Privacy Policy
Effective June 5, 2026 · Contact support@figureshq.com
Figures (“we,” “us”) syncs reports from QuickBooks Online into Google Sheets. This policy explains what we access, what we store, and what we never do.
The short version
- We read your QuickBooks data to generate the reports you choose. Figures only ever reads from QuickBooks — we never create, modify, or delete anything in your books.
- We can only open Google Sheets files that Figures created or that you explicitly picked. We cannot see the rest of your Google Drive.
- We don’t store your financial data. Report contents pass through our servers to your Google Sheet and are not retained after the sync completes.
- We never sell your data or use it for advertising. No third party receives your financial data except the processors listed below, strictly to run the service.
What we collect and store
| Data | Why | Stored? |
|---|---|---|
| Your name and email (Google sign-in) | Your account and alerts | Yes |
| QuickBooks company ID and company name | Identifying your connected companies | Yes |
| Encrypted QuickBooks and Google access tokens | Performing syncs on your schedule | Yes — encrypted at rest (AES-256-GCM) |
| Sync configuration (report, destination, schedule) | Running your syncs | Yes |
| Sync run records (status, timing, row counts, error codes) | Showing sync health and alerting you to failures | Yes — report contents are not included |
| Report data (your financial numbers) | Writing to your Google Sheet | No — processed in transit, not retained |
Google user data (Google API Services disclosure)
Figures’ use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We request the drive.file scope, which limits us to files Figures created or you selected; we use that access solely to write the reports you configured; we do not transfer Google user data to third parties except the processors below; we do not use it for advertising; and humans do not read it except with your permission for support, or as required by law.
QuickBooks data
We access QuickBooks Online through Intuit’s official API using OAuth (scope com.intuit.quickbooks.accounting, which Figures uses for read operations only — we never write to your books). You can revoke our access at any time from your Intuit account settings or by deleting the connection in Figures; revocation takes effect immediately.
Processors (subprocessors)
We use a small set of services to run Figures, each receiving only what’s necessary: Railway (hosting and database — account data, encrypted tokens, sync configs), Resend (transactional email — your email address and alert content), Sentry (error monitoring — error details with personal-data scrubbing enabled; no report contents), and Google and Intuit(the APIs you connect). If we add payment processing, we’ll list that processor here before billing launches.
Retention & deletion
We keep your account data while your account is active. Delete a sync and its configuration and run history are removed within 30 days. Delete your account (or email support@figureshq.com) and we delete all stored data — account, tokens, configurations, run records — within 30 days. Your Google Sheets are yours and are never touched by deletion.
Security
OAuth tokens are encrypted at rest; all traffic uses TLS; access to production systems is limited to the founder. If we become aware of a breach affecting your data, we will notify you at your account email without undue delay.
Your rights
Depending on where you live (e.g., California/CCPA, EU/GDPR), you may have rights to access, correct, delete, or export your data. Email support@figureshq.com and we’ll honor reasonable requests regardless of jurisdiction.
Changes
We’ll post changes here and, for material changes, email you. Continued use after changes means acceptance.