This Privacy Policy explains how CoreData Incorporated ("CoreData", "we", "us", or "our") collects, uses, stores, and protects information processed through the QuickBooks Connector. The connector is currently used internally by CoreData and may later be offered to customers who want to automate workflows using authorized QuickBooks data.
1. Scope
This policy applies to the QuickBooks Connector application, related APIs, administrative pages, reports, exports, logs, and integrations operated by CoreData. It does not replace any customer agreement, data processing agreement, or privacy notice that may apply to a specific customer engagement.
2. Information We Process
The application may process the following categories of information:
- QuickBooks connection information, including company identifiers, realm IDs, OAuth tokens, refresh tokens, token expiration data, and connection status.
- QuickBooks business data that authorized users choose to access through the connector, such as company information, customers, invoices, accounts, balances, financial reports, and related accounting records.
- Customer and user identifiers used to separate customer environments, authorize access, and support auditability.
- Administrative and security data, including login state, access claims, IP address, request metadata, timestamps, error details, and operational logs.
- Generated exports or reports, such as JSON, CSV, or spreadsheet files requested by authorized users.
3. How We Use Information
CoreData uses information processed by the connector to:
- Connect authorized QuickBooks Online companies to CoreData workflows and services.
- Retrieve, normalize, transform, report on, and export QuickBooks data for authorized business purposes.
- Automate business workflows requested by CoreData or authorized customers.
- Maintain, troubleshoot, secure, monitor, and improve the application.
- Enforce customer isolation, authentication, authorization, and security controls.
- Comply with legal, contractual, audit, security, and third-party platform obligations.
4. Intuit and QuickBooks Data
The connector accesses QuickBooks data only after an authorized user completes the Intuit OAuth authorization process. We use QuickBooks data only to provide and support the connector and related authorized workflows. We do not sell QuickBooks data. We do not use QuickBooks data for advertising. We do not disclose QuickBooks data except as described in this policy, as directed by an authorized customer, as needed to operate or secure the service, or as required by law.
5. Legal Bases and Authorization
Where privacy law requires a legal basis, CoreData processes information based on one or more of the following: performance of a contract, legitimate business interests, consent or authorization, compliance with legal obligations, and protection of rights, security, and service integrity. Customers and internal administrators are responsible for ensuring they have authority to connect QuickBooks companies and process the related data.
6. Sharing and Service Providers
CoreData may share information with service providers, hosting providers, identity providers, security tools, professional advisers, or other vendors that help operate, secure, support, or audit the connector. These parties are expected to process information only for the purposes authorized by CoreData. We may also disclose information when required by law, to protect rights and safety, or in connection with a business transaction.
7. Security
CoreData uses technical and organizational safeguards designed to protect information processed by the connector, including HTTPS, authentication, authorization, customer isolation controls, encrypted token protection, restricted administrative access, and security-focused deployment practices. CoreData is working toward SOC 2 readiness. No method of transmission or storage is completely secure, and users should promptly report suspected unauthorized access.
8. Data Retention
CoreData retains information for as long as needed to provide the connector, support authorized workflows, maintain security and audit records, resolve issues, comply with legal or contractual obligations, and enforce agreements. OAuth tokens and connection records may be deleted or disconnected when access is no longer required. Generated exports should be retained only as long as needed for the authorized business purpose.
9. Customer Controls
Authorized users may disconnect QuickBooks companies through the application where that feature is available. Customers may also revoke the application's access through Intuit or QuickBooks account settings. Revocation may prevent the connector from retrieving updated QuickBooks data but may not automatically delete historical logs, reports, backups, or records CoreData must retain for legitimate business, legal, security, or audit purposes.
10. International Transfers
Information may be processed in Canada, the United States, or other locations where CoreData, customers, service providers, or platform providers operate. When required, CoreData uses appropriate contractual or operational safeguards for cross-border processing.
11. Your Privacy Rights
Depending on your location and relationship with CoreData, you may have rights to request access, correction, deletion, restriction, portability, objection, or withdrawal of consent. Some requests may need to be directed to the customer organization that controls the data. CoreData will respond to valid requests as required by applicable law and contractual obligations.
12. Children's Privacy
The connector is intended for business use and is not directed to children. We do not knowingly collect personal information from children through the connector.
13. Changes to This Policy
CoreData may update this policy from time to time. The updated version will be posted on this page with a revised effective date. Material changes may also be communicated through reasonable additional means where appropriate.
14. Contact
Questions or requests about this policy may be directed to CoreData at info@coredata.ca or through the contact information available at www.coredata.ca.