Back to Home
ClientSynq

Privacy Policy

Last updated: November 18, 2025

Our Commitment

At ClientSynq, we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our service.

Information We Collect

Account Information

  • Email address and name when you create an account (via Clerk authentication)
  • Company information you provide
  • Billing information for payment processing (via Stripe)

QuickBooks Online Integration

ClientSynq integrates with QuickBooks Online using secure OAuth 2.0 authorization. When you connect your QuickBooks account, we request access to the following data:

  • Customer records from your QuickBooks Online account
  • Invoice data including amounts, due dates, and line items
  • Payment information including payment dates and methods
  • QuickBooks Payments transaction data (if you use QuickBooks Payments)

We securely store OAuth 2.0 access tokens and refresh tokens to maintain your QuickBooks connection. You can disconnect QuickBooks at any time from your dashboard settings, which will immediately revoke our access and delete your stored tokens.

Files and Documents (Enterprise)

  • Files you upload through our secure file exchange feature
  • File metadata including names, sizes, and upload timestamps
  • Files are stored on Vercel Blob storage with access controlled by our application

Usage Information

  • How you use our service (login times, features accessed)
  • Technical information (IP address, browser type, device information)
  • Communication preferences and support interactions

Cookies and Tracking

We use cookies and similar technologies to:

  • Keep you logged in and remember your preferences
  • Analyze how you use our service to improve features
  • Ensure security and prevent fraud

Analytics

  • Google Analytics: We use Google Analytics to understand how visitors interact with our website and service (pageviews, feature usage, traffic sources, etc.)
  • Analytics data is aggregated and anonymized where possible to protect your privacy
  • You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on
  • You can also control analytics through your browser's privacy settings or Do Not Track preferences

How We Use Your Information

  • Provide our service: Enable client portals and sync QuickBooks data
  • Account management: Process payments and manage your subscription
  • Customer support: Respond to questions and provide assistance
  • Service improvement: Analyze usage to improve our features
  • Security: Detect and prevent unauthorized access or fraud
  • Legal compliance: Meet regulatory requirements and protect our rights

Data Security

We take security seriously:

  • Data in transit: All data transmitted between your browser and our servers is encrypted using industry-standard TLS/HTTPS protocols
  • Database security: Your data is stored in PostgreSQL databases with encryption at rest and regular security updates
  • File storage: Uploaded files (Enterprise) are stored on Vercel Blob with access controlled through our application and unique, non-guessable URLs
  • Authentication: Secure authentication provided by Clerk with multi-factor authentication support
  • Payment security: All payment processing is handled by Stripe, which is PCI-DSS Level 1 certified
  • Access control: Limited employee access to your data on a strict need-to-know basis
  • Monitoring: Continuous security monitoring and regular security audits

Note: While we implement robust security measures, no system can guarantee absolute security. We recommend you maintain backups of critical data and use strong, unique passwords.

Data Sharing and Third-Party Services

We do not sell your personal information. We only share your data in these limited circumstances:

Service Providers We Use

We work with trusted third-party service providers to operate our business:

  • Vercel: Hosting infrastructure and file storage (Vercel Blob)
  • Clerk: Authentication and user management services
  • Stripe: Payment processing and subscription billing (PCI-DSS compliant)
  • QuickBooks (Intuit): Accounting data integration via OAuth 2.0
  • Resend: Transactional email delivery
  • Supabase: PostgreSQL database hosting with encryption at rest and in transit
  • Google Analytics: Website analytics and usage tracking to improve our service

These providers have access only to the information necessary to perform their services and are contractually obligated to protect your data and use it only for the purposes we specify.

Other Data Sharing

  • Legal requirements: When required by law, court order, or to protect our rights and safety
  • Business transfer: In the unlikely event of a merger, acquisition, or sale of assets, with advance notice to affected users
  • With your consent: When you explicitly authorize us to share specific information

Data Retention

We retain your information only as long as necessary to provide our services or as required by law:

  • Active accounts: Data is retained while your account is active and for 90 days after cancellation
  • After deletion: When you delete your account, we will delete your personal information within 90 days
  • Backups: Deleted data may remain in backup systems for up to 90 days for disaster recovery purposes
  • Legal requirements: Some data may be retained longer when required by law or to protect our legal rights
  • Immediate deletion: You can request immediate data deletion by contacting support

Data Location and International Transfers

Your data is primarily stored and processed in the United States through our service providers (Vercel, Clerk, Stripe). By using ClientSynq, you consent to the transfer and processing of your information in the United States and other countries where our service providers operate. We ensure that all international data transfers comply with applicable data protection laws and that appropriate safeguards are in place.

Your Privacy Rights

Depending on your location, you may have additional rights under privacy laws such as GDPR (Europe) or CCPA (California):

  • Access: Request a copy of the personal information we have about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (right to be forgotten)
  • Data portability: Receive your data in a structured, machine-readable format
  • Opt-out: Unsubscribe from marketing communications at any time
  • Restriction: Request that we limit how we use your data
  • Object: Object to our processing of your data for certain purposes

To exercise any of these rights, please contact us at hello@clientsynq.com. We will respond to your request within 30 days.

Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through our service. Your continued use of ClientSynq after changes become effective constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: hello@clientsynq.com

We typically respond to privacy inquiries within 48 hours.