Figures

Security

Figures is built for people who are careful with other people’s books. Here’s exactly what we can and can’t touch.

We never write to your books. Ever.

Figures reads from QuickBooks and writes only to your Google Sheet. It’s read-only by design — your books stay untouched.

Read-only access to QuickBooks

We connect to QuickBooks Online through Intuit’s official OAuth (scope com.intuit.quickbooks.accounting), and Figures uses it for read operations only. We pull the reports you choose — we never create, modify, or delete anything in your books.

Limited Google access (drive.file only)

Figures requests Google’s drive.file scope — the narrowest one that does the job. Figures can only open the Sheets it created or that you explicitly picked; it cannot see the rest of your Google Drive.

We don’t keep your financial data

Your report numbers pass through our servers straight into your Google Sheet and are not retained after the sync completes. We store the plumbing — your account, your sync settings, and sync run records (status, timing, row counts, error codes) — never the contents of your reports.

Encryption

In transit, everything moves over TLS (HTTPS). At rest, your QuickBooks and Google access tokens are encrypted with AES-256-GCMbefore they’re stored. Access to production systems is limited to the founder.

Your data is portable — it’s your Sheet

Your reports live in your own Google Sheet, in your own Google Drive. If you ever leave Figures, your data stays with you — it’s your Sheet. Deleting Figures never touches your Sheets.

Deleting your data

Delete a sync and its configuration and run history are removed within 30 days. Close your account — in Settings, or email support@figureshq.com — and we delete everything we store (account, tokens, settings, run records) within 30 days. Your Google Sheets are yours and are left untouched.

Revoking access

You’re in control and can disconnect at any time — revocation takes effect immediately