Prelaunch policy
Privacy Policy
This prelaunch policy describes the intended QuickBooks-connected scan workflow. Final legal entity, retention, deletion, and support details still need owner/legal approval before public paid scans.
Data we expect to collect
- Account identity such as name, email, and login provider ID.
- QuickBooks company identifiers, company name, realm ID, and OAuth connection status.
- Read-only QuickBooks transaction, account, vendor, and report data needed to estimate and run a cleanup scan.
- Stripe checkout/session metadata and payment status, not raw card details.
- Generated scan reports, findings, suggested review steps, and support records.
How we use data
- Connect to the authorized QuickBooks company.
- Estimate transaction volume and quote scan pricing before checkout.
- Generate duplicate, outlier, missing-detail, and vendor-spike review reports.
- Provide support, security monitoring, billing records, and deletion/disconnect handling.
Controls
- QuickBooks passwords should never be collected by BustedBooks.
- OAuth tokens should be encrypted server-side before storage.
- Users should be able to disconnect QuickBooks and request report/account deletion.
- Payment cards should be handled by Stripe Checkout rather than stored by BustedBooks.
Before public launch
Final privacy language, legal entity name, support mailbox, data-retention policy, and deletion workflow need approval before marketplace submission or public paid scans.