QuickBooks Privacy Policy

1. Scope

This Policy applies to:

• Heavy AV customers who connect a QuickBooks Online company to their Heavy AV account
• Data accessed, retrieved, transmitted, stored, or otherwise processed by Heavy AV through the QuickBooks Online API
• OAuth credentials and tokens issued by Intuit to authorize the Heavy AV integration

This Policy does not apply to data you manage directly within QuickBooks outside of the Heavy AV integration, which remains governed solely by Intuit’s terms and privacy policy.

2. Information Accessed from QuickBooks

When you authorize the Heavy AV integration, Heavy AV may access, read, create, or update the following types of data within your QuickBooks company:

Customer Records

• Display name
• Primary email address
• Billing and shipping addresses
• Phone numbers
• QuickBooks customer ID and SyncToken

Invoices and Estimates

• Invoice and estimate identifiers (Id, DocNumber, SyncToken)
• Line items, descriptions, quantities, and unit prices
• Discounts and tax amounts
• Issue date, due date, and payment terms
• Balance due and total amounts
• Payment status and last updated timestamps
• Private notes and memos

Items and Service References

• Service item identifiers and names used to bill Heavy AV services

Company and Connection Metadata

• QuickBooks company (realm) ID
• OAuth 2.0 access tokens and refresh tokens
• Token expiration timestamps
• Connection status and sync history

Webhook Events

• Notifications from Intuit indicating changes to invoices, estimates, or payments in your connected QuickBooks company

We do not access or store QuickBooks payroll, banking, or general ledger data, and we do not request scopes beyond those necessary to operate the integration features described above.

3. How We Use QuickBooks Information

Heavy AV uses QuickBooks data exclusively to provide and operate the integration, including to:

• Synchronize customer records between Heavy AV and your QuickBooks company
• Create, update, and reference invoices and estimates in QuickBooks from data entered in Heavy AV
• Reconcile invoice payment status and balance information from QuickBooks back into Heavy AV
• Display QuickBooks identifiers and document numbers within the Heavy AV interface for traceability
• Process webhook notifications from Intuit to keep records current
• Provide audit logs, error reports, and operational diagnostics related to the integration
• Maintain the security and integrity of the connection
• Comply with applicable legal obligations

We do not sell, rent, or trade QuickBooks data, and we do not use QuickBooks data for advertising, profiling, or any purpose unrelated to providing the integration to you.

4. Authorization and OAuth

The Heavy AV integration uses Intuit’s OAuth 2.0 authorization framework. To connect your QuickBooks company, you (or an authorized user of your QuickBooks company) must sign in to Intuit and expressly grant Heavy AV permission to access the requested data.

You may revoke this authorization at any time by:

• Disconnecting the integration from within the Heavy AV admin settings
• Revoking the Heavy AV connection from your Intuit account at appcenter.intuit.com

Upon revocation, Heavy AV will cease making new QuickBooks API requests on your behalf and will revoke the associated OAuth tokens.

5. Data Storage and Security

QuickBooks data accessed by Heavy AV is stored in our managed application database and infrastructure.

We implement commercially reasonable safeguards designed to protect QuickBooks data, including:

• Encryption in transit using TLS for all communications with the Intuit API
• Encryption at rest for OAuth access tokens and refresh tokens using application-managed encryption keys
• Access controls limiting QuickBooks data and tokens to authorized application processes
• Role-based access controls within the Heavy AV platform
• Audit logging of sensitive operations
• Regular review of dependencies, infrastructure, and security configurations
• Isolation of customer data by organization within the application database

Despite these measures, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Sharing of QuickBooks Data

Heavy AV does not sell QuickBooks data and does not share it except in the following limited cases:

• With Intuit, to operate the QuickBooks Online integration as authorized by you
• With infrastructure providers that host the Heavy AV platform (such as cloud hosting, database, and storage providers) under contractual obligations to safeguard the data
• With your authorized users within your Heavy AV organization who have permission to view invoices and customer records
• When required by law, subpoena, court order, or other valid legal process
• To protect the rights, property, or safety of Heavy AV, our users, or others
• In connection with a corporate transaction such as a merger, acquisition, or sale of assets, subject to confidentiality protections

All service providers we engage are bound by obligations to use the data only as needed to perform services for Heavy AV.

7. Data Retention and Deletion

Heavy AV retains QuickBooks data only as long as reasonably necessary to provide the integration, maintain business records, comply with legal obligations, and resolve disputes.

You may request deletion of QuickBooks data stored by Heavy AV at any time. See our Disconnect QuickBooks page for step-by-step instructions, or contact us using the details below.

You can initiate deletion by:

• Disconnecting the QuickBooks integration from your Heavy AV admin settings
• Disconnecting Heavy AV from your Intuit account at appcenter.intuit.com/MyApps
• Closing your Heavy AV account
• Contacting us at the address below with a written deletion request

Upon a verified deletion request, Heavy AV will:

• Revoke stored OAuth tokens and cease QuickBooks API access on your behalf
• Delete QuickBooks identifiers and synced data from the Heavy AV application database within a reasonable timeframe
• Retain residual data only as required for legal, accounting, or audit obligations, in which case it will continue to be protected under this Policy

Deleting data from Heavy AV does not delete data from your QuickBooks company. To delete data within QuickBooks itself, you must use Intuit’s tools or contact Intuit directly.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Know what QuickBooks-related personal information Heavy AV has collected
• Access a copy of that information
• Request correction of inaccurate information
• Request deletion of personal information
• Withdraw consent for the QuickBooks integration at any time
• Lodge a complaint with a supervisory authority where applicable

To exercise these rights, contact us using the information below.

Heavy AV will not discriminate against you for exercising applicable privacy rights.

9. Children’s Privacy

The Heavy AV QuickBooks integration is intended for use by businesses and is not directed to children under the age of 13. We do not knowingly access or store QuickBooks data of children under 13.

10. International Transfers

Heavy AV operates primarily within the United States. By using the QuickBooks integration, you understand and agree that QuickBooks data may be processed and stored in the United States, which may have data protection laws different from those of your jurisdiction.

11. Third-Party Services

The QuickBooks Online service is provided by Intuit Inc. and is governed by Intuit’s terms and privacy policy. Heavy AV is not responsible for Intuit’s practices.

For information about how Intuit handles your data, please visit intuit.com/privacy.

12. Security Incidents

In the event Heavy AV becomes aware of a security incident materially affecting QuickBooks data stored on our systems, we will:

• Take prompt steps to investigate and contain the incident
• Notify affected customers without undue delay where required by law
• Cooperate with Intuit and applicable authorities as required

13. Compliance

Heavy AV maintains the QuickBooks integration in accordance with:

• Intuit Developer Terms of Service and applicable program requirements
• Applicable U.S. federal and state privacy and data protection laws
• Industry-standard security practices

14. Changes to This Policy

Heavy AV may update this Policy from time to time. Material changes will be communicated by posting the updated Policy on this page and revising the Effective Date above.

Your continued use of the QuickBooks integration after the updated Policy takes effect constitutes acceptance of the revised Policy.

15. Contact Information

For questions, requests, or concerns related to this Policy, please contact: