In one paragraph.
The OffDeck QuickBooks integration connects to OffDeck's own QuickBooks Online company through Intuit's official API, using OAuth 2.0. It reads accounting data (and, where authorized, updates records) so OffDeck's finance and operations team can work with the books through an AI assistant. We access only what's needed to do that, we don't sell data or use it to train third-party AI models, we protect it in transit and at rest, and you can revoke access at any time from QuickBooks.
What this covers.
This policy covers the data the integration accesses through the QuickBooks Online API and how OffDeck handles it. It does not change Intuit's own handling of your QuickBooks data, which is governed by Intuit's privacy policy.
Data we access.
Through the QuickBooks Online Accounting scope, the integration may read and (where authorized) write:
- Company information — company name, address, fiscal settings, and the company (realm) identifier.
- Financial reports — profit & loss, balance sheet, and similar reports.
- Transactions & records — invoices, bills, payments, expenses, journal entries, and accounts.
- Lists — customers, vendors, items, and chart-of-accounts entries.
The integration requests data on demand to answer a specific question or perform a specific task. It does not continuously harvest or mirror your entire company file.
How we use it.
We use QuickBooks data solely to operate this integration for OffDeck's own internal accounting and financial-operations work — for example, summarizing reports, looking up records, and maintaining entries at the direction of authorized OffDeck staff. We do not:
- Sell, rent, or lease the data.
- Use it for advertising.
- Use it to train third-party or public AI models.
- Share it with anyone outside the subprocessors listed below.
Sharing & subprocessors.
We don't share your QuickBooks data with third parties except the service providers strictly required to run the integration:
- Intuit — the source of the data, via the QuickBooks Online API.
- Anthropic — our AI assistant provider. To fulfill a request, relevant QuickBooks data may be sent to Anthropic's API for processing under Anthropic's commercial terms, which do not use submitted data to train their models.
- Infrastructure — OffDeck-controlled hosting used to run the integration and store credentials securely.
We may also disclose data if required by law, or to protect the rights, safety, and security of OffDeck.
Storage & security.
- Encryption in transit. All communication with the QuickBooks API runs over TLS/HTTPS.
- OAuth, not passwords. We never receive or store your QuickBooks password. Access is via an Intuit-issued token.
- Protected credentials. The OAuth refresh token and company (realm) identifier are stored on OffDeck-controlled infrastructure with restricted access, and are used only to obtain short-lived access tokens.
- Least privilege. Access to the integration is limited to authorized OffDeck personnel.
Data retention.
QuickBooks records are read on demand and are not retained as a standing copy beyond what's needed to complete a task and OffDeck's ordinary business records. The OAuth credentials (refresh token and realm identifier) are retained only while the integration remains connected. When the integration is disconnected, those credentials are revoked and deleted, and no further access is possible without a new authorization.
Control & disconnection.
You are always in control of the connection. You can revoke OffDeck's access at any time from within QuickBooks Online (Settings → Apps → Disconnect). See our disconnect guide for step-by-step instructions and what happens to the data afterward.
Contact.
Questions about this policy or the integration's data handling: [email protected]. Lipman Consulting LLC (OffDeck), Ohio, USA.