Privacy Policy
Effective date: January 1, 2025 · Last updated: April 2026
1. Who we are
QBAI ("we", "us", "our") is a SaaS platform that helps small businesses analyze QuickBooks Desktop data through AI-powered reports and chat. Our service is operated from the United States.
Questions? [email protected]
2. Data we collect
- Account data: name, email address, and hashed password when you register.
- Financial data you upload: QuickBooks export files (JSON/IIF) containing invoices, bills, customers, vendors, and related records. This data is stored encrypted and used solely to power your reports and AI chat.
- Usage data: pages visited, features used, report generated timestamps — collected in aggregate to improve the product.
- Payment data: handled entirely by Stripe (PCI DSS Level 1). We store only your Stripe customer ID — never raw card numbers.
- Technical data: IP address, browser/OS, session tokens stored in cookies.
3. How we use your data
- To provide, operate, and improve the QBAI service
- To generate reports and power AI chat over your QB data
- To process payments and manage your subscription
- To send transactional emails (receipts, alerts, password resets)
- To detect fraud, abuse, and security threats
We do not sell your data, use it for advertising, or share it with third parties for their own purposes.
4. AI / LLM usage
When you use the Chat feature, relevant excerpts of your QB data are sent to a third-party large language model (Anthropic Claude) to generate responses. Data sent is limited to what is necessary for the query. Anthropic's API does not use API inputs to train models. See Anthropic's privacy policy.
5. Data storage and security
- Data is stored on servers in the United States.
- Files are encrypted at rest (AES-256) and in transit (TLS 1.3).
- Access is restricted to authenticated users within your organization.
- We perform regular backups and security reviews.
6. Data retention
Your data is retained for as long as your account is active. If you cancel, your data is deleted within 90 days unless you request immediate deletion. Chat history is retained for 12 months and can be deleted on request.
7. Your rights
You may at any time:
- Access a copy of your data by emailing [email protected]
- Request correction of inaccurate data
- Request deletion of your account and all associated data
- Export your QB records via the Settings page
- Opt out of non-transactional emails via the unsubscribe link
If you are in the EU/EEA or California, additional rights under GDPR and CCPA apply. We will respond to verified requests within 30 days.
8. Cookies
We use strictly necessary cookies for authentication (session token) and one analytics cookie (aggregate, anonymous). No third-party advertising cookies are set. You can disable cookies in your browser, but the app will not function without the session cookie.
9. Third-party processors
| Processor | Purpose | Data sent |
|---|---|---|
| Stripe | Payments | Name, email, billing address |
| Anthropic (Claude) | AI chat | QB data excerpts per query |
| Railway | Hosting / database | All app data (US servers) |
| Cloudflare R2 | File storage | Uploaded QB files |
| Resend | Transactional email | Email address |
10. Changes to this policy
We may update this policy. Material changes will be emailed to account holders at least 14 days before taking effect. Continued use of the service after the effective date constitutes acceptance.
11. Contact
QBAI · [email protected]