Privacy Policy

This Privacy Policy describes how QuickFind AI, Inc. (also known in the market as "Source") ("QuickFind AI," "we," "us," or "our") collects, uses, stores, shares, and protects information when you use QuickFind AI for QuickBooks (the "Service"). This Service is accessible at quickfindai.com and through associated applications and API endpoints. References to "QuickFind AI" in this policy also encompass the brand known as "Source."

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

This policy applies to: (a) data accessed through the QuickBooks integration via Intuit's OAuth 2.0 protocol; (b) data you provide directly through our website, including account registration and contact forms; and (c) automatically collected usage and analytics data.

When you connect your QuickBooks account via Intuit's OAuth 2.0 authorization flow, we access the following data categories through Intuit's official API using the com.intuit.quickbooks.accounting scope:

• Chart of Accounts: Account names, account types, account sub-types, account numbers, hierarchy/parent-child relationships, active/inactive status, and current balances for analysis purposes.
• Customer Records: Customer names, display names, company names, contact information (email, phone), billing/shipping addresses, payment terms, tax exemption status, and customer categorization.
• Vendor Records: Vendor names, display names, company names, contact information, billing addresses, payment terms, tax identification (1099 status), and vendor categorization.
• Products and Services: Item names, descriptions, types (inventory, non-inventory, service), pricing structure, income/expense account mapping, tax categorization, and active/inactive status.
• Classes and Locations: Class names, location names, hierarchy structures, and active/inactive status used for organizational segmentation.
• Tax Codes: Tax code names, rates, agency mappings, and configuration metadata.
• Transaction Metadata: Transaction types, dates, document numbers, reference numbers, amounts, line item details, account mappings, class/location assignments, and status information. We access transaction structure and metadata for pattern analysis — not raw payment credentials or banking details.

Data we explicitly DO NOT access:

• Bank account credentials, routing numbers, or account numbers
• Credit card numbers or payment processing credentials
• Social Security numbers or government-issued identification
• Payroll data, employee compensation, or tax withholding details
• Bank feed connections or direct bank integration data
• User login credentials for QuickBooks or Intuit accounts
• Passwords, security questions, or multi-factor authentication tokens

In addition to QuickBooks data, we may collect the following information directly from you:

• Account information: Email address, name, and organization name when you create an account or request a demo.
• Contact form submissions: Name, email address, and message content when you contact us through our website.
• Calendar bookings: Name, email, and scheduling preferences when you book a demo or consultation.
• Communication records: Records of support requests, correspondence, and feedback you provide to us.

When you visit our website or use the Service, we may automatically collect:

• Usage data: Pages visited, features used, actions taken, timestamps, and session duration.
• Device information: Browser type and version, operating system, screen resolution, and device type.
• Network information: IP address (which may be truncated or anonymized), referring URL, and general geographic location (city/country level).
• Cookies and similar technologies: We use essential cookies for session management and authentication. We do not use third-party advertising or tracking cookies.

We use QuickBooks data exclusively for the following purposes:

• Data structure analysis: Analyzing your chart of accounts, organizational dimensions, and entity configurations to identify patterns and relationships.
• Data quality assessment: Detecting duplicates, inconsistencies, orphaned records, missing fields, and other data quality issues that may affect reporting accuracy or migration readiness.
• Pattern and workflow detection: Identifying accounting workflows, transaction patterns, and business logic embedded in your QuickBooks configuration.
• Report generation: Generating data quality reports, mapping templates, cleanup recommendations, and structured analysis outputs.
• Migration documentation: Producing implementation summaries, mapping files, and migration-ready documentation to support ERP transitions.

We do not use your QuickBooks data for advertising, marketing, profiling, or any purpose unrelated to the Service. We do not use identifiable business data to train general-purpose machine learning models.

We process your data based on the following legal bases:

• Consent: Your explicit consent, provided when you authorize the QuickBooks OAuth connection. You may withdraw consent at any time by disconnecting your QuickBooks account.
• Contractual necessity: Processing necessary to provide the Service as described in our End User License Agreement.
• Legitimate interest: Processing necessary for security monitoring, fraud prevention, and service improvement, balanced against your privacy rights.
• Legal obligation: Processing necessary to comply with applicable laws, regulations, or legal proceedings.

Our data retention practices are designed to minimize the amount and duration of data storage:

• Analysis data: Reports, insights, and generated documentation are retained for a default period of 30 days from generation, after which they are automatically and permanently deleted.
• OAuth tokens: Access tokens and refresh tokens are retained only while your account is actively connected. Tokens are immediately revoked and permanently deleted upon disconnection.
• Account data: Basic account information (email, name) is retained while your account exists. Upon account deletion, this data is removed within 30 days.
• Usage logs: Anonymized usage analytics are retained for up to 12 months for service improvement purposes.
• Database backups: Standard database backups may contain your data for up to 7 days beyond the primary retention period, after which all copies are purged.
• Enterprise customization: Enterprise customers may configure custom retention periods (shorter or longer) to meet their specific compliance requirements.

You may request deletion of your data at any time by:

• Disconnecting your QuickBooks account from the Integrations page (immediately deletes tokens and revokes access)
• Emailing admin@quickfindai.com with a data deletion request

Upon receiving a valid deletion request, we will:

• Delete all stored QuickBooks data associated with your account
• Revoke and permanently delete all OAuth tokens
• Delete all generated reports, analysis data, and documentation
• Remove your account information from our systems
• Confirm deletion in writing within 30 days of your request

We may retain certain information where required by law (e.g., records of consent, transaction logs for compliance purposes) even after a deletion request. Such retained data will be limited to the minimum necessary and stored securely.

We implement comprehensive security measures to protect your data:

• OAuth 2.0 authentication: No credential storage; delegated authentication through Intuit
• TLS 1.2+ encryption: All data encrypted in transit between your browser, our servers, and the Intuit API
• AES-256-GCM encryption: Application-layer authenticated encryption for stored tokens
• Database encryption at rest: Infrastructure-level encryption on all database storage
• Secure session management: httpOnly, Secure, and SameSite cookie attributes
• CSRF protection: State parameter validation and anti-forgery tokens on all state-changing operations
• Rate limiting: Protection against brute-force and abuse on authentication endpoints
• Log scrubbing: Automated redaction of tokens, credentials, and PII from application logs
• Key management: Encryption keys stored as environment secrets, separate from application code

For complete security details, see our Security & Compliance page.

We do not sell, rent, trade, or share your data for commercial purposes. We share data only with:

• Infrastructure providers: Cloud hosting and database services necessary to operate the Service (e.g., Vercel for hosting, managed database providers). These providers operate under strict data processing agreements with appropriate security controls, confidentiality obligations, and data handling requirements.
• Intuit: We communicate with Intuit's API servers as necessary to authenticate, access data, and manage tokens. Intuit's handling of your data is governed by Intuit's own privacy policy.
• Legal requirements: We may disclose data if required by law, subpoena, court order, or government regulation. We will notify you of such requests where legally permitted.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will provide notice before your data becomes subject to a different privacy policy.

We do not use third-party advertising networks, data brokers, or analytics services that create individual user profiles.

Our servers are located in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international data transfers, including:

• Standard contractual clauses approved by relevant data protection authorities
• Data processing agreements with all infrastructure providers
• Technical security measures (encryption, access controls) applied regardless of data location

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, by using the Service you consent to the transfer of your data to the United States as described in this policy.

We use the following cookies and similar technologies:

• Essential session cookies: Required for authentication, session management, and security (httpOnly, Secure). These cannot be disabled as they are necessary for the Service to function.
• OAuth state cookies: Temporary cookies used during the QuickBooks OAuth flow for CSRF protection. These are deleted after the authorization process completes.
• CSRF tokens: Anti-forgery cookies used to protect against cross-site request forgery attacks.

We do not use third-party advertising cookies, social media tracking pixels, or cross-site tracking technologies.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data (see Section 8)
• Right to restrict processing: Request that we limit how we use your data
• Right to data portability: Request your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interest
• Right to withdraw consent: Withdraw your consent at any time by disconnecting your QuickBooks account
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at admin@quickfindai.com. We will respond to verified requests within 30 days (or sooner where required by applicable law).

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt out of the sale of personal information — we do not sell personal information
• The right to non-discrimination for exercising your CCPA rights

To submit a CCPA request, email admin@quickfindai.com with "CCPA Request" in the subject line.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us at admin@quickfindai.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated policy on this page with a new "Last updated" date
• Notify registered users by email of material changes
• Provide at least 30 days notice before material changes take effect

Continued use of the Service after the effective date of changes constitutes acceptance of the updated policy.

For questions, concerns, or requests regarding this Privacy Policy or our data practices: