3 Data Processors Outside the United States

Some third-party providers (including Meta Platforms and Google) may process data outside of the United States. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses, before transferring personal information internationally.

4.4 Legal Requirements

We may disclose information when required by law, court order, or to protect our rights and the safety of our users.

5. Data Security

We implement enterprise-grade security measures to protect your sensitive information:

  • Encryption: All data is encrypted in transit and at rest using industry-standard protocols
  • Authentication: Firebase Authentication with multi-factor authentication support
  • Access Controls: Organization-scoped data isolation and role-based permissions
  • Infrastructure: Secure cloud hosting with AWS and Neon
  • Compliance: We follow IRS Publication 4557 guidelines for tax professional data security
  • Monitoring: Continuous security monitoring and regular security audits

6. Your Rights (CCPA Compliance)

As a California resident or user, you have the following rights:

  • Right to Know: Request information about what personal data we collect and how we use it
  • Right to Delete: Request deletion of your personal information (subject to legal and business requirements)
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@holaconecta.com.

7. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Active Accounts: Data is retained while your account is active
  • Account Termination: Data is retained for 6 months after account termination, unless you request earlier deletion
  • Legal Requirements: Some data may be retained longer to comply with tax and legal obligations
  • Deletion Requests: You can request deletion of your data at any time

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for authentication and security
  • Analytics Cookies: Google Analytics for usage insights
  • Marketing Pixels: LinkedIn and Facebook pixels for marketing analytics

You can control cookie settings through your browser preferences.

9. Children's Privacy

Conecta is designed for tax professionals and businesses. We do not knowingly collect personal information from children under 13 years of age.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. Facebook Permissions and User Controls

When you connect Facebook to Conecta, you grant us access to specific permissions such as pages_manage_posts, pages_manage_engagement, pages_messaging, pages_read_engagement, pages_read_user_content, business_management, read_insights, email, and public_profile. We only use these permissions to deliver the requested features within Conecta.

  • Revoking Access: You can revoke Conecta’s access at any time from your Facebook account settings by navigating to Settings > Business Integrations or Settings > Apps and Websites.
  • In-App Controls: Conecta administrators can remove connected Facebook Pages, regenerate tokens, and limit which team members have access to Page data.
  • Audit Trail: We log actions performed on your behalf (messages sent, posts scheduled, comments replied to) so you can review account activity.

12. Facebook Data Retention and Deletion

We retain Facebook-derived data only as long as needed to provide the services you request or as required by law. When you disconnect Facebook or request deletion:

  • Page access tokens are revoked immediately and removed from our systems within 48 hours
  • Cached Page conversations, comments, and insights are deleted within 30 days unless you request earlier removal
  • Scheduled posts and engagement history associated with disconnected Pages are anonymized or deleted according to your instructions

You can initiate deletion by contacting privacy@holaconecta.com. We will confirm completion within 7 business days.

13. Google Permissions and User Controls

When you connect Google to Conecta, you grant access to specific OAuth scopes so Conecta can provide booking and calendar functionality you enable. These scopes may include:

  • Availability (Free/Busy): https://www.googleapis.com/auth/calendar.events.freebusy — Used to check availability (busy time ranges) to prevent double-booking during appointment booking.
  • Calendar Events: https://www.googleapis.com/auth/calendar.events — Used to create, update, and delete calendar events related to appointments scheduled through Conecta (including rescheduling and cancellation).
  • Business Profile Management: https://www.googleapis.com/auth/business.manage — Used only when you connect Google Business Profile to manage listings and actions you request through Conecta.
  • Revoking Access: You can revoke Conecta's access at any time in your Google Account under Security > Third-party apps with account access, or by disconnecting Google inside Conecta.
  • In-App Controls: Workspace admins can control which team members can use Google-connected features through Conecta's role-based controls.
  • Audit Trail: We log key connection and calendar actions (for example: connected/disconnected, appointment created/updated/deleted) so you can review activity.

Conecta's use of Google information is subject to the Google API Services User Data Policy, including the Limited Use requirements.

14. Google Data Retention and Deletion

We retain Google-derived data only as needed to provide the features you enable and for legitimate business purposes (such as security, troubleshooting, and audit logs), unless a longer period is required by law. When you disconnect Google or request deletion:

  • OAuth access tokens are revoked promptly and removed from our systems within 48 hours.
  • Cached scheduling data (such as free/busy availability results) and appointment metadata stored by Conecta (such as calendar ID and event ID for appointments created through Conecta) are deleted within 30 days unless you request earlier removal.

You can initiate deletion by contacting support@holaconecta.com. We will confirm completion within 7 business days.

15. Google Business Profile Permissions and User Controls

When you connect Google Business Profile to Conecta, you grant us access to the https://www.googleapis.com/auth/business.manage OAuth scope. We only use this permission to deliver the requested features within Conecta.

  • Business Profile Management: Conecta uses this scope to see, edit, create and delete your Google business listings at your explicit request. This includes reading business metadata (name, location ID, hours) and updating regular hours and special hours when you request changes through our platform.
  • Data Storage: OAuth tokens and business profile metadata are stored securely on our servers, encrypted at rest. We do not access or store personal Google account data beyond what is necessary for business profile management, and we do not share any Google Business Profile data with third parties.
  • Revoking Access: You can revoke Conecta's access at any time from your Google account settings by navigating to Security > Third-party apps with account access, or by visiting myaccount.google.com/permissions.
  • In-App Controls: Conecta administrators can disconnect Google Business Profile accounts, regenerate tokens, and limit which team members have access to business profile functionality.
  • Audit Trail: We log actions performed on your behalf (business hours updated, profile changes made) so you can review account activity.

16. Google Business Profile Data Retention and Deletion

We retain Google Business Profile-derived data only as long as needed to provide the services you request or as required by law. When you disconnect Google Business Profile or request deletion:

  • OAuth access tokens are revoked immediately and removed from our systems within 48 hours
  • Cached business profile data and metadata are deleted within 30 days unless you request earlier removal
  • Business hours update records and logs are retained for compliance and audit purposes but do not include sensitive business data beyond what is necessary for service delivery
  • No personal Google account data is stored in our systems beyond what is necessary for business profile management

You can initiate deletion by contacting privacy@holaconecta.com. We will confirm completion within 7 business days.

17. Zoom Permissions and User Controls

When you connect Zoom to Conecta, you grant us access to specific OAuth scopes to create, update, and optionally delete Zoom meetings when users manage appointments inside our app. We only use these permissions to deliver the requested features within Conecta.

  • Meeting Management: Conecta uses Zoom meeting scopes to automatically create Zoom meetings when you schedule appointments. For each meeting, we store only the meeting ID, join URL, start URL, and passcode so we can display them in booking details and send them to clients.
  • Data Storage: OAuth tokens and meeting metadata are stored securely on our servers, encrypted at rest. We do not access or store meeting content or recordings, and we do not share any Zoom data with third parties.
  • Revoking Access: You can revoke Conecta's access at any time from your Zoom account settings or by disconnecting the integration in Conecta Settings → Integrations.
  • In-App Controls: Conecta administrators can disconnect Zoom accounts and limit which team members have access to Zoom meeting functionality.
  • Audit Trail: We log actions performed on your behalf (meetings created/updated/deleted) so you can review account activity.

16. Zoom Data Retention and Deletion

We retain Zoom-derived data only as long as needed to provide the services you request or as required by law. When you disconnect Zoom or request deletion:

  • OAuth access tokens are revoked immediately and removed from our systems within 48 hours
  • Stored meeting identifiers (meeting ID, join URL, start URL, passcode) are deleted within 30 days unless you request earlier removal
  • Meeting metadata is anonymized or deleted according to your instructions
  • No meeting content or recordings are stored in our systems

You can initiate deletion by contacting privacy@holaconecta.com. We will confirm completion within 7 business days.

19. Contact Information

If you have any questions about this Privacy Policy, Facebook, Google, or Zoom data handling, or our data practices, please contact us:

  • Email: privacy@holaconecta.com
  • Address: Financial Frontera LLC, 601 E Palomar Ste #554, Chula Vista, CA, 91911
  • Phone: (619) 630-5109