Home Terms of Use Contact

Privacy Policy

GenerosityQB · Effective date: July 10, 2026 · Last updated: July 10, 2026

This Policy explains how GenerosityQB (“we,” “us”) collects, uses, and shares information when you use our website and application (the “Service”). It is a practical privacy notice for our product and is not legal advice. If you do not agree, please do not use the Service.

1. Who this Policy covers

This Policy applies to visitors of generosityqb.com and users who connect a QuickBooks Online company to GenerosityQB. If you are a donor who only receives a letter from an organization using our Service, that organization is typically the controller of your personal information for that communication; we process data on their behalf to generate or send the letter they request.

2. Information we collect

2.1 Account and connection

  • Intuit / QuickBooks Online identifiers (e.g. company realm ID, tokens needed to call QBO APIs);
  • Your Intuit login email and display name (when OpenID scopes provide them);
  • Company name associated with the connection;
  • Admin / free-account flags we maintain for access control.

2.2 Organization and letter content you save

  • Organization profile (name, address, EIN, email, phone, logo file);
  • Letter body, report title, footer/disclaimer text by tax year;
  • Preferred tax year and similar settings.

2.3 Gift and donor data from QuickBooks

When you load a tax year or generate PDFs/emails, we retrieve sales receipts and related customer fields (such as name, email, address when needed for letters) from QuickBooks Online via Intuit’s APIs.

  • We do not permanently store full gift lists or receipt histories in our database as a donor CRM. Receipts are loaded live for your session/work.
  • Limited in-memory caching may be used briefly (e.g. customer detail cache) to reduce API calls; it is not a long-term archive.
  • We may store billing unlock records (e.g. which customer IDs were paid for a year) and subscription status—not the full gift ledger.

2.4 Billing

  • Subscription and purchase records (plan, status, period end, amounts, Stripe IDs);
  • Payment card details are processed by Stripe; we do not store full card numbers on our servers.

2.5 Contact form and support

  • Name, email, and message text you submit via Contact us;
  • Technical metadata (e.g. approximate time, rate-limit counters).

2.6 Technical and usage data

  • Session cookies required to keep you signed in;
  • Server logs (IP address, timestamps, errors) for security and debugging;
  • Browser requests needed to operate the site.

We do not use third-party advertising trackers on the core app as of the date above.

3. How we use information

  • Provide, secure, and improve the Service;
  • Authenticate with Intuit and call QuickBooks APIs you authorize;
  • Generate PDFs and send emails you initiate;
  • Compute Insights analytics for eligible plans;
  • Process payments, prevent fraud, and enforce plan limits;
  • Respond to contact and support requests;
  • Comply with law and protect rights and safety.

4. Legal bases (where applicable)

If GDPR or similar law applies, we rely on: performance of a contract (providing the Service you request); legitimate interests (security, improvement, billing integrity); consent where required; and legal obligation where applicable.

5. Sharing

We share information only as needed:

  • Intuit / QuickBooks Online — to connect and retrieve data you authorize;
  • Stripe — payments and subscriptions;
  • Email providers (e.g. Resend or SMTP) — to send messages you request or transactional mail;
  • Hosting providers (e.g. DigitalOcean) — infrastructure;
  • Professional advisors or authorities when required by law or to protect rights.

We do not sell personal information.

6. Cookies and sessions

We use a session cookie (e.g. signed session ID) to keep you logged in after QuickBooks OAuth. Disabling cookies may prevent sign-in from working. Sessions may be lost when the server restarts if sessions are stored in memory.

7. Retention

  • OAuth tokens and company connection — until you disconnect or we remove the connection;
  • Letter/org content and billing records — while your account/company uses the Service and as needed for records, tax, and disputes;
  • Contact messages — as needed to respond and for reasonable business records;
  • Logs — typically short periods unless needed for security investigations.

8. Security

We use reasonable technical and organizational measures (HTTPS, access controls, session authentication, restricted admin tools). No method of transmission or storage is 100% secure. You are responsible for safeguarding access to your Intuit account and authorized users.

9. International transfers

We may process data in the United States or other countries where our providers operate. Where required, we use appropriate safeguards for cross-border transfers.

10. Your choices and rights

  • Disconnect QuickBooks from the Service to stop API access via our app;
  • Update organization and letter content in the app;
  • Cancel Pro subscription in Settings or Stripe Customer Portal where available;
  • Depending on your location, you may have rights to access, correct, delete, or export personal data, or object to certain processing. Contact us to exercise rights; we may need to verify your request.

For data held only in QuickBooks Online, manage it in Intuit’s product and under Intuit’s policies.

11. Children

The Service is directed at organizations and adults, not children under 13 (or the age required in your jurisdiction). We do not knowingly collect data from children.

12. Changes

We may update this Policy by posting a new version with a revised “Last updated” date. Material changes may be highlighted in the app or by email when appropriate.

13. Contact

Privacy questions: Contact us on GenerosityQB, or use the support email published on the site.

Related: Terms of Use