Privacy Policy

Plain-English summary

• We connect to your QuickBooks Online company via OAuth and store a copy of your QBO financial data in our database to power reporting features.
• Your QuickBooks tokens are encrypted at rest with AES-256-GCM. We never share them with any third party except Intuit's own servers when refreshing access.
• We do not sell personal information as defined under applicable privacy law, and we do not use your data for advertising or targeted marketing.
• Your data is isolated from every other BooksNav customer via row-level security in our database.
• You can delete your account and all associated data at any time, directly from Settings.

1. What we collect

• Account information - name, email, organization name, and role within your organization. Managed by our authentication provider, Clerk.
• QuickBooks OAuth credentials - access token, refresh token, and your QBO realm ID, used solely to sync your data. Tokens are encrypted at rest with AES-256-GCM and never exposed to JavaScript in your browser.
• QuickBooks company data - transactions, customers, vendors, items, accounts, classes, departments, and related records synced from your QBO company. This is a copy of your existing QBO data, not data we generate.
• Usage logs- IP address, HTTP request paths, response status codes, timestamps, and browser user-agent. Retained by Google Cloud Run's logging infrastructure for security monitoring and debugging.
• Billing information - when you subscribe to a paid plan, our billing provider Paddle handles all payment information. BooksNav stores only your subscription status and a Paddle-issued customer identifier. We never receive or store your raw payment card number, CVV, or bank account number.

2. Why we collect it

We use the data we collect primarily to operate the BooksNav service - to sync your QuickBooks data, store it securely, surface it through our reporting features, and manage your subscription. We may also use aggregated and de-identified data, which cannot reasonably be used to identify you or your business, for purposes such as improving the Service, benchmarking, and product analytics. We share data with the subprocessors listed below, with any successor entity in a merger or acquisition, and as required by law or legal process.

3. We do not sell your data

We do not sell personal information as that term is defined under applicable privacy law (including the California Consumer Privacy Act). We do not rent or trade your personal information for marketing purposes.

4. Subprocessors

BooksNav relies on the following third-party services to operate. Each handles a specific function under their own privacy policy.

• Intuit (QuickBooks Online API) - source of your financial data. Intuit's privacy statement
• Clerk - authentication and organization management. Clerk's privacy policy
• Neon - PostgreSQL database hosting (your synced QBO data lives here). Neon's privacy policy
• Google Cloud Platform - application hosting (Cloud Run + Secret Manager + Cloud Logging). Google Cloud privacy notice
• Paddle - merchant of record for subscription billing, tax compliance, and payment processing. Paddle's privacy policy

5. Data security

• All data is transmitted over HTTPS with TLS 1.2 or higher.
• QuickBooks OAuth tokens are encrypted at rest with AES-256-GCM using a key stored in Google Cloud Secret Manager.
• Database row-level security is designed to prevent any BooksNav user from querying data belonging to another customer.
• Authentication tokens are managed by Clerk and stored as HTTP-only cookies under normal operation.
• We log all server-side requests for security monitoring and retain those logs for the period required by our hosting provider's default settings.

6. Data retention

We retain your QBO data and saved searches for as long as your subscription is active. When you delete your account, all data associated with your organization is permanently removed from our active databases within 24 hours. Standard backups may retain residual data for up to 30 days before they are overwritten in the normal rotation; after that point no copy of your data remains.

7. Cookies

BooksNav currently uses only essential cookies required to keep you signed in and to remember your interface preferences (e.g. sidebar collapsed state). These are managed by Clerk (authentication) and by our own application (UI preferences). We do not use advertising or cross-site tracking cookies. If we add privacy-preserving analytics in the future, we will update this Policy and obtain consent where required by law.

8. Your rights

You have the right to:

• Access - request a copy of the personal data we hold about you.
• Correct - request that inaccurate personal data be corrected.
• Delete - delete your account and all associated data at any time, directly from Settings or by emailing us.
• Export - export your saved searches and QBO data via the in-app Excel and CSV export features.
• Object - object to any specific processing activity by contacting us.

To exercise any of these rights, email us at the address below. We respond within five business days for routine requests.

9. Children's privacy

BooksNav is intended for use by businesses and accounting professionals. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us personal data, please contact us and we will remove it.

10. Changes to this policy

We may update this Privacy Policy from time to time as the service evolves. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email. Continued use of BooksNav after a change constitutes acceptance of the revised policy.

11. Contact

For privacy-related questions, data-access or deletion requests, or any other concern, email contact@booksnav.com. See our contact page for the postal address.