Legal

QuickBooks Integration Privacy Policy

How the FoundERPrise CFWM QuickBooks Integration collects, uses, and protects information accessed from QuickBooks Online on behalf of Closet Factory of West Michigan.

Effective 2026-05-17

1. Who we are

This Privacy Policy is published by Closet Factory of West Michigan (operated by CFWM 2024, Inc., referred to in this policy as “we,” “us,” or “our”). We design, manufacture, and install custom storage solutions for residential and commercial customers.

This policy applies to the FoundERPrise CFWM QuickBooks Integration (the “Integration”) — an internal business application that connects our FoundERPrise operating system to our QuickBooks Online (“QBO”) accounting account. The Integration is operated solely for the internal accounting, reporting, payroll, and operational needs of Closet Factory of West Michigan.

Mailing address: PO Box 3601, Kalamazoo, MI 49007
Phone: (269) 205-3149
Email: support@closetfactorywm.com

2. Scope of this policy

This policy covers the data that the Integration accesses from QuickBooks Online via the official Intuit OAuth 2.0 API, and the data the Integration stores about its own operation. It does not cover data collected by QuickBooks Online itself or other Intuit products — those are governed by Intuit’s own privacy policies.

The Integration is not a consumer-facing product. It is operated by authorized CFWM personnel and service accounts only. Members of the public do not have user accounts in the Integration.

3. Information we access from QuickBooks Online

Subject to the OAuth scopes you authorize when connecting the Integration, we may access and process the following categories of business records from your QuickBooks Online company file:

  • Company information — legal name, address, fiscal year, base currency, country.
  • Customers and sub-customers (projects/jobs) — names, billing/shipping addresses, contact info, parent-customer relationships used to identify designers and project hierarchies, and customer custom fields.
  • Invoices — invoice numbers, dates, line items, amounts, memos, private notes, custom fields, and linked transactions.
  • Payments, sales receipts, and credit memos — dates, amounts, methods, and links to invoices.
  • Time activities — employee, customer, item, hours, and billable status.
  • Employees — name and identifier, where the connected user authorizes the employee scope.
  • Items, classes, and accounts — product/service catalog, class structure, and the chart of accounts.
  • Vendors — name and identifier, where required for reconciliation.

The Integration only requests the OAuth scopes it needs for the authorized operational purpose. Where read-only scopes are sufficient, we use them.

4. How we use this information

Information accessed from QuickBooks Online is used solely for internal CFWM business operations, including:

  • Reconciling Salesforce sales opportunities with QBO invoices and payments.
  • Calculating designer commissions and producing payroll catch-up reports.
  • Tracking manufacturing job lifecycle and customer/project status.
  • Producing operational dashboards and reports for authorized CFWM personnel.
  • Building data-quality reports that help CFWM identify and resolve record-keeping inconsistencies between QBO and other authorized systems of record.

5. What we do NOT do with your data

We do not sell, rent, lease, trade, or transfer QuickBooks Online data to any third party or affiliate. Your QBO data is not shared with advertisers, data brokers, or marketing partners under any circumstance.

  • We do not use QBO data for advertising or marketing.
  • We do not aggregate QBO data across companies or sell aggregated insights.
  • We do not train third-party machine-learning models on QBO data.
  • We do not write to QuickBooks Online without explicit, row-level, named-operator approval. Read-only is the default and the operational baseline.

6. Service providers

The Integration runs on infrastructure we operate. We use a small number of standard infrastructure providers (web hosting, reverse-proxy and TLS certificate issuance, and the Intuit OAuth 2.0 endpoints themselves) solely to operate the Integration. These providers process only the metadata required to deliver their service (for example, the TLS-encrypted bytes flowing between the Integration and Intuit’s API).

We do not introduce additional third parties into the QBO data path beyond what is required to make the OAuth-authorized API calls function.

7. Data retention

Data accessed from QuickBooks Online is retained only as long as it is needed for the authorized operational purpose. Operational snapshots used for reporting and payroll catch-up are stored on protected infrastructure and rotated on a regular cadence.

OAuth tokens are stored in a server-side secrets store with restricted file-system permissions and are rotated whenever Intuit issues a refresh.

8. Security

We protect QuickBooks Online data in transit and at rest:

  • All API traffic to and from Intuit is encrypted in transit over TLS.
  • OAuth client secrets and refresh tokens are stored in a server-side secrets store with restricted file-system permissions (mode 0600) and are never written to source control.
  • Sensitive personnel data such as encrypted PII fields uses pgcrypto-based field-level encryption with keys held only on the server, never alongside the encrypted data.
  • Access to the Integration is restricted to authorized CFWM personnel and named service accounts. Role-based access controls further limit who can see which categories of data.
  • Every write operation across the broader FoundERPrise platform produces an append-only audit-log entry — for the QBO Integration today, all data flows are read-only by default, and any future write capability will be gated by per-row approval and full audit logging.

9. Access, deletion, and revocation

The Integration is operated for CFWM’s own QuickBooks Online account. The account owner may at any time revoke the Integration’s authorization from within QuickBooks Online (Apps → My Apps → Disconnect), which immediately terminates the Integration’s ability to call Intuit’s API on the company’s behalf.

Upon disconnection or upon a written request to support@closetfactorywm.com, we will delete locally-cached operational copies of QBO data within a reasonable timeframe, retaining only what is required to meet our own accounting, tax, or audit obligations.

10. Children

The Integration is a business-to-business accounting tool. It is not directed to, and does not knowingly collect information from, anyone under the age of 13.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Effective” date at the top reflects the current revision. Material changes to the categories of data the Integration accesses, or to how it is used, will be reflected in an updated effective date.

12. Contact us

For questions about this Privacy Policy or the QuickBooks Integration:

Closet Factory of West Michigan (CFWM 2024, Inc.)
PO Box 3601, Kalamazoo, MI 49007
Phone: (269) 205-3149
Email: support@closetfactorywm.com

See also our EULA / Terms of Use.