Privacy Policy

1. Overview

AccountingQB (“we,” “our,” or “us”) is a software product operated by NutriFitAI LLC, doing business as Vaspera Capital, a Delaware limited liability company. We are committed to protecting your privacy and being transparent about how we handle data. This policy explains what information we collect, how we use it, and your rights.

2. Zero-Knowledge Architecture

AccountingQB is built with a zero-knowledge architecture. The MCP server runs locally on your machine and communicates directly with QuickBooks Online using your OAuth credentials. Your financial data — transactions, reports, account balances, and all QuickBooks content — never passes through our servers. We cannot see, access, or store your QuickBooks data.

3. What We Collect

We collect only the minimum data necessary to operate the service:

Account information: When you start a trial or subscribe, we collect your email address and payment information (processed by Stripe — we never store card numbers).

License data: We store a license key, subscription tier, and status in our database to validate your subscription.

Usage metadata: We may collect anonymous, aggregate usage statistics such as which tools are used most frequently. This data contains no financial information.

4. What We Do NOT Collect

We do not collect, store, transmit, or have access to: your QuickBooks data (transactions, reports, balances, vendor or customer information), your QuickBooks OAuth tokens (stored locally on your machine with Fernet encryption), or any financial data that flows between the MCP server and QuickBooks Online.

5. How We Use Your Information

We use the information we collect to: provide and maintain the service, process payments and manage subscriptions, send transactional emails (purchase confirmations, license keys), improve the product based on aggregate usage patterns, and comply with legal obligations.

6. Third-Party Services

We use the following third-party services: Stripe for payment processing (see Stripe's privacy policy at stripe.com/privacy), Vercel for hosting our website and API endpoints, and Supabase for license database hosting. None of these services have access to your QuickBooks data.

7. Data Security

QuickBooks OAuth tokens are encrypted at rest using Fernet symmetric encryption and stored locally on your machine with restricted file permissions (0600). License validation uses HTTPS for all API calls. We follow industry best practices for securing our infrastructure.

8. Data Retention

Account and license data is retained for the duration of your subscription plus 90 days after cancellation. You may request deletion of your data at any time by contacting us.

9. Your Rights

You have the right to: access the personal data we hold about you, request correction of inaccurate data, request deletion of your data, export your data in a portable format, and withdraw consent at any time by canceling your subscription.

10. Children's Privacy

AccountingQB is not intended for use by individuals under the age of 18. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email or by posting a notice on our website.

12. Contact Us

If you have questions about this privacy policy or our data practices, contact us at support@accountingqb.com.

NutriFitAI LLC, d/b/a Vaspera Capital
12 Autumn Hill Ln
Southborough, MA 01772