Prelaunch policy

Privacy Policy

This prelaunch policy describes the intended QuickBooks-connected scan workflow. Final legal entity, retention, deletion, and support details still need owner/legal approval before public paid scans.

Data we expect to collect

  • Account identity such as name, email, and login provider ID.
  • QuickBooks company identifiers, company name, realm ID, and OAuth connection status.
  • Read-only QuickBooks transaction, account, vendor, and report data needed to estimate and run a cleanup scan.
  • Stripe checkout/session metadata and payment status, not raw card details.
  • Generated scan reports, findings, suggested review steps, and support records.

How we use data

  • Connect to the authorized QuickBooks company.
  • Estimate transaction volume and quote scan pricing before checkout.
  • Generate duplicate, outlier, missing-detail, and vendor-spike review reports.
  • Provide support, security monitoring, billing records, and deletion/disconnect handling.

Controls

  • QuickBooks passwords should never be collected by BustedBooks.
  • OAuth tokens should be encrypted server-side before storage.
  • Users should be able to disconnect QuickBooks and request report/account deletion.
  • Payment cards should be handled by Stripe Checkout rather than stored by BustedBooks.

Before public launch

Final privacy language, legal entity name, support mailbox, data-retention policy, and deletion workflow need approval before marketplace submission or public paid scans.