liminos
Legal

Privacy Policy

Last updated · June 22, 2026Effective · June 22, 2026

This Policy explains how liminos.ai collects, uses, and protects information when you use the Service. We aim to describe our actual practices in plain language; if anything is unclear, contact us at hello@liminos.ai.

01Overview

This Privacy Policy explains how liminos.ai (“liminos.ai”, “we”, “us”, or “our”) collects, uses, shares, and protects information when you use the liminos.ai website, dashboard, and integration service (the “Service”). It should be read together with our Terms of Service.

liminos.ai is a multi-tenant integration and automation layer for accounting firms that use Karbon. Much of the data we process is data from your own Karbon workspace and the other tools you connect. For that data, you are the controller and we act as your processor, handling the data on your behalf and under your instructions. For your account and billing information, we act as a controller. The Service is currently offered as an invite-only beta to accounting firms in the United States.

02What we collect

Account & identity

When you sign in through a supported identity provider (Google or Microsoft), we receive and store your email address, name, and a stable identifier for your account with that provider, and we may store provider tokens used to authenticate you. We also store your organization (firm) details, your role and membership within that organization, and invitations you send or receive.

Connection credentials

When you connect a Karbon workspace, we store the credentials and tokens needed to call Karbon on your behalf (such as your Karbon bearer token and access key), along with connection metadata like the workspace label and tenant identifier. When you connect Zapier, we store the API key that scopes access to a specific Karbon connection.

Firm & client data from connected services

To run your automations, the Service reads and writes data in your connected workspaces. This can include Karbon records such as organizations, contacts, work items, users, client groups, templates, payments, and webhook events. This data may include personal information about your firm’s staff and clients. We process it to operate the automations you configure; we do not use it for our own purposes.

Billing & usage

We store your prepaid credit balance, a usage ledger of billable actions, auto-top-up settings, your billing address, and a payment-processor customer identifier. Payment-card details are collected and stored by Stripe, not by us.

Waitlist & invitations

If you join our waitlist or are invited to the beta, we store your email address and any name, firm, country, and email domain you provide, along with your invitation status.

Logs & audit records

We keep operational logs and an audit trail of significant actions (for example, who changed a setting or ran a job, and when) to operate, secure, and support the Service.

03How we use data

We use the information described above to:

  • provide and operate the Service, including running the automations and integrations you configure;
  • authenticate you and maintain the security and tenant isolation of your account;
  • calculate and charge for usage, process payments, and manage credits and auto top-up;
  • send transactional messages such as welcome emails, invitations, and account or billing notices;
  • provide support, diagnose problems, and maintain audit and security logs; and
  • maintain, improve, and develop the Service, and comply with our legal obligations.

We do not sell your data, and we do not use the firm and client data in your connected workspaces to train machine-learning models or for advertising.

04Connected services

The core function of the Service is to move data between systems you choose to connect. When you create a connection, data flows according to the automations you configure:

  • Karbon. We read from and write to your Karbon workspace using the credentials you provide. All Karbon access is made through our server-side client on your behalf.
  • Zapier. If you connect Zapier, we expose selected Karbon triggers, searches, and actions to your Zaps using a scoped API key, so data can flow between Karbon and the other apps in your Zaps.

Data sent to or received from a connected service is handled under that service’s own terms and privacy policy. You are responsible for the connections you enable and for confirming you have the authority to share the data that flows through them.

05Sharing & disclosure

We do not sell your personal information. We share data only as needed to operate the Service, with the categories of recipients below:

Subprocessors

We use the following third-party providers to deliver the Service:

  • Karbon — the accounting practice-management platform the Service integrates with.
  • Stripe — payment processing and billing.
  • Amazon Web Services (Amazon SES) — delivery of transactional email.
  • Google and Microsoft — sign-in / identity (only the providers you choose to authenticate with).
  • Cloudflare — DNS, content delivery, and edge network and hosting for our website.
  • Zapier — integration platform, where you choose to connect it.

We also rely on cloud hosting and database infrastructure to run the Service. We require our subprocessors to protect the data they handle on our behalf.

Legal & protective disclosure

We may disclose information if required by law or legal process, or where we reasonably believe disclosure is necessary to protect the rights, safety, or security of liminos.ai, our customers, or the public. If we are involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.

06Retention

We retain personal information for as long as your account is active and for as long as needed to provide the Service. Specifically:

  • Account & connection data is retained while your account and connections are active and deleted or de-identified after closure, subject to the exceptions below.
  • Connection credentials are removed when you disconnect a workspace or close your account.
  • Billing records and audit logs are retained as long as needed for accounting, security, dispute-resolution, and legal-compliance purposes, which may extend beyond account closure.
  • Waitlist data is retained until you ask us to remove it or it is no longer needed.

When data is no longer required, we delete it or de-identify it. Backups are purged on a rolling basis as part of normal operations.

07Security

We use technical and organizational measures designed to protect your information, including:

  • Encryption of secrets at rest. Connection credentials such as Karbon tokens and access keys are encrypted at rest before they are stored.
  • Tenant isolation. Data is scoped to your organization, and access is enforced on every request so that one customer cannot access another customer’s data.
  • Controlled access. Access to production systems is limited to authorized personnel who need it to operate and support the Service.
  • Audit logging. Significant actions are recorded so activity can be reviewed.
  • Encrypted transport and sessions. Traffic is served over encrypted connections, and session cookies are encrypted.

No method of transmission or storage is completely secure, and the Service is in beta. We cannot guarantee absolute security, but we work to protect your information and to address issues promptly. If you discover a security concern, please contact us.

08Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal information, or to object to or restrict certain processing. You can update much of your account information directly in the dashboard. For other requests, contact us using the details below and we will respond as required by applicable law.

Where we process firm and client data on your behalf as a processor, we will assist you, as the controller, in responding to requests from your own staff and clients. Requests regarding that data should generally be directed to the firm that controls it.

09Cookies & tracking

We use cookies and similar technologies that are necessary to operate the Service — for example, to keep you signed in and to maintain a secure session. These are required for the dashboard to function.

We do not use advertising cookies. You can control cookies through your browser settings, but disabling necessary cookies may prevent you from signing in or using parts of the Service.

10Changes & contact

We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you through the Service or by email. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

Questions about this Policy or your data? Contact us at hello@liminos.ai. A formal legal entity name and mailing address for privacy notices will be confirmed at general availability.