Privacy Policy

This Privacy Policy explains how Dattuh collects, uses, discloses, and protects information when you use the Dattuh application (the "App"), which integrates with QuickBooks Online (QBO) via Intuit's APIs. It also explains how we handle operational and production log data generated when the App runs.

Information We Collect

We collect the following types of information:

  • QBO Account Data: When you authorize the App via OAuth (Open Authorization, an industry-standard protocol that lets you grant the App access to your QBO account without sharing your password), we access specific QBO data as permitted by your consent (for example: customers, vendors, payment methods, payment terms, classes, locations, sales taxes, and similar information). We only access what is necessary for the App's features. Client's OAuth tokens are encrypted in the database. When your task finishes processing, this data is deleted from our systems.
  • Account and Usage Information: We collect your name, email, address, company name, App usage data (e.g., login times, features used), and other relevant technical data to provide services on your behalf and for billing purposes.
  • Transactions: We store limited transaction metadata (ID/DocNumber, date, amount, document name) to provide information to clients, to support status tracking, and to allow clients to reverse transactions if needed*.
  • Third-party data files: We temporarily store the data files you upload in Amazon S3 cloud storage until the task is completed and the data is synced with QBO; then files are automatically deleted from our cloud storage.
  • Operational and Production Logs: We collect technical and diagnostic records generated by the App, such as timestamps, request and job activity, internal record IDs, integration IDs, document names, file extensions, status values, counts, and error details needed to operate, secure, and troubleshoot the service. We do not log uploaded file contents, OAuth tokens, or full QuickBooks payloads, but logs may include limited exception or validation messages when needed to diagnose failures.
  • AI-Assisted Integration Requests: When you use the AI-assisted integration creation feature, your natural-language prompt and relevant structural context — such as sample file headers, QBO account metadata, field names, chart of accounts — are sent to a third-party AI provider to generate an integration specification. Uploaded file contents, OAuth tokens, and raw QuickBooks payloads are not sent to AI providers for this purpose. The actual processing and integration of your data into QBO is performed entirely by automated app logic using the approved integration specification — not by AI. The sole exception is when AI-assisted technology is used to read PDF files; in that case, you will be notified before processing proceeds.
  • Other Data: Support requests or other information you voluntarily provide.

Use of Integration Metadata for AI Improvements

We may use non-personal integration metadata (i.e., mapping configurations, field mappings, anonymized usage patterns, error and validation patterns, and other structural metadata) to improve automated tooling and AI-assisted features that help create and diagnose integrations. This usage is limited to metadata and aggregated insights — we do not use uploaded file contents, OAuth tokens, or raw QuickBooks Online account data for training or to improve our models.

If you prefer that Dattuh not use your client's integration metadata for model training or product improvement, you may opt out. To opt out, toggle the "Opt out of AI-based integration improvements" setting on the client's account in the App to exclude your client's metadata from AI improvement workflows. Opting out will not affect the App's core integration functionality.

AI-Assisted Integration Creation

When you explicitly request a new integration using Dattuh's AI-assisted workflow, we process your request using a third-party AI provider (or providers, which may change over time) to generate an integration specification. The following applies to this feature:

  • This feature is opt-in: it is only triggered when you explicitly initiate a new integration creation request.
  • We send your natural-language prompt and relevant structural context — such as sample file headers or structure and QBO account metadata (e.g., field names, chart of accounts) — to the AI provider to produce the specification.
  • We do not send uploaded file contents, OAuth access or refresh tokens, or complete QuickBooks payloads to AI providers for this purpose.
  • The generated specification is a starting point and may be reviewed or edited before use. No new integration is placed into production until you explicitly review and approve it.
  • The actual processing and integration of your data into QuickBooks Online is performed entirely by automated app logic using the approved integration specification — not by AI. AI is not involved in reading, transforming, or submitting your data to QBO during the integration run.
  • The only exception to the above is when AI-assisted technology is used to extract data from PDF files. When this occurs, you will be shown a warning and given the opportunity to proceed or cancel before any PDF content is sent to an AI provider.
  • The third-party AI providers we use may change over time; we will update this policy as material providers change. You should also review the applicable provider's privacy policy regarding how they handle API request data.

How We Use Your Information

  • Provide and improve the App's integration features.
  • Authenticate and manage your QBO connection (OAuth token rotation).
  • Communicate updates, support requests, and job status.
  • Detect and prevent abuse, fraud, or security incidents.
  • Monitor system performance, investigate bugs, diagnose failed jobs or integrations, and maintain reliable production operations.
  • Comply with legal obligations and enforce our agreements.

We do not use your QBO data for unrelated marketing or profiling without explicit consent.

Data Sharing and Disclosure

We do not sell your data. We may share information with:

  • Service providers (such as hosting, infrastructure, storage, email, and analytics vendors) who may process application data or operational logs on our behalf and who are contractually bound to protect the data.
  • Authorities if required by law or to protect rights and safety.
  • In connection with a merger or sale of assets (with notice as required).

We never ever share a customer's data with another customer. Any aggregated or anonymized insights will comply with Intuit guidelines and applicable law.

Service Providers and Infrastructure

We use third-party providers to host, operate, secure, and support the App. These providers may process personal data or operational log data only as needed to perform services for us.

  • Resend / Plus Five Five, Inc.: Used for transactional email delivery, such as access requests, account-related messages, and service communications. Resend's privacy policy is available at https://resend.com/legal/privacy-policy.
  • Render / Render Services, Inc.: Used to host and run the application, serve the website, maintain backups, and support operational logging and security controls. Render's privacy policy is available at https://render.com/privacy.
  • Amazon Web Services (AWS) / Amazon S3: Client data files you upload are temporarily stored in Amazon S3 cloud storage until processing is complete, at which point they are deleted. AWS's privacy policy is available at https://aws.amazon.com/privacy/.
  • Support and security vendors: We may use vendors that help with monitoring, incident response, or customer support. We will update this policy as our material service providers change.

Production Logs and Diagnostics

  • We maintain production logs to support availability, security monitoring, incident response, fraud prevention, debugging, and service improvement.
  • These logs may include internal identifiers such as user IDs, client IDs, job IDs, transaction IDs, integration IDs, source file IDs, blob IDs, document names, status values, file extensions, and count-based metrics.
  • Logs may also include exception classes, exception messages, and limited validation messages when needed to understand and correct failures.
  • We do not intentionally use production logs to store full uploaded file contents, OAuth access tokens, refresh tokens, or complete QuickBooks payloads.
  • Access to production logs is limited to authorized personnel and service providers with a legitimate operational, security, or support need.
  • Our default operational goal is to retain routine production logs for no longer than 90 days, unless a longer period is reasonably necessary for security investigations, incident response, fraud prevention, dispute resolution, backup recovery, or legal compliance.

QuickBooks Online and Intuit

The App is a third-party service and is not affiliated with or endorsed by Intuit. Data accessed from QBO is governed by your agreement with Intuit and their privacy policies. We access only the data you authorize via OAuth.

Data Storage, Security, and Retention

  • Data is encrypted in transit (TLS) and stored with appropriate safeguards.
  • Uploaded files are retained only until processing completes and then deleted.
  • QBO data is retained only as long as necessary to provide services or as required by law. You can request deletion by revoking access or contacting us.
  • Production logs and diagnostic records are generally retained for up to 90 days, unless a longer period is reasonably necessary for operational continuity, security, audit, support, backup recovery, or legal compliance, after which they are deleted, rotated, or de-identified according to our internal practices.

No system is perfectly secure; we implement reasonable safeguards, restrict log access, and review logging practices periodically, but cannot guarantee absolute security.

Your Rights and Choices

Depending on your jurisdiction (e.g., GDPR, CCPA (California Consumer Privacy Act)), you may have rights to access, correct, delete, or port your data, and to withdraw consent. To exercise rights, contact us at business@dattuh.com. We respond in accordance with applicable law.

Geographic Scope

The App is intended solely for use by businesses operating in the United States with a United States QuickBooks Online account. We do not knowingly offer or market the App to users in the European Union, United Kingdom, or other jurisdictions outside the United States. If you access the App from outside the United States, you do so at your own risk and Dattuh makes no representations about compliance with the laws of any other jurisdiction.

Children's Privacy

The App is not directed to children under 16 (or 13 in some jurisdictions). We do not knowingly collect data from children.

Changes to this Policy

We may update this Policy. Material changes will be notified via email or in-app notice. Continued use constitutes acceptance.

Contact

For questions or requests, email business@dattuh.com.