Privacy Policy
Last updated: March 6, 2026 · Effective immediately
1. Information We Collect
a. Account Information
When you create an account, we collect:
- Email address
- Display name (optional)
- Profile photo (optional)
- Authentication credentials (managed by Firebase Authentication)
b. QuickBooks Data
When you connect your QuickBooks Online account, we access and store:
- Invoice details (invoice number, amount, due date, status)
- Customer names and email addresses (from invoices)
- Company name and realm ID
- OAuth tokens (encrypted, used to maintain the connection)
c. Service Usage Data
- Dunning email templates you create
- Email delivery logs (send time, delivery status, open tracking)
- Dispute and opt-out records
- SMTP configuration settings
d. Technical Data
- IP address and browser type (collected automatically by our hosting provider)
- Firebase Analytics data (if enabled)
2. How We Use Your Data
| Purpose | Data Used |
|---|---|
| Providing the Service | Account info, QuickBooks data, templates |
| Sending dunning emails on your behalf | Customer emails, invoice data, templates |
| Email delivery tracking | Delivery logs, open/click events |
| Billing and subscription management | Account info, plan details |
| Customer support | Account info, usage logs |
| Service improvement | Aggregated, anonymized usage patterns |
| Legal compliance | All data as required by law |
3. Data Sharing
We do not sell, rent, or trade your personal information. We share data only with:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Google Firebase | Authentication, database, hosting | Account data, app data |
| Intuit (QuickBooks) | Invoice synchronization | OAuth tokens |
| SendGrid (Twilio) | Email delivery | Recipient emails, email content |
| Payment processor | Subscription billing | Email, plan selection |
Each third-party provider is bound by their own privacy policies and data processing agreements.
4. Data Storage and Security
Your data is stored on Google Cloud Platform (Firebase) infrastructure with the following protections:
- All data is encrypted in transit (TLS/HTTPS) and at rest
- Firebase Authentication manages credentials securely
- Firestore security rules enforce per-user data isolation
- OAuth tokens are stored with encryption
- Administrative access is restricted and audited
Our primary data region is asia-east2 (Hong Kong). Data may be replicated across Google Cloud regions for redundancy.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days |
| QuickBooks connection data | Until disconnection or account deletion |
| Invoice data | Synced continuously while connected; deleted on disconnection |
| Dunning email logs | 12 months (auto-purged weekly) |
| Opt-out / suppression records | Indefinite (to honor unsubscribe requests) |
| Dispute records | Until resolved + 12 months |
6. Your Rights
Depending on your jurisdiction, you may have the following rights:
All Users
- Access: View all data we hold about you from within the dashboard
- Export: Download your data using the built-in GDPR export tools (Compliance tab)
- Deletion: Delete your account and all associated data from Account settings
- Opt-out: Recipients can unsubscribe from dunning emails at any time
- Disconnect: Revoke QuickBooks access at any time from the dashboard
EEA/UK Residents (GDPR)
- Right of Access: Request a copy of all personal data we process
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your personal data (Right to be Forgotten)
- Right to Restrict Processing: Request that we limit how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format (JSON export)
- Right to Object: Object to processing based on legitimate interests
To exercise these rights, use the built-in tools in the Compliance tab or contact us at the email below.
California Residents (CCPA)
We do not sell personal information. California residents have the right to know what personal information is collected, request deletion, and opt out of any future sale of personal information.
7. Cookies and Tracking
SoarOne uses minimal cookies and local storage:
- Authentication cookies: Firebase Authentication session tokens (essential, cannot be disabled)
- Theme preference: Dark/light mode setting stored in localStorage
- No third-party advertising cookies: We do not use advertising trackers
- No cross-site tracking: We do not track you across other websites
8. Children's Privacy
SoarOne is a business tool and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.
9. International Data Transfers
Your data may be processed in countries other than your own, including the United States (Google Cloud infrastructure) and other regions where our service providers operate. We ensure appropriate safeguards are in place for any international transfers in compliance with applicable data protection laws.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice in the Service at least 14 days before the changes take effect.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us:
- Email: privacy@soar-one.com
- Website: https://soar-one.com