Privacy Policy
Effective date: 1 April 2026 · Last updated: 15 June 2026
MQSync ("we", "us", "our") operates the website mqsync.com and the MQSync sync service (the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding it.
To contact us about privacy: privacy@mqsync.com.
1. Data we collect
Account data
When you register, we collect your name and email address. We use these to authenticate you, send service notifications, and contact you about your account.
Connection credentials
To perform syncs on your behalf we store:
- QuickBooks OAuth tokens — issued by Intuit after you authorize the connection. We never see your QuickBooks password.
- Memento API token or server URL — to connect to your Memento database.
All credentials are encrypted at rest using Fernet symmetric encryption before being written to our database. They are decrypted only during active sync operations.
Sync log data
When a sync runs we store operational metadata: which entities were synced, record counts, status, and error messages. Error messages may occasionally contain field values from QuickBooks or Memento where needed to describe the failure. Log retention periods are: 14 days (Free), 30 days (Starter), 90 days (Business), 365 days (Pro).
Billing data
Payments are processed by Paddle (our Merchant of Record). We do not store your credit card number or full payment details. We receive from Paddle: subscription status, plan, and billing period dates.
Usage data
We collect standard web server logs (IP address, browser type, pages visited, timestamps) for security monitoring and debugging. These are not used for advertising.
2. How we use your data
- To provide the sync Service — connecting to QuickBooks and Memento on your behalf
- To send transactional emails — trial expiry warnings, re-authorization reminders, sync failure alerts
- To manage your subscription and communicate billing events
- To diagnose errors and improve the Service
- To comply with legal obligations
We do not sell your data. We do not use your data for advertising.
3. Third-party services
We share data with the following third parties only as necessary to provide the Service:
4. Data retention, disconnection & deletion
We retain your account data for as long as your account exists. When you delete your account, your personal data is deleted within 30 days, subject to legal retention obligations.
Sync logs are retained for the period defined by your plan (see Section 1). When you delete a project, its data is retained for 30 days (recoverable) and then permanently deleted.
Disconnecting QuickBooks
You can disconnect your QuickBooks company at any time, and your QuickBooks data is removed when you do:
- Disconnecting from within MQSync (your account settings) — we send a revocation request to Intuit for both your QuickBooks access and refresh tokens, and we permanently delete the stored, encrypted QuickBooks tokens and the associated company connection record from our database. No further QuickBooks data is accessed after disconnection.
- Disconnecting from the QuickBooks App Store (Intuit's "Disconnect" action) — we revoke and invalidate your QuickBooks tokens, immediately stop all scheduled syncs for the affected connection, and notify the account owner by email. We retain the connection and sync-log records in this case so the owner can review history or reconnect; you can remove them at any time by disconnecting within MQSync or deleting your account.
Any QuickBooks-derived data we hold for synchronization (such as record identifiers and content hashes used to detect changes) is deleted when the related project or connection is removed, and in no case retained for longer than 30 days afterward. When you delete your MQSync account, all QuickBooks tokens and associated synchronization data are permanently removed within 30 days.
5. Your rights (GDPR)
If you are in the European Economic Area or United Kingdom, you have the following rights under the GDPR and UK GDPR:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your personal data
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interest
- Restriction — request restriction of processing in certain circumstances
To exercise any of these rights, email privacy@mqsync.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.
6. Cookies
We use a single session cookie to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No cookie consent banner is required for strictly necessary session cookies.
7. Security
All data in transit is encrypted with TLS. All credentials and OAuth tokens are encrypted at rest. Access to production systems is restricted to authorized personnel only. We cannot guarantee absolute security — if you discover a vulnerability, please disclose it responsibly to security@mqsync.com.
8. Children
The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
9. Changes to this policy
We may update this Privacy Policy from time to time. We will notify registered users by email at least 14 days before any material change takes effect. The current version is always available at mqsync.com/privacy.
10. Contact
For any privacy-related questions or requests:
privacy@mqsync.com