← Back

Privacy Policy

Effective date: May 20, 2026

1. Introduction

QB Consolidation (“we”, “us”, or the “Service”) provides a tool that consolidates financial reports across multiple QuickBooks Online (“QBO”) companies you own or manage. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the Service you agree to this policy.

2. Information We Collect

We collect the following categories of information:

  • Account information. Your email address and a hashed password when you create an account. We do not store your password in plaintext.
  • QuickBooks Online data.When you connect a QBO company, we receive OAuth access and refresh tokens scoped to the Accounting API, plus the financial reports (Profit & Loss, Balance Sheet, Cash Flow) and the chart of accounts you authorize us to read. We do not request or receive payment information, payroll detail, or customer/vendor personal data beyond what appears in those reports.
  • Usage data. Standard server logs (timestamps, IP addresses, error traces) generated by our hosting providers.

3. How We Use Information

We use the information we collect to:

  • Operate the Service and produce consolidated reports for you;
  • Maintain authentication, security, and audit trails;
  • Diagnose errors and improve reliability;
  • Communicate with you about your account or material changes to this Policy.

We do not sell your data, share it with advertisers, or use it to train machine-learning models.

4. How Your Data Is Stored

QuickBooks OAuth access and refresh tokens are encrypted at rest using AES-256-GCM with keys held only on our servers; the ciphertext stored in the database is unreadable without those keys.

Financial reports and chart-of-account metadata are stored in a Postgres database hosted by Supabase, with row-level security policies that restrict access to members of your organization.

We retain your data for as long as your account is active. You can request deletion at any time (see “Your Rights”).

5. Who We Share Information With

We share information only with the third-party services necessary to operate the Service:

  • Intuit, Inc.— for the OAuth flow and QBO API calls that the Service exists to make on your behalf.
  • Supabase, Inc.— database and authentication hosting.
  • Vercel, Inc.— application hosting.

We may disclose information if compelled by law (subpoena, court order, or similar legal process). We will use reasonable efforts to notify you when we are legally permitted to do so.

6. Your Rights

You can:

  • Access and export your data on request;
  • Disconnect any QBO company at any time, which revokes the tokens we hold for that company;
  • Delete your account, which removes all stored tokens, cached reports, and account records within thirty (30) days;
  • Correct inaccurate information, although note that financial data should be corrected in QuickBooks Online — we will re-sync from there.

To exercise any of these rights, email us at the address below.

7. Cookies and Tracking

We use a small number of strictly-necessary cookies for authentication and session management. We do not use third-party analytics, advertising, or marketing trackers.

8. Security

We take reasonable measures to protect your data, including encryption of OAuth tokens at rest, encrypted transport (TLS) for all requests, row-level security in the database, and principle-of-least-privilege access for application servers. No system is perfectly secure; we will notify affected users without undue delay if we become aware of a breach involving their data.

9. Children's Privacy

The Service is not directed to children under 13 and we do not knowingly collect data from them.

10. Changes to This Policy

We may update this Policy from time to time. If a change is material we will notify you by email and update the “Effective date” above. Continued use of the Service after a change constitutes acceptance.

11. Contact

Questions or requests under this Policy: email us at privacy@qbconsolidation.com.