Privacy Policy

Privacy Policy

Last updated: April 10, 2026

This Privacy Policy describes how The I.T. Department ("we", "us", "our") collects, uses, and protects information when you use SimpleOps and related services.

Information We Collect

Account Information

Name, email address, role, and authentication credentials. Passwords are hashed with bcrypt before storage and are never stored in plain text or recoverable form.

Business Data You Provide

Client records, tickets, invoices, estimates, projects, time entries, scheduled appointments, communication history, and related operational data that you enter into SimpleOps.

QuickBooks Online Integration Data

When you connect a QuickBooks Online company, we store an OAuth 2.0 access token, refresh token, and realm ID. All OAuth tokens are encrypted at rest using AES-256-GCM authenticated encryption, with the encryption key held in a secured server-side environment variable and never exposed to client applications. We access customer, invoice, estimate, item, payment, and tax code data from your QuickBooks company only in accordance with the authorization scopes you grant during the connection flow.

Usage Information

Application logs, error messages, audit trails, and diagnostic data used for debugging, security monitoring, and service improvement.

How We Use Information

To provide, operate, and maintain the SimpleOps service

To synchronize data between SimpleOps and QuickBooks Online at your explicit direction

To diagnose and resolve technical problems

To detect and prevent fraud, abuse, and security incidents

To communicate with you about your account, service updates, and support requests

To comply with legal obligations

How We Protect Information

Encryption in transit: All data is transmitted over TLS 1.2 or higher (HTTPS)

Encryption at rest: OAuth 2.0 tokens are encrypted with AES-256-GCM authenticated encryption

Password protection: User passwords are hashed with bcrypt before storage

Access control: Database access is restricted to server-side processes operating on a private network; credentials are never exposed to client applications

Role-based access: Role-based access control (RBAC) limits which users within each organization can view or modify specific data

Tenant isolation: All data is strictly isolated per tenant — every database query is scoped by tenant identifier, preventing cross-tenant data access

Secure infrastructure: Servers are hardened, regularly patched, and monitored for unauthorized access

Data Sharing

We do not sell, rent, trade, or share your data with third parties except as strictly necessary to operate the service you have requested. Specifically:

We transmit invoice, estimate, customer, and payment data to QuickBooks Online only at your explicit direction

We do not share Intuit-sourced data with any party other than the customer who owns it

We do not use your data for advertising, marketing to third parties, or analytics provided to external companies

We may disclose data when legally required (subpoena, court order, or regulatory obligation)

Intuit QuickBooks Data Use

Data retrieved from QuickBooks Online via the Intuit API is used exclusively to provide functionality you have requested within SimpleOps (syncing invoices, estimates, customers, items, payments, and tax codes). We do not use QuickBooks data for any other purpose, we do not share it with third parties, and we delete it from our systems when you disconnect the QBO integration or close your SimpleOps account.

Data Retention

We retain your data for the duration of your active subscription with SimpleOps. Upon account termination or a verified deletion request, your data is permanently deleted from our production systems within 30 days, and from any backup systems within 90 days. You may disconnect the QuickBooks integration at any time; doing so immediately nullifies all stored OAuth tokens and begins removal of cached QuickBooks data.

Your Rights

You have the right to:

Access the personal data we hold about you

Request correction of inaccurate personal data

Request deletion of your personal data

Export your business data in a machine-readable format

Withdraw consent for optional data processing activities

Object to processing based on legitimate interests

To exercise any of these rights, contact us at [email protected].

Cookies and Local Storage

SimpleOps uses browser local storage and HTTP-only, secure cookies strictly for authentication session management and user interface preferences. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Children's Privacy

SimpleOps is a business tool and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

Security Incident Notification

In the event of a security incident affecting your personal data, we will notify affected users by email within 72 hours of confirmation, in accordance with applicable breach notification laws.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. Material changes will be communicated via email or through the application. Continued use of the service after changes become effective constitutes acceptance of the revised Privacy Policy.

Contact

Questions, concerns, or requests related to this Privacy Policy may be directed to:

The I.T. Department

Email: [email protected]

Pharr, Texas, United States