Legal

Privacy Policy

Effective date: 1 April 2026  ·  Last updated: 1 April 2026

MQSync ("we", "us", "our") operates the website mqsync.com and the MQSync sync service (the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding it.

The Service is operated by PE O. Shutkov, PO Box 3002, 14000, UA ("Controller"). To contact us about privacy: privacy@mqsync.com.

1. Data we collect

Account data

When you register, we collect your name and email address. We use these to authenticate you, send service notifications, and contact you about your account.

Connection credentials

To perform syncs on your behalf we store:

  • QuickBooks OAuth tokens — issued by Intuit after you authorize the connection. We never see your QuickBooks password.
  • Memento API token or server URL — to connect to your Memento database.

All credentials are encrypted at rest using Fernet symmetric encryption before being written to our database. They are decrypted only during active sync operations.

Sync log data

When a sync runs we store operational metadata: which entities were synced, record counts, status, and error messages. Error messages may occasionally contain field values from QuickBooks or Memento where needed to describe the failure. Log retention periods are: 14 days (Free), 30 days (Starter), 90 days (Business), 365 days (Pro).

Billing data

Payments are processed by Paddle (our Merchant of Record). We do not store your credit card number or full payment details. We receive from Paddle: subscription status, plan, and billing period dates.

Usage data

We collect standard web server logs (IP address, browser type, pages visited, timestamps) for security monitoring and debugging. These are not used for advertising.

2. How we use your data

  • To provide the sync Service — connecting to QuickBooks and Memento on your behalf
  • To send transactional emails — trial expiry warnings, re-authorization reminders, sync failure alerts
  • To manage your subscription and communicate billing events
  • To diagnose errors and improve the Service
  • To comply with legal obligations

We do not sell your data. We do not use your data for advertising.

3. Third-party services

We share data with the following third parties only as necessary to provide the Service:

Paddle
Payment processing and subscription management (Merchant of Record). Paddle processes your payment details under their own privacy policy. paddle.com/legal/privacy
Resend
Transactional email delivery. Your email address is transmitted to Resend solely to deliver service notifications. resend.com/legal/privacy-policy
Intuit (QuickBooks)
OAuth authorization provider. When you connect your QuickBooks company, you authorize through Intuit's own OAuth flow. intuit.com/privacy/statement
Hetzner Online
Cloud infrastructure provider. Our servers are hosted in the EU (Germany) and US (Virginia). Data in transit and at rest is encrypted. hetzner.com/legal/privacy-policy

4. Data retention

We retain your account data for as long as your account exists. When you delete your account, your personal data is deleted within 30 days, subject to legal retention obligations.

Sync logs are retained for the period defined by your plan (see Section 1). When you delete a project, its data is retained for 30 days (recoverable) and then permanently deleted.

5. Your rights (GDPR)

If you are in the European Economic Area or United Kingdom, you have the following rights under the GDPR and UK GDPR:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Restriction — request restriction of processing in certain circumstances

To exercise any of these rights, email privacy@mqsync.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

6. Cookies

We use a single session cookie to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No cookie consent banner is required for strictly necessary session cookies.

7. Security

All data in transit is encrypted with TLS. All credentials and OAuth tokens are encrypted at rest. Access to production systems is restricted to authorized personnel only. We cannot guarantee absolute security — if you discover a vulnerability, please disclose it responsibly to security@mqsync.com.

8. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify registered users by email at least 14 days before any material change takes effect. The current version is always available at mqsync.com/privacy.

10. Contact

For any privacy-related questions or requests:
privacy@mqsync.com
PE O. Shutkov
PO Box 3002, 14000, UA