Privacy Policy

Last updated: [EFFECTIVE DATE]

Draft — review required. This document is a working draft provided for operational setup and is not legal advice. It must be reviewed and approved by the operator and/or qualified legal counsel, and all [BRACKETED PLACEHOLDERS] must be completed, before it is relied upon or submitted for any application-verification process.

This Privacy Policy explains how [LEGAL ENTITY NAME] ("we," "us," or "our") collects, uses, stores, discloses, and protects information in connection with Mr. Shoost (the "Application" or "Software"), a command-line tool that connects to the QuickBooks Online API provided by Intuit Inc. ("Intuit") to deliver bookkeeping and related services.

By installing, authorizing, or using the Application, you agree to the collection and use of information in accordance with this Policy.

1. Information we access and collect

1.1 QuickBooks Online data (accessed via the Intuit API)

When you connect the Application to your QuickBooks Online company, you authorize it, through Intuit's OAuth 2.0 authorization flow, to access data in that company. Depending on the scopes you grant and the operations you run, this may include:

Company and account profile information (e.g., company name, legal/business address, fiscal settings, currency);
Financial transactions (e.g., invoices, bills, payments, expenses, deposits, journal entries, credit memos);
Customer and vendor records (e.g., names, billing/shipping addresses, email addresses, phone numbers, balances);
The chart of accounts, items/products and services, classes, and tax information;
Reports and aggregated accounting data derived from the above.

This accounting data may include personal and financial information about you and about third parties contained in your books (such as your customers and vendors).

1.2 Authentication and connection data

To maintain your connection to QuickBooks Online, the Application stores OAuth 2.0 access tokens, refresh tokens, and the associated company (realm) identifier issued by Intuit. These credentials authorize access to your QuickBooks Online data and are treated as sensitive.

1.3 Operational and diagnostic data

The Application may generate local logs and diagnostic information (e.g., timestamps, the operations performed, and error messages) to operate the Software and troubleshoot problems.

2. How we use information

We use the information described above only to provide and support the bookkeeping and related services you request, including to:

Authenticate and maintain your connection to QuickBooks Online;
Read, organize, reconcile, categorize, and report on your accounting data;
Create, update, or adjust records in your QuickBooks Online company when you direct the Application to do so;
Diagnose errors, maintain security, and improve the reliability of the Software.

We do not use your QuickBooks Online data for advertising, and we do not sell your data. We do not use Intuit data to build or train independent profiles for purposes unrelated to providing the service to you.

3. Intuit / QuickBooks Online and your data

Data accessed by the Application is obtained from Intuit through the QuickBooks Online API and remains subject to Intuit's own terms and privacy practices. Our access to and use of Intuit data is intended to comply with the Intuit Developer terms, including the Intuit Developer Terms of Service and applicable API usage requirements. Your use of QuickBooks Online is governed by your agreement with Intuit and Intuit's privacy policy. This Privacy Policy applies only to the Application and not to Intuit's products or services.

4. How we share information

We do not sell your personal or financial information. We share information only as necessary to operate the service, and only in the following circumstances:

With Intuit, as required to authenticate and exchange data through the QuickBooks Online API at your direction;
With service providers that help us operate the Software (for example, infrastructure or hosting providers), bound by confidentiality and data-protection obligations and permitted to use the data only to provide services to us — [ENUMERATE ANY SUB-PROCESSORS, OR STATE "NONE"];
For legal reasons, where required to comply with applicable law, regulation, legal process, or an enforceable governmental request, or to protect rights, safety, and security;
In a business transfer, in connection with a merger, acquisition, financing, or sale of assets, subject to the protections of this Policy.

5. Data storage, location, and retention

Connection credentials and any cached accounting data are stored [DESCRIBE WHERE — e.g., "locally on the device where you run the Application" / "in a database we operate hosted at [HOSTING PROVIDER / REGION]"]. We retain data only for as long as needed to provide the service to you or as required by law. When your connection is revoked or the service is terminated, we delete or render unusable the stored OAuth tokens and any cached QuickBooks Online data within a commercially reasonable period, except where retention is required by law.

6. Security

We use reasonable administrative, technical, and organizational measures designed to protect information against unauthorized access, disclosure, alteration, and destruction, including encrypted transport (HTTPS/TLS) for API communications and access controls over stored credentials. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for safeguarding the device and environment in which the Application runs.

7. Your rights and choices

Disconnect / revoke access. You may disconnect the Application from QuickBooks Online at any time — either through the Application's disconnect command or from within your Intuit account (Apps → Connected Apps / Manage). Revoking authorization stops further access to your QuickBooks Online data.
Access, correction, and deletion. Subject to applicable law, you may request a copy of the personal information we hold about you, ask us to correct it, or request deletion. To exercise these rights, contact us using the details below.
Your QuickBooks data. Your authoritative accounting records remain in QuickBooks Online and are controlled by you through Intuit.

Depending on your jurisdiction (for example, under the GDPR, UK GDPR, or U.S. state privacy laws such as the CCPA/CPRA), you may have additional rights. We will honor applicable rights requests as required by law.

8. Children's privacy

The Application is intended for use by businesses and is not directed to children. We do not knowingly collect personal information from children.

9. International users

If you access the Application from outside [GOVERNING-LAW JURISDICTION], you understand that information may be processed and stored in locations whose data-protection laws may differ from those of your jurisdiction.

10. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Application after an update constitutes acceptance of the revised Policy.

11. Contact us

If you have questions or requests regarding this Privacy Policy or your data, contact:

[LEGAL ENTITY NAME]
Email: [CONTACT EMAIL]