Privacy Policy

1. Introduction

Finlive Inc. (“Finlive,” “we,” “us,” or “our”) is committed to protecting your privacy and handling your data responsibly. This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights with respect to your data.

This Policy applies to all information collected through our website at finlive.ai, our WhatsApp-based Service, and any related services, platforms, or communications (collectively, the “Service”). By using the Service, you agree to the collection and use of information as described in this Policy.

If you have questions about this Policy or wish to exercise your privacy rights, contact us at support@finlive.ai.

2. Information We Collect

2.1 Account & Identity Information

When you connect to Finlive, we collect your WhatsApp phone number, which serves as your primary account identifier. We do not require you to create a username or password on the Finlive platform.

2.2 QuickBooks Financial Data

Via Intuit's OAuth 2.0 API, we access your QuickBooks Online data in read-only mode. The specific data accessed depends on your queries and includes:

• Account balances and chart of accounts
• Profit & Loss and Balance Sheet data
• Cash flow statements and bank account balances
• Invoices, bills, and payment records
• Accounts receivable and accounts payable aging
• Customer and vendor records (names, balances, transaction history)
• Expense categories and transaction details

We query QuickBooks data in real time to respond to your messages. We do not create or maintain a persistent mirror or complete copy of your QuickBooks database.

2.3 Message & Conversation Data

We collect the content of messages you send to Finlive on WhatsApp and the responses we provide. We retain a short conversation history (up to the last 6 messages) to support context-aware follow-up questions. This data is stored securely and deleted in accordance with our retention policy in Section 6.

2.4 Usage & Diagnostic Data

We collect anonymized, aggregated data about how the Service is used — such as query types, response times, and error rates — to monitor performance and improve the Service. This data does not identify you individually.

2.5 Website Data

When you visit finlive.ai, we may collect standard web analytics data such as browser type, device type, pages visited, and referring URLs, via cookies and similar technologies. See Section 11 for details.

2.6 Payment Information

Subscription payments are processed by our third-party payment processor. We store only a tokenized reference to your payment method and basic billing information (name, billing address). We do not store full credit card numbers or bank account details.

3. QuickBooks Data & OAuth

OAuth Access Scope

Finlive connects to QuickBooks Online using the com.intuit.quickbooks.accounting OAuth scope, which grants read-only access to your QuickBooks company file. This is the minimum scope required to deliver the Service.

How We Handle QuickBooks Data

• Purpose limitation: We access and use your QuickBooks data only to provide the Service to you — specifically, to answer your financial questions. We do not use your QuickBooks data for any other purpose.
• No password access: We never request, receive, or store your QuickBooks login password. Access is entirely through OAuth tokens.
• Token security: OAuth access tokens and refresh tokens are encrypted at rest using AES-256-GCM encryption via AWS Key Management Service (KMS). Tokens are never stored in plaintext.
• Read-only: Our API access is strictly read-only. We cannot and do not create, edit, delete, approve, or modify any data in your QuickBooks account.
• No data sale: We do not sell, rent, lease, or otherwise transfer your QuickBooks data to any third party for any purpose.
• No advertising use: We do not use your QuickBooks data to serve advertising to you or to any third party.
• No AI training: We do not use your individual, identifiable QuickBooks data to train, fine-tune, or improve AI or machine learning models without your explicit, separate opt-in consent.
• Data minimization: We access only the data necessary to respond to a specific query. We do not perform bulk downloads of your QuickBooks data.

Revoking Access

You can revoke Finlive's access to your QuickBooks data at any time:

1. Log in to QuickBooks Online.
2. Go to Settings → Apps → Connected Apps.
3. Find Finlive and click Disconnect.

Upon disconnection, we will immediately stop accessing your QuickBooks data and will delete your OAuth tokens within 24 hours. This does not automatically cancel your Finlive subscription — you must cancel separately to stop billing.

4. How We Use Your Information

We use the information we collect to:

• Deliver the Service: Answer your financial queries using your live QuickBooks data and deliver responses via WhatsApp.
• Manage your account: Process subscriptions, send billing notifications, and handle support requests.
• Service notifications: Send you essential service-related messages via WhatsApp, such as trial expiration reminders and important account notices. We do not send marketing messages without your explicit opt-in.
• Service improvement: Analyze anonymized usage patterns to improve response accuracy, performance, and new features. Individual financial data is never used for this purpose.
• Security and fraud prevention: Monitor for abuse, unauthorized access, and violations of our Terms of Service.
• Legal compliance: Comply with applicable laws, regulations, and lawful requests from authorities.

We do not use your data for advertising, profiling, or any purpose not listed above without your consent.

