Privacy Policy
This policy explains how TicoQuickBooks handles data related to its website, QuickBooks OAuth workflows, token storage, and API-key-protected token access endpoints.
Scope and legal basis
TicoQuickBooks is a technical service intended to help operators manage OAuth connections across multiple QuickBooks companies. The service acts as an infrastructure layer for authentication and token lifecycle management. Merchants and internal operators remain responsible for using QuickBooks data lawfully within their own systems and business processes.
Data we may process
- QuickBooks OAuth metadata such as authorization codes, realm IDs, access tokens, refresh tokens, and token expiry timestamps.
- Company connection identifiers such as company keys and human-readable company names.
- Request metadata and operational logs needed for uptime, debugging, and security review.
- API authentication data used to protect token-retrieval endpoints.
Purposes of processing
- Start and complete QuickBooks OAuth authorization flows.
- Store and refresh QuickBooks tokens for connected companies.
- Return a current access token to authorized internal callers.
- Maintain service security, traceability, and operational support.
Storage and security
TicoQuickBooks stores connection records in DynamoDB and is designed to limit token access to authenticated internal callers. Reasonable technical safeguards should be used around infrastructure, environment variables, deployment access, and logs. No internet-based service can guarantee absolute security, so sensitive tokens and API keys should be handled with care in downstream systems as well.
Contact
For privacy-related questions about this service, contact the project operator through your existing TicoSync or internal operations channel.
Last updated: April 8, 2026.