Legal

Privacy Policy

Last updated: 15 May 2026 · Applies to vigilcfo.com

Short version: Vigil reads your QuickBooks data to answer your financial questions. We store only what's needed to do that job. We never sell your data, never share it with advertisers, and you can delete everything at any time.

1. Who we are

Vigil is a product of Well Drilled Inc (“we”, “our”, “us”). For questions about this policy, contact [email protected].

2. What data we collect

Vigil collects only the minimum data required to deliver your financial briefings:

QuickBooks accounting data — invoices, bills, customer balances, bank feeds, and service rates. We access this with read-only OAuth tokens; Vigil never writes to your books.
API keys — stored as SHA-256 hashes only; the raw key is shown once and never retained on our servers.
Telegram chat ID — used to route briefings to your device. We store only the numeric ID, not your name or phone number.
Interaction logs — tool calls, timestamps, and anonymised request metadata for debugging and improving Vigil. These logs do not contain the content of your financial data.

We do not collect your name, email address, or any payment information (Vigil is free during beta).

3. How we use your data

Answering your financial questions via the Vigil AI tools.
Sending your daily briefing to your Telegram account.
Detecting service anomalies and improving accuracy over time.

Your financial data is passed to Anthropic’s Claude API to generate plain-English insights. Anthropic processes this data under their API terms and do not use it to train their models. See anthropic.com/privacy.

4. Data retention

QuickBooks access tokens — active while your connection is live; revoked immediately when you disconnect or request deletion.
API keys (hashed) — retained until revoked by you, or until you delete your data.
Interaction logs — retained for 90 days, then automatically purged.
Demo data — entirely synthetic; contains no real business information.

5. Data sharing

We do not sell, rent, or share your data with third parties for marketing purposes. Data is shared only with:

Anthropic — to generate AI-powered insights (see §3 above).
Intuit / QuickBooks — we read from their APIs; they process data under their own privacy policy.
Infrastructure providers — hosting and database services operating under strict data-processing agreements.

6. Your rights & deletion

You can request complete deletion of your data at any time. This revokes all API keys, disconnects QuickBooks, and erases all associated records within 72 hours.

Via Telegram: Send /delete_my_data to the Vigil bot.
Via email: [email protected] — include the email or Telegram handle associated with your account.

7. Security

All connections use TLS. API keys are hashed (SHA-256) before storage — even we cannot retrieve your raw key. QuickBooks access tokens are stored encrypted at rest. Vigil runs behind Cloudflare and does not expose any database ports to the public internet.

8. Children’s privacy

Vigil is a business finance tool intended for adults operating commercial entities. We do not knowingly collect data from anyone under the age of 18.

9. Changes to this policy

If we make material changes, we will update the date at the top of this page. Continued use of Vigil after changes constitutes acceptance of the updated policy.

10. Contact

Questions or concerns? Email [email protected]. We aim to respond within 2 business days.