Privacy Policy
Last updated: 2026-05-04
This Privacy Policy describes how Diligentoo Sociedad Anónima ("Diligentoo", "we") handles data accessed by the Local Sync software. Local Sync is a private, internal-use tool that reads Diligentoo's own QuickBooks Online ledger. There is no consumer-facing service, no end-user account system, and no third-party audience.
1. Who is the data subject
The data Local Sync reads belongs to Diligentoo SA — its own books of account. Diligentoo is therefore the data controller and the data subject in the same legal person. Local Sync does not collect data from consumers, customers, employees of third parties, or any natural person other than the Operator's incidental authentication metadata required by Intuit (name, email of the QuickBooks user signing in).
2. What data Local Sync reads from QuickBooks Online
- Chart of Accounts (account names, codes, types).
- Transactions: journal entries, deposits, purchases, transfers, bills, invoices.
- Reports: Profit & Loss, Balance Sheet, Trial Balance.
- Reference data: vendors, customers, classes, currencies, FX rates as recorded in QBO.
Local Sync requests the com.intuit.quickbooks.accounting OAuth scope. Although that scope nominally permits writes, Local Sync makes only HTTP GET calls to the QBO API. No data is created, modified, or deleted in QuickBooks Online by Local Sync.
3. Where the data is stored
Data fetched from QuickBooks Online is cached in a SQLite database file on hardware controlled by Diligentoo. The database file lives on the Operator's laptop, encrypted at rest by the operating system's full-disk encryption (FileVault on macOS). Backup copies, if any, are stored on Diligentoo-controlled storage. No data is uploaded to any third-party cloud service by Local Sync.
4. Credentials and tokens
OAuth refresh and access tokens issued by Intuit are stored locally in a JSON file (data/qb_token.json) which is excluded from version control via .gitignore. Tokens grant access only to Diligentoo's own QuickBooks Online company file and can be revoked at any time from QuickBooks Online's Apps → Connected apps screen.
5. Sharing
Diligentoo does not sell, license, transmit, or otherwise share the data accessed by Local Sync with any third party for any purpose other than the following, all of which are part of Diligentoo's ordinary course of business:
- Disclosure to Carmona Mendoza, Diligentoo's external accounting firm, in the form of reconciliation reports for the purpose of preparing statutory filings.
- Disclosure to the Dirección General de Tributación and the Caja Costarricense de Seguro Social, as required by Costa Rican tax and social-security law.
- Disclosure to Diligentoo's directors, officers, and counsel for the purpose of corporate governance.
6. Retention
Locally cached data is retained indefinitely, as Costa Rican tax and corporate law require Diligentoo to preserve its books of account and supporting documentation for a minimum of five years. Diligentoo may delete cached data at any time at its discretion; deletion does not affect the canonical record kept inside QuickBooks Online.
7. Security
Local Sync runs on a single laptop. The protections applied are:
- OS-level full-disk encryption (FileVault).
- OS-level user authentication and screen lock.
- Tokens excluded from source control; the Git repository itself contains no secrets.
- HTTPS/TLS for all communication with Intuit's API endpoints.
8. Security incident notification
In the event of a Security Incident affecting the credentials Intuit issued to Local Sync (for example, theft or loss of the device, or suspected exfiltration of data/qb_token.json), Diligentoo will revoke the affected tokens at QuickBooks Online and notify Intuit Inc. without undue delay and in no event later than twenty-four (24) hours after discovery, in accordance with the Intuit Developer Terms of Service.
9. Rights
Because Local Sync does not process data of any natural person other than Diligentoo's Authorized Operator, no separate data-subject-rights workflow is provided. The Authorized Operator may access, correct, or delete locally cached data directly. The Operator may revoke Local Sync's access to QuickBooks Online at any time via Intuit's Connected Apps screen.
10. Changes
Diligentoo may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the latest revision.
11. Contact
Questions about this Policy should be directed to carlos@diligentoo.com. Diligentoo's registered office is in San José, Costa Rica.