Legal

Privacy Policy

Effective Date: 5/30/2026

Last Updated: 5/30/2026

This Privacy Policy explains how VinePath, Inc. (“VinePath,” “we,” “us,” or “our”) collects, uses, discloses, and protects information in connection with our websites, products, and services, including DeskPath, our client-work management product for professional-service firms.

This Privacy Policy applies to:

  • the VinePath website, including vinepath.ai;
  • any DeskPath-related pages or applications operated by VinePath;
  • any websites that redirect to or are operated by VinePath, including deskpath.com and deskpath.ai, if applicable; and
  • our related software, integrations, communications, and services.

For purposes of this Privacy Policy, “Services” means VinePath websites, DeskPath, and related products and services.

If you use DeskPath on behalf of an organization, such as a CPA firm, accounting firm, legal practice, wealth advisory firm, or other professional-service business, your organization may separately control certain information submitted to the Services. In that case, we process that information on behalf of your organization.

1. Information We Collect

We collect information in the following ways.

1.1 Information you provide to us

We may collect information you provide directly, including:

  • name;
  • business email address;
  • phone number;
  • company or firm name;
  • job title or role;
  • billing and subscription information;
  • demo requests, support requests, and messages you send us;
  • information submitted through forms on our website;
  • account login information;
  • preferences and settings;
  • feedback, survey responses, or product research responses.

1.2 Information submitted through DeskPath

DeskPath is designed to help professional-service firms manage client work, deadlines, blockers, handoffs, and follow-ups.

Depending on how your organization configures DeskPath, the Services may process information such as:

  • client names or client identifiers;
  • engagement names or project names;
  • task names and task descriptions;
  • due dates;
  • workflow stages;
  • owners, assignees, reviewers, and team members;
  • status updates;
  • notes, comments, and internal communications;
  • blocker descriptions;
  • documents, links, or references that users choose to add;
  • data imported from connected systems.

For CPA and accounting firms, this may include information related to client service workflows. DeskPath is intended to track work status and workflow information, not to serve as a tax return storage system, document vault, or full client portal unless we expressly provide those features.

We encourage users to avoid uploading unnecessary sensitive personal information, such as Social Security numbers, full tax returns, government identification numbers, bank credentials, payment card numbers, health information, or other highly sensitive information unless your organization has determined that doing so is necessary and appropriate for your use of the Services.

1.3 Information from Google Workspace and Gmail integrations

DeskPath may allow users to connect Google Workspace accounts, including Gmail, through Google APIs. We only access Google user data after a user or authorized administrator grants permission through Google’s OAuth consent process.

Depending on the features enabled and permissions granted, DeskPath may access, process, or store limited Google Workspace or Gmail information, which may include:

  • Google account identifiers, such as name, email address, and profile information;
  • Gmail message identifiers and thread identifiers;
  • email headers and metadata, such as sender, recipient, subject line, labels, and timestamps;
  • email snippets, message bodies, and attachments, if the user authorizes features that require this access;
  • draft, sent, or composed email content, if the user authorizes features that create drafts, send messages, or assist with email follow-up;
  • related Google Workspace data needed to connect emails to DeskPath workflows.

DeskPath uses Gmail data only to provide or improve user-facing DeskPath features, such as:

  • connecting relevant emails to client-work records;
  • identifying client follow-ups, missing items, blockers, or next steps;
  • helping users create, update, or manage DeskPath tasks;
  • displaying email context in DeskPath so users can understand workflow status;
  • generating summaries, suggested next actions, or draft responses at the user’s direction;
  • helping users manage client-work communication and follow-up workflows;
  • maintaining links or references between DeskPath records and source emails.

DeskPath does not access Gmail data for unrelated purposes.

1.4 Google API Limited Use disclosure

VinePath’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In particular, we do not:

  • sell Google user data;
  • use Google user data for advertising, retargeting, personalized ads, or interest-based advertising;
  • transfer Google user data to advertising platforms, data brokers, or information resellers;
  • use Google user data to determine creditworthiness or for lending purposes;
  • use Google Workspace or Gmail data to train, improve, or develop generalized artificial intelligence or machine learning models;
  • allow humans to read Google user data except where the user has affirmatively agreed, where necessary for security or abuse investigation, where required by law, or where data is aggregated and used for internal operations in accordance with applicable law;
  • access Google user data for surveillance or any purpose unrelated to user-facing DeskPath features.

If DeskPath uses artificial intelligence features, Google Workspace or Gmail data is used only to provide or improve user-facing DeskPath functionality that the user or organization has enabled. We do not use Google Workspace or Gmail data to train generalized AI or machine-learning models.

1.5 Information collected automatically

When you visit our website or use the Services, we may automatically collect:

  • IP address;
  • browser type;
  • device type;
  • operating system;
  • referring URL;
  • pages viewed;
  • links clicked;
  • session information;
  • approximate location based on IP address;
  • log data;
  • product usage events;
  • diagnostic and performance data.

We use this information to operate, secure, improve, and troubleshoot the Services.

1.6 Cookies and similar technologies

We may use cookies, pixels, local storage, and similar technologies to:

  • keep users signed in;
  • remember preferences;
  • understand site traffic and usage;
  • measure marketing performance;
  • improve website functionality;
  • detect and prevent fraud or abuse.

You can control cookies through your browser settings. Some features may not work properly if cookies are disabled.

2. How We Use Information

We use information to:

  • provide, operate, and maintain the Services;
  • create and manage accounts;
  • provide DeskPath functionality;
  • connect and maintain third-party integrations authorized by users;
  • process Gmail and Google Workspace data as described above;
  • support client-work tracking, workflow management, task creation, summaries, and follow-ups;
  • provide onboarding, support, and customer success;
  • respond to inquiries and demo requests;
  • send service-related communications;
  • send product updates, marketing communications, and educational content, where permitted;
  • improve our website, products, and services;
  • develop new user-facing features;
  • monitor performance and troubleshoot issues;
  • protect against fraud, misuse, security incidents, and unauthorized access;
  • comply with legal obligations;
  • enforce our agreements and policies.

We do not use Google Workspace or Gmail data for advertising or for generalized AI model training.

3. How We Share Information

We may share information in the following circumstances.

3.1 With service providers

We may share information with vendors and service providers that help us operate the Services, such as:

  • cloud hosting providers;
  • database and infrastructure providers;
  • authentication providers;
  • analytics providers;
  • customer support tools;
  • email and communications providers;
  • payment processors;
  • security and monitoring providers;
  • AI service providers used to provide user-facing DeskPath features.

These service providers may process information only as needed to provide services to us and are not permitted to use information for their own unrelated purposes.

If we use third-party AI service providers to process customer content, including Google Workspace or Gmail data, we use them only to provide user-facing DeskPath features and not to train generalized AI models.

3.2 Within your organization

If you use DeskPath through an organization, information you submit may be visible to other authorized users in that organization, such as administrators, owners, managers, reviewers, or assigned team members, depending on permissions and settings.

3.3 With connected third-party services

If you connect DeskPath to Google Workspace, Gmail, or another third-party service, we may exchange information with that service as necessary to provide the integration you authorize.

For example, if you connect Gmail, DeskPath may retrieve email information and display it in DeskPath, or create links between email threads and DeskPath tasks.

3.4 For legal and safety reasons

We may disclose information if we believe disclosure is necessary to:

  • comply with law, regulation, legal process, or governmental request;
  • protect the rights, property, or safety of VinePath, users, customers, or others;
  • investigate fraud, abuse, security incidents, or technical issues;
  • enforce our agreements and policies.

3.5 Business transfers

If VinePath is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to applicable law and contractual obligations.

Where Google user data is involved, we will handle such transfers in accordance with the Google API Services User Data Policy and applicable consent requirements.

3.6 Aggregated or de-identified information

We may use and share aggregated or de-identified information that does not reasonably identify an individual or customer for analytics, research, reporting, product improvement, or business purposes.

4. Data Retention

We retain information for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and maintain security.

Retention periods may vary based on:

  • the type of information;
  • customer account settings;
  • legal requirements;
  • contractual obligations;
  • operational needs;
  • whether the information is contained in backups or logs.

For Google Workspace and Gmail data, we retain information only as necessary to provide the authorized DeskPath features, maintain user-facing records, comply with legal obligations, resolve disputes, enforce agreements, or protect security.

Users or administrators may revoke Google access through their Google Account permissions or through DeskPath settings where available. After access is revoked, DeskPath will stop collecting new Google user data from that account, subject to technical and legal limitations. Previously stored information may remain in DeskPath records, backups, or logs for a limited period unless deleted in accordance with our deletion processes.

5. Data Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information from unauthorized access, use, loss, misuse, alteration, or disclosure.

These safeguards may include:

  • encryption in transit;
  • access controls;
  • authentication controls;
  • logging and monitoring;
  • least-privilege access practices;
  • vendor review;
  • internal security policies;
  • employee and contractor confidentiality obligations.

No system is perfectly secure. We cannot guarantee absolute security, but we work to protect information using commercially reasonable measures.

6. Customer Responsibilities

Customers and users are responsible for:

  • obtaining any necessary consents from their clients, employees, contractors, and other individuals;
  • ensuring they have the right to submit information to the Services;
  • configuring user permissions appropriately;
  • reviewing third-party integrations before enabling them;
  • using the Services in compliance with applicable professional, privacy, confidentiality, and data-protection obligations.

Professional-service firms, including CPA and accounting firms, may have special confidentiality obligations to their clients. Customers are responsible for determining whether their use of DeskPath is appropriate for their professional obligations.

7. Your Choices and Rights

Depending on where you live, you may have rights to:

  • access personal information;
  • correct personal information;
  • delete personal information;
  • object to or restrict certain processing;
  • request portability of personal information;
  • opt out of certain marketing communications;
  • withdraw consent where processing is based on consent.

To make a request, contact us at:

Email: privacy@vinepath.ai

We may need to verify your identity before fulfilling certain requests.

If your information is controlled by one of our customers, such as your employer or professional-service firm, we may direct your request to that customer.

8. Marketing Communications

You may opt out of marketing emails by using the unsubscribe link in the email or by contacting us.

Even if you opt out of marketing communications, we may still send transactional or service-related messages, such as account notices, security alerts, support responses, and billing notices.

9. International Users

VinePath is based in the United States. If you access the Services from outside the United States, your information may be processed in the United States or other countries where our service providers operate.

By using the Services, you understand that your information may be transferred to countries that may have different data-protection laws than your country.

10. Children’s Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.

If we learn that we have collected personal information from a child under 13 without appropriate consent, we will take steps to delete it.

11. Third-Party Websites and Services

The Services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of those third parties.

Your use of third-party services, including Google Workspace and Gmail, is governed by their own terms and privacy policies.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will provide notice as required by law, such as by updating the effective date, posting a notice on our website, or sending notice through the Services.

If we change how DeskPath uses Google user data in a material way, we will update this Privacy Policy and obtain any required consent before using Google user data for a new purpose.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

VinePath, Inc.
Email: privacy@vinepath.ai
Address: 16185 Los Gatos Blvd Suite 205, Los Gatos CA, 95032