Updated October 1, 2025
American Rentals ("we", "us", "our") operates the connector domain used to broker OAuth authorization between QuickBooks Online (Intuit), Intuit's identity platform, and our analytics infrastructure (including Microsoft Power BI). This policy explains what we process, why, how long we keep it, who we share it with, and your choices.
We act as a service provider or processor for the subscribing company that authorizes this connector. Intuit remains an independent platform provider governed by its own terms and privacy notices.
During OAuth and service operation we may process:
realmId (QuickBooks Online company identifier) and minimal account metadata returned by Intuit's OAuth API.We do not collect or store accounting records (invoices, bank data, or similar) on the connector site. After the OAuth payload is exchanged, tokens are stored only in our secure back-end services, not in the Cloudflare Pages runtime.
We use tokens and identifiers solely to authenticate our services to the QuickBooks Online APIs, schedule refreshes, deliver analytics to the subscribing company, operate and secure the connector, troubleshoot and improve the service, and meet legal obligations. We do not sell or share personal information for cross-context behavioral advertising. Intuit requires apps to protect customer data and remediate security issues; our design follows those requirements.
Where GDPR applies, our legal bases are: performance of contract (providing the integration), legitimate interests (security, fraud prevention, and service integrity), and compliance with legal obligations (such as responding to lawful requests).
We disclose OAuth artifacts and identifiers only to service providers necessary to deliver the integration:
We may also disclose information if required by law or to protect security, integrity, or rights.
Tokens are retained only while the QuickBooks Online connection is active. Tokens are purged when the customer revokes access or a token naturally expires without renewal. Edge and application logs are retained for a limited period appropriate to security and operational needs, then deleted or anonymized. Intuit's disconnect flow invalidates tokens and is supported by this connector.
We enforce HTTPS in transit and encrypt tokens at rest within protected secret stores. Access to production secrets is least-privilege and multi-factor authenticated. We follow Intuit guidance for OAuth token management and remediate any identified security issues in accordance with Intuit requirements.
Where personal data is transferred internationally, including to the United States, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and the UK addendum implemented through our subprocessors' data processing agreements.
You may revoke access at any time from within QuickBooks Online; this disables our API access and initiates token deletion. Data subject or consumer requests (access, deletion, correction, portability, restriction, and CPRA rights) may be sent to analytics@americanrental.com. We do not sell or share personal information as defined by CPRA. We do not knowingly process information about children; this connector is for business users only.
We may update this policy. Material changes will be announced on this page with a new "Updated" date and, when feasible, through in-product notice. Intuit requires publicly accessible privacy policy and terms links for marketplace apps.
For privacy questions or data subject requests contact analytics@americanrental.com.