Cobenian Steward

Privacy Policy

Last updated: May 25, 2026

Cobenian Corporation ("Company," "we," "us"), a Virginia corporation, operates the Steward application ("Service"). This Privacy Policy explains how we collect, use, and protect your information.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile image from your Google or Microsoft account through OAuth authentication.

Email Metadata

We access email metadata from your connected email accounts, including: sender and recipient addresses, subject lines, timestamps, thread identifiers, and attachment presence indicators. We never access, request, or store the body content of your incoming or outgoing email.

Calendar Data

We access calendar event data including event titles, descriptions, times, locations, and attendee lists from your connected Google or Microsoft calendar.

Financial and Time-Tracking Data

If you connect QuickBooks, we access customer records, invoice data (amounts, dates, statuses), and estimate data. If you connect Harvest, we access time entries, projects, and client records. We use this data solely to provide the Service.

SMS / Text Messaging Data

If you link a mobile number to your account or your organization provisions an SMS-enabled phone number through us, we collect and store:

  • Mobile phone numbers in E.164 format, for users and for recipients you communicate with through the Service
  • The content of SMS messages sent and received through the Service (encrypted at rest)
  • Delivery metadata: timestamps, direction, delivery status, segment counts, and carrier message identifiers
  • Opt-in and opt-out proof records, including timestamp, source, and user-agent string, retained as compliance evidence under the TCPA and the carrier rules of the U.S. wireless industry (10DLC / A2P)

Voice Call Data

If your organization provisions a voice-enabled phone number through us, we collect and store:

  • Caller and callee phone numbers, timestamps, call duration, and per-call cost data
  • Call transcripts (encrypted at rest), produced either in real time during a live call or asynchronously from a voicemail
  • Voice recordings only if your organization's administrator explicitly opts in to recording retention; otherwise, audio is processed for transcription and then discarded immediately. Retention windows are configurable per organization

Chat / Conversation Data

If you connect Slack or Microsoft Teams, we store the conversation threads in which you interact with the Service, including the messages you send to it and the messages it sends back, channel and thread identifiers, and pointers to business entities (clients, hypotheses, actions) referenced in those conversations.

Usage Data

We collect standard server logs including IP addresses, browser type, pages visited, and timestamps for the purpose of operating and improving the Service.

2. How We Use Your Information

We use your information solely to provide and operate the Service, including:

  • Computing communication baselines and detecting business stewards
  • Generating items, suggested clients, and inferred deadlines
  • Sending you transactional notifications (digests, alerts, weekly summaries) via the channels you have connected (email, SMS, Slack, Teams)
  • Sending outbound communications you authorize the Service to send on your behalf to your business contacts
  • Authenticating your identity and managing your account
  • Diagnosing technical issues and improving the Service

3. AI Processing

The Service uses third-party AI providers (Anthropic's Claude API and, for real-time voice interactions, OpenAI's Realtime API) to classify communications, generate natural-language summaries and drafts, and power conversational interactions. The following content categories are transmitted to AI providers as needed to operate the Service:

  • Email subject lines, calendar event titles, and other email metadata fields
  • SMS message bodies that you send to the Service or that the Service sends on your behalf
  • Voice call audio and transcripts during a live interaction
  • Chat conversation content from Slack, Teams, and the in-app assistant

Email body content is never transmitted to any AI provider. Our AI providers process this data under contractual data-protection terms and do not train their public models on it.

4. Information We Do NOT Collect or Share

  • We do not read, access, or store email body content
  • We do not sell your data to third parties
  • We do not share your data with third parties for their marketing purposes
  • We do not use your data for advertising
  • We do not share your data with other users or accounts
  • We do not share mobile phone numbers, SMS opt-in records, or any text-messaging consent data with third parties or affiliates for marketing purposes, and we do not sell, rent, lease, or otherwise transfer mobile numbers to any third party for their own use. Mobile numbers are disclosed only to the carrier and messaging vendors (e.g., Twilio) strictly to deliver the messages you or your organization authorize.

5. Mobile Messaging Terms

Where the Service sends SMS, MMS, or voice messages to a mobile number on your or your organization's behalf, the following terms apply:

  • Message frequency. Message frequency varies based on your account activity and the notifications you have enabled. A typical Steward user receives no more than approximately 5–10 messages per week from the Service; users who actively converse with the assistant by text may receive more. Per-user delivery is rate-limited to prevent runaway loops.
  • Message and data rates may apply. Your wireless carrier may charge you for sending or receiving text messages and for data used in voice or messaging features. We are not responsible for any such charges.
  • Opting out. You may opt out of further SMS messages from the Service at any time by replying STOP to any message we send you. Reply HELP for assistance. Opting out of one Service number does not affect any other text-messaging relationships you have.
  • Supported carriers and availability. The Service uses U.S.-registered 10DLC numbers; message delivery depends on your wireless carrier and is not guaranteed. Carriers are not liable for delayed or undelivered messages.
  • Recipient consent. If you use the Service to text your own business contacts, you are responsible for obtaining and maintaining their consent to be contacted by text on your behalf. See our End User License Agreement for details.

6. Data Sharing

We do not sell or share your personal information except in the following limited circumstances:

  • Service providers: We use third-party services to operate the Service, including cloud hosting and object storage, transactional email delivery, AI providers (Anthropic, OpenAI), messaging carriers (Twilio for SMS and voice), and chat-platform APIs (Slack, Microsoft Teams). These providers process data only on our behalf and are bound by contractual obligations to protect your data.
  • Legal requirements: We may disclose information if required by applicable law, regulation, legal process, or governmental request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you of any such change.

7. Data Security

We implement reasonable security measures to protect your data, including:

  • Encryption of OAuth tokens at rest using AES-GCM encryption
  • Encryption at rest of SMS message bodies, voice call transcripts, and any retained voice recordings
  • HTTPS encryption for all data in transit
  • Webhook signature verification for all inbound provider callbacks
  • Account-scoped data isolation (no cross-account data access)
  • Rate limiting on authentication and messaging endpoints

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Retention

We retain your data for as long as your account is active. Upon account deletion or subscription cancellation, we will retain your data for 30 days to allow for account recovery, after which all data associated with your account will be permanently deleted.

Voice call audio recordings are not retained by default; they are processed for transcription and discarded immediately. Where your organization's administrator has opted in to recording retention, the retention window is set in your organization's settings. SMS opt-in and opt-out proof records are retained for the period required by applicable law and carrier rules, even after the underlying account is deleted.

9. Your Rights

You have the right to:

  • Access: Request a copy of the data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data and account
  • Portability: Request your data in a machine-readable format
  • Disconnect: Revoke access to connected services at any time through the Service settings or through the third-party provider directly
  • Opt out of SMS: Reply STOP to any text message we send you, or unlink your mobile number in the Service settings

To exercise these rights, contact us at info@cobenian.com.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect information from minors. If we learn that we have collected data from a minor, we will delete it promptly.

11. International Data

The Service is operated from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. The Service's SMS and voice features use U.S.-registered phone numbers and are designed for use in the United States.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact

For questions or concerns about this Privacy Policy, contact us at:

Cobenian Corporation
Email: info@cobenian.com