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information or financial data to any third party. We may share information only in the following limited circumstances:

• Service providers: We engage trusted third-party vendors to operate the Service (e.g., cloud hosting, payment processing). These vendors access data only as necessary to perform their services and are bound by confidentiality obligations and data processing agreements. They are not permitted to use your data for their own purposes.
• Intuit / QuickBooks: By using the Service, your QuickBooks OAuth access is subject to Intuit's privacy policies. We do not share data back to Intuit beyond what is inherent in the OAuth connection itself.
• Legal requirements: We may disclose your information if required to do so by law, court order, subpoena, or other governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Finlive, our users, or the public.
• Business transfers: In the event of a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your information may be transferred to the acquiring entity. We will notify you via WhatsApp or email before your data becomes subject to a different privacy policy.
• With your consent: We may share your information for any other purpose with your explicit prior consent.

6. Data Retention & Deletion

We retain your data only for as long as necessary to provide the Service and comply with legal obligations.

To request deletion of your account and associated data, email support@finlive.ai with the subject line “Data Deletion Request.” We will confirm receipt within 5 business days and complete the deletion within the timeframes above.

7. Security

We implement industry-standard technical and organizational security measures to protect your information, including:

• Encryption at rest: OAuth tokens and sensitive credentials are encrypted using AES-256-GCM via AWS Key Management Service (KMS).
• Encryption in transit: All data transmitted between your device, our servers, QuickBooks, and WhatsApp is protected by TLS 1.2 or higher.
• Access controls: Internal access to user data is restricted to personnel with a business need, enforced through role-based access controls and audit logging.
• Infrastructure security: The Service is hosted on enterprise-grade cloud infrastructure with physical and network security controls.
• Incident response: We maintain a security incident response procedure. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

No system is completely secure. We cannot guarantee absolute security of your information. If you believe your account has been compromised, contact us immediately at support@finlive.ai.

8. Your Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal information:

• Right to access: Request a copy of the personal data we hold about you.
• Right to correction: Request that we correct inaccurate or incomplete personal data.
• Right to deletion: Request that we delete your personal data, subject to legal retention requirements and obligations.
• Right to portability: Request a machine-readable copy of your personal data.
• Right to restrict processing: Request that we restrict how we process your personal data in certain circumstances.
• Right to object: Object to processing of your personal data for certain purposes.
• Right to opt out of marketing: Opt out of any marketing communications (we do not send marketing without opt-in, but you may opt out at any time).

To exercise any of these rights, email support@finlive.ai with a clear description of your request. We will respond within 30 days. We may need to verify your identity before processing your request.

9. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights:

• Right to know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purpose for collecting it, and the categories of third parties with whom we share it.
• Right to delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to opt out of sale: We do not sell personal information. No opt-out is required.
• Right to non-discrimination: You have the right not to be discriminated against for exercising your CCPA rights.
• Right to correct: You have the right to request correction of inaccurate personal information.

To submit a CCPA request, email support@finlive.ai with subject line “CCPA Request.” We will respond within 45 days.

Categories of personal information collected (CCPA categories): Identifiers (phone number), financial information (QuickBooks data accessed per your queries), internet/network activity (website usage), and commercial information (subscription/billing records).

Categories of third parties: Cloud infrastructure providers, payment processors. We do not share personal information with third parties for their direct marketing purposes.

10. Children's Privacy

The Service is intended for use by individuals who are at least 18 years of age and are authorized users of QuickBooks Online business accounts. We do not knowingly collect personal information from anyone under 18. If we become aware that a minor has provided personal information, we will delete it promptly. If you believe a minor has submitted information to us, please contact support@finlive.ai.

11. Cookies & Tracking

Our website at finlive.ai uses standard web technologies to collect anonymized usage data, including:

• Essential cookies: Required for the website to function properly (e.g., session management). These cannot be disabled.
• Analytics: Anonymized data about page visits, device type, and referral sources to help us understand and improve the website. No personally identifiable information is collected.

The WhatsApp-based Service does not use cookies. Most web browsers allow you to control cookies through browser settings. Disabling cookies may affect the functionality of our website.

12. International Users

The Service is currently available to users in the United States only, as it integrates with QuickBooks Online (US). Our servers and infrastructure are located in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, where privacy laws may differ from those in your jurisdiction.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, please note that your data is transferred to the United States under appropriate safeguards as required by applicable data protection law. To inquire about these safeguards, contact support@finlive.ai.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. We will notify you of material changes by sending a message to your registered WhatsApp number or by posting a prominent notice on finlive.ai at least 14 days before the changes take effect.

The “Last updated” date at the top of this Policy reflects the most recent revision. Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated Policy.

14. Contact & Data Requests

For questions about this Privacy Policy, to exercise your data rights, or to report a privacy concern: