Privacy Policy

Last updated: 2026-05-13. Effective immediately.

Fuzzy Accounting Integration ("the App") is operated by Part Two Enterprises, Inc. ("Part Two", "we", "us") for internal use within the Part Two business. This Privacy Policy explains what data the App accesses, how it is handled, and your rights regarding that data.

Scope of users

The App is a single-tenant internal integration. The only authorized user is the Primary Administrator of Part Two's own QuickBooks Online company. The App is not distributed to third parties, is not listed on any app marketplace, and does not onboard outside customers.

What data we access

When connected, the App accesses the QuickBooks Online Accounting API for the connected company. This may include:

• Transaction records (purchases, bills, invoices, deposits, journal entries, transfers)
• Chart of accounts, vendors, and customers
• Standard QBO reports (Profit & Loss, Balance Sheet, Trial Balance)
• Company profile information (name, address, fiscal year, industry)

The App requests only the com.intuit.quickbooks.accounting OAuth scope. It does NOT request the Payments scope and does not access payment card or bank account credentials.

What we store

• OAuth tokens (access token, rotating refresh token, realm ID) — stored in Cloudflare Workers KV, encrypted at rest by Cloudflare. Required so the App can re-authenticate to QBO on the user's behalf. Tokens are deleted when the user disconnects the App (see /disconnect) or revokes access via Intuit account settings.
• Short-lived CSRF state tokens — single-use, 10-minute TTL.
• We do NOT persist or copy QuickBooks transaction data, account data, customer data, vendor data, or any other QBO content. Data is fetched on demand and discarded after the user's session ends.

How we use accessed data

QuickBooks data is read on demand for the connected user to:

• Display transactions and accounts in a review interface,
• Suggest categorization changes (which the user explicitly approves before any write is made),
• Generate summary reports.

Data is not used for training third-party models. Data is not sold, rented, or shared with marketers or data brokers.

Where data is processed

Requests are processed by Cloudflare Workers (a serverless platform) in transit between the user's browser and Intuit's QuickBooks Online APIs. Cloudflare provides TLS in transit and AES-256 encryption at rest for stored secrets and KV values. No data leaves Cloudflare's infrastructure except to reach Intuit's APIs.

Third parties

• Intuit / QuickBooks Online — the data source. Intuit's privacy policy governs the underlying data: intuit.com/privacy.
• Cloudflare — infrastructure for serverless compute, encrypted KV storage, and TLS termination. Cloudflare's privacy policy: cloudflare.com/privacypolicy.
• Anthropic — when the user opts to use AI-assisted categorization, transaction text (description, amount, current account) may be sent to Anthropic's Claude API for categorization suggestions. Anthropic's API processing policy: anthropic.com/legal/privacy. Bank account numbers, card numbers, and personally identifying customer information are not transmitted.

Retention

OAuth tokens are retained only as long as the user remains connected. Disconnecting the App or revoking access via Intuit deletes the tokens from KV within seconds of the disconnect operation. No backups or archives of QBO data are maintained.

Your rights

As the sole user and Primary Administrator of the connected QBO company, you may at any time:

• Disconnect the App via the instructions at /disconnect,
• Revoke OAuth access via your Intuit account at accounts.intuit.com,
• Request deletion of any stored tokens by emailing the contact below — though disconnecting already accomplishes this automatically.

Children's privacy

The App is for business use and is not directed at children under 13. We do not knowingly collect data from children.

Changes to this policy

Material changes will be reflected on this page with an updated "Last updated" date. Continued use after a change constitutes acceptance.

Contact

Questions or requests: alex@fuzzywumpets.com.