Privacy Policy

CrewCFO ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application that integrates with QuickBooks Online.

By using our service, you agree to the collection and use of information in accordance with this policy. Please also review Intuit's Privacy Statement and QuickBooks' privacy policies.

1. Information We Collect

1.1 QuickBooks Account Information

When you connect your QuickBooks Online account, we collect:

• Company name and QuickBooks Company ID (Realm ID)
• OAuth access tokens and refresh tokens
• Account connection status and permissions

1.2 Financial Data from QuickBooks

Through the QuickBooks API, we access and process:

• Transaction data (invoices, bills, payments, expenses)
• Financial reports and reconciliation data
• Customer and vendor information
• Chart of accounts and account balances
• Other financial data necessary for app functionality

1.3 User Contact Information

• Email address
• Name (first and last)
• Company or firm information

1.4 Usage Data and Analytics

• Log data (IP address, browser type, pages visited)
• Device information
• Usage patterns and feature interactions
• Performance data and error reports

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 To Provide App Functionality

• Sync and process QuickBooks financial data
• Generate reports and reconciliation summaries
• Maintain OAuth connection with QuickBooks
• Store and retrieve your data securely

2.2 To Improve Our Services

• Analyze usage patterns to enhance features
• Identify and fix technical issues
• Develop new functionality
• Optimize performance and user experience

2.3 For Customer Support

• Respond to your inquiries and support requests
• Troubleshoot technical problems
• Provide updates about service changes

2.4 For Security and Fraud Prevention

• Protect against unauthorized access
• Detect and prevent security threats
• Comply with legal obligations
• Enforce our Terms of Service

3. Data Storage and Security

3.1 Where Data is Stored

Your data is stored securely using Supabase cloud infrastructure. We use industry-standard cloud infrastructure with multiple redundancy and backup systems.

3.2 Encryption Methods

• Data in Transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL protocols
• Data at Rest: QuickBooks OAuth tokens are encrypted using AES-256 encryption before storage
• Access Tokens: OAuth access and refresh tokens are encrypted with session-based keys and random initialization vectors

3.3 Security Measures

• Row-level security (RLS) policies restrict data access
• Regular security audits and vulnerability assessments
• Automated token refresh to maintain secure connections
• Audit logging of all token access attempts
• Secure OAuth 2.0 implementation following Intuit's best practices

3.4 Data Retention

We retain your data for as long as your account is active or as needed to provide services. When you disconnect your QuickBooks integration or delete your account, we will delete or anonymize your data within 30 days, except where we are required to retain it for legal or regulatory purposes.

4. Third-Party Services

4.1 QuickBooks Online Integration

Our app integrates with QuickBooks Online through Intuit's official API. Your QuickBooks data is subject to Intuit's Privacy Policy. We only access data that you explicitly authorize through OAuth consent.

4.2 Analytics Services

We may use third-party analytics services to understand how users interact with our app. These services may collect information about your usage patterns.

4.3 Hosting Providers

Our application is hosted on Supabase and DigitalOcean. These providers have access to your data only to perform services on our behalf and are obligated not to disclose or use it for other purposes.

5. Your Rights

You have the following rights regarding your personal data:

5.1 Right to Access

You can request a copy of the personal data we hold about you. Contact us at privacy@crewcfo.com to request your data.

5.2 Right to Request Data Deletion

You can request deletion of your personal data at any time. We will delete your data within 30 days, subject to legal retention requirements.

5.3 Right to Disconnect QuickBooks Integration

You can disconnect your QuickBooks integration at any time through your account settings or by revoking access in your QuickBooks account. This will stop all data synchronization immediately.

5.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@crewcfo.com. We will respond to your request within 30 days.

6. Compliance

6.1 GDPR Compliance (for EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to data portability
• Right to object to processing
• Right to restrict processing
• Right to lodge a complaint with a supervisory authority

Our legal basis for processing your data is your consent when you connect your QuickBooks account and accept our Terms of Service.

6.2 CCPA Compliance (for California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to deletion of personal information
• Right to non-discrimination for exercising your rights

6.3 Intuit Data Handling Requirements

We comply with Intuit's API Terms of Service and data handling requirements, including:

• Secure storage of OAuth tokens
• Proper encryption of sensitive data
• Limited data retention policies
• Transparent privacy practices

7. Children's Privacy

Our service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

9. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

How You Will Be Notified:

• We will post the updated policy on this page with a new "Last Updated" date
• For material changes, we will send an email notification to your registered email address
• Continued use of the service after changes constitutes acceptance of the updated policy

10. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: