Data Security & Privacy
Your financial data is sensitive. Here is exactly what GreenBizKPI stores, what it never touches, and how every piece of data is protected.
The Short Version
- GreenBizKPI has read-only access to your QBO account. We cannot move money, create transactions, or modify any data.
- We pull monthly P&L summaries, transaction totals, open bills, and bank balances — never employee SSNs, bank account numbers, or credit card details.
- Your QuickBooks access token is encrypted with AES-256-GCM — the same standard used by banks.
- Transaction data is used only for cash forecasting and is never shared with third parties.
- You can disconnect at any time, and we will delete your data on request.
What We Store
GreenBizKPI stores the minimum necessary to power your dashboard.
| Data | Why | How it's protected |
|---|---|---|
| Your email address | Login identity | Stored in encrypted database over SSL |
| Company name | Display in dashboard | Stored in encrypted database over SSL |
| Monthly P&L totals | Power the KPI dashboard | Aggregate numbers only — no individual line items |
| Transaction summaries | Power 13-week cash forecast | Deposit, purchase, and bill payment totals aggregated by week |
| Open bills (AP) | Forecast bill payment timing | Vendor name, amount, due date only — no full invoice details |
| Bank account balances | Starting cash for forecast | Balance amounts only — no account or routing numbers |
| QuickBooks access token | Sync data automatically | AES-256-GCM encrypted, key stored separately |
| KPI configuration settings | Remember your preferences | Stored in encrypted database over SSL |
What We Never Store
This data never leaves QuickBooks and never touches our servers.
How QuickBooks Access Works
Read-only access
GreenBizKPI only requests com.intuit.quickbooks.accounting scope from Intuit — the standard read-only accounting permission. We cannot create transactions, move money, or modify anything in your QuickBooks company.
OAuth 2.0 via Intuit
Connection uses Intuit's official OAuth 2.0 flow — the same technology used to connect bank accounts to apps like Mint or Wave. You log in directly on Intuit's website. We never see your QuickBooks username or password.
Encrypted token storage
The access token Intuit provides is encrypted using AES-256-GCM before being stored in our database. The encryption key is stored separately in our hosting environment — not in the database — so even a complete database breach would not expose usable tokens.
You stay in control
You can revoke GreenBizKPI's access to your QuickBooks at any time from within Intuit's Authorized Apps settings. You can also disconnect directly from your GreenBizKPI admin panel.
Infrastructure & Hosting
Vercel (Application Hosting)
The GreenBizKPI application runs on Vercel — the same enterprise-grade infrastructure used by thousands of production SaaS companies. All traffic is encrypted via HTTPS/TLS. Vercel is SOC 2 Type 2 compliant.
Neon (Database)
Data is stored in a Neon PostgreSQL database hosted on AWS us-east-1. Connections require SSL. Neon is SOC 2 Type 2 certified and built on enterprise AWS infrastructure.
Data Isolation
Every API request verifies that the logged-in user belongs to the company they are requesting data for. Company A can never access Company B's data — this is enforced at the code level on every single endpoint.
No Third-Party Data Sharing
Your financial data is never sold, rented, or shared with any third party for any reason. We do not use it for advertising, benchmarking reports, or any purpose other than powering your dashboard.
Protections Built Into the App
AES-256-GCM token encryption
Bank-grade encryption for all QuickBooks access tokens stored at rest.
HTTPS on all connections
Every request between your browser and our servers is encrypted in transit.
Role-based access control
Admin and member roles — you control who in your organization can access the dashboard.
Multi-tenant isolation
Hard-coded company boundaries on every API route prevent any cross-account data leakage.
Automatic token refresh
Tokens are refreshed automatically and marked inactive if they expire, prompting you to reconnect.
Audit log
All QuickBooks connection and disconnection events are logged with timestamps.
Your Rights
Access your data. You can view all data we store about you and your company by logging into your dashboard.
Delete your data. Email us at any time to request a full deletion of your account and all associated data.
Disconnect QBO at any time. Revoking access immediately stops all data syncs. You can do this from Admin → QuickBooks Connection in your dashboard, or directly from Intuit's Authorized Apps settings.
Questions? If you have any security or privacy questions not answered here, contact us and we will respond within one business day.
Last updated: March 2026