Privacy Policy

1. Who we are

This Privacy Policy describes how OAPPS LLC, a Wyoming limited liability company with principal office at 30 North Gould Street, Ste R, Sheridan, WY 82801 ("we", "us") handles data in connection with the OAPPS MCP Gateway application ("the Application"). The Application is an internal tool, not a consumer service. It is operated by OAPPS LLC for OAPPS LLC and is not offered to any third party.

2. What data the Application accesses

When authorized, the Application reads and writes data inside the OAPPS LLC QuickBooks Online company via Intuit's Accounting API. That data may include:

• Customer and vendor records (names, billing addresses, email, phone, tax identifiers);
• Invoices, estimates, bills, payments, and related transaction lines;
• Chart of accounts, items, classes, departments, terms;
• Company-level metadata, including fiscal year, currency, and tax configuration.

The Application does not collect personal data from any end user outside of OAPPS LLC's own QuickBooks books.

3. Why we access it

Data is accessed strictly to perform the bookkeeping, accounting, reporting, and workflow-automation operations that OAPPS LLC would otherwise perform manually in QuickBooks Online.

4. Storage and security

• OAuth refresh tokens are stored on OAPPS LLC-controlled cloud infrastructure (Hostinger, EU (Lithuania)) on an encrypted file system, with file-system permission 0600 (owner read-write only).
• Access tokens are never written to disk — they exist only in memory for the lifetime of a process.
• All traffic to Intuit uses TLS 1.2+.
• Bearer tokens used to gate access to the Application itself are compared using constant-time comparison to mitigate timing side-channels.
• Every write operation is logged in a structured append-only audit log that captures the token identifier, tool name, arguments, and Intuit response identifier.
• Application code is maintained in a private source-control repository accessible only to OAPPS LLC personnel.

5. Sharing and transfers

The Application does not share any accessed data with third parties. In particular:

• No data is sold, rented, or licensed to advertisers, data brokers, or analytics providers;
• No data is transmitted to large-language-model training pipelines;
• Data leaves Intuit's infrastructure only to reach OAPPS LLC-controlled infrastructure and only for the duration required to complete the requested operation.

The Application does use approved AI assistants (for example Claude Desktop, Cursor, Perplexity Computer) operated by OAPPS LLC personnel as clients. Those assistants may read the Application's responses in order to help the authorized user complete a task. They do not receive direct access to Intuit credentials.

6. Retention

Refresh tokens are retained for as long as the OAPPS LLC administrator keeps the Application connected to the QuickBooks company. When the connection is terminated (via Intuit's Apps page or /disconnect), the stored refresh token is invalidated and deleted within one hour. Audit log records are retained for 365 days.

7. Your rights

Because the Application processes only OAPPS LLC's own QuickBooks data, and does not collect any separate end-user data, there is no additional data-subject profile maintained by the Application. Any rights under applicable data-protection laws (for example GDPR or CCPA) with respect to data stored inside QuickBooks Online are exercised through Intuit's platform directly.

8. Changes

This Privacy Policy may be updated from time to time. The effective date above will be updated accordingly.

9. Contact