Privacy Policy

Information we collect

Account information. When you create an account we collect your email address and a salted, hashed copy of your password. We never store your password in plaintext.

QuickBooks Online data.When you connect a QuickBooks Online company file, we use Intuit’s OAuth 2.0 flow to obtain access and refresh tokens scoped to the Accounting scope. With your authorization we read customer, sub-customer, estimate, invoice, bill, and purchase records from the connected company file.

Writing to QuickBooks (opt-in, with confirmation). By default Footing does not write anything to your books. Writing is an opt-in feature you can enable in Settings → QBO Connectionby (a) toggling “Allow Footing to post journal entries” on and (b) mapping the three QBO accounts the WIP adjustment will hit (an asset for under-billings, a liability for over-billings, and your construction revenue account). When enabled, Footing can post the WIP over/under-billing journal entry on your behalf, but every post requires explicit confirmation. The preview modal shows you the exact debits, credits, account IDs, amounts, transaction date, and reverse date before anything is sent. You then click a second “Confirm — post now” button. Only at that point does Footing call the QuickBooks API. Footing posts the original WIP entry and the auto-reversal for the first day of the next period together so no follow-up is required. Every write is recorded in our internal audit log. The opt-in is per-connection, revocable at any time, and Footing never writes anything else to your QBO file.

Manually entered data. The total estimated cost for each job is entered by you directly in Footing and stored in our database alongside the synced QBO data.

Operational logs. We log standard request metadata (timestamps, IP addresses, user agents, error traces) for security, debugging, and reliability purposes.

How we use information

We use the information we collect solely to provide and improve the service: authenticating your account, syncing QBO data, calculating WIP schedules, generating PDF and Excel exports, and communicating with you about your account. We do not sell or rent any of your information.

How information is shared

Footing is a fully managed cloud service. To deliver it we share specific data with the third-party processors listed below. Each processor receives only what is necessary to perform its role, handles it under its own privacy and security obligations, and is contractually bound to process the data solely on our behalf. We do not sell or rent personal information, and we do not share data with advertisers, marketing partners, or data brokers.

Method of disclosure.All transmissions to these processors travel over encrypted HTTPS / TLS API calls. Data at rest in each processor's systems is encrypted under that processor's security program.

• Vercel, Inc. — application hosting and edge delivery. Receives request metadata (IP address, user agent, URL path, response timing) and serves the app over HTTPS. See Vercel's privacy policy.
• Neon, Inc. — managed PostgreSQL database where application data is stored: your account record, encrypted QuickBooks access tokens, jobs, worksheets, billing state, and audit logs. See Neon's privacy policy.
• Stripe, Inc. — payment processing. When you subscribe, you provide your payment method directly to Stripe. Footing never sees, stores, or transmits your card number, CVV, or full billing address — those go straight to Stripe's vault. We send Stripe only the information required to bill you: your email address, firm name, the plan you selected, and the per-period usage events that drive overage charges (exports generated, QuickBooks syncs, etc.). Stripe returns subscription status and invoice events via signed webhooks. See Stripe's privacy policy.
• Resend, Inc. — transactional email delivery (password reset, receipts, support replies). Receives the recipient email address and the message body. See Resend's privacy policy.
• Intuit, Inc. — the source of your QuickBooks data. When you connect QuickBooks Online, Footing receives an OAuth access token scoped to your company file under the Accounting scope. You authorize the connection and can revoke it at any time from Settings → QBO Connection or your Intuit account. See Intuit's privacy policy.
• Twilio, Inc. — when you contact support by phone or SMS, call and message metadata flows through Twilio, and voicemail audio is transcribed for our ticketing system. See Twilio's privacy policy.
• Cloudflare, Inc. — inbound support email is parsed by a Cloudflare Email Worker before being relayed into our ticketing database. See Cloudflare's privacy policy.

Beyond these processors, we may disclose information when legally required (subpoena, court order, or other lawful request), to establish or defend legal claims, or to protect the rights and safety of Footing, our users, or the public.

Cookies

Footing sets a small number of strictly necessary cookies: a session cookie issued when you sign in so the server can recognize you on subsequent requests, a CSRF token cookie that protects against cross-site request forgery, and a preference cookie that remembers your theme (dark/light). We do not use cookies for advertising or third-party analytics.

Data security

All traffic to Footing is served over HTTPS. Database connections are encrypted in transit. Passwords are stored as bcrypt hashes. QuickBooks access tokens are stored encrypted at rest. We follow commercially reasonable practices to protect your data, but no method of transmission or storage is perfectly secure.

Retention and deletion

We retain your account data for as long as your account is active. You can disconnect your QuickBooks company file at any time from Settings → QBO Connection, which immediately revokes our stored access and refresh tokens. To delete your account and all associated data, contact us at the address below; we will process your request within 30 days.

Your rights

Depending on where you live, you may have rights to access, correct, port, or delete the personal information we hold about you, and to object to certain processing. To exercise any of these rights, contact us at the address below.

Children

Footing is intended for accounting professionals and is not directed to children under 13. We do not knowingly collect personal information from children.

Changes to this policy

We may update this policy from time to time. When we do we will update the “Last updated” date above and, for material changes, notify you by email or through the service.

Contact

Questions about this policy or your data can be sent to privacy@footingtool.com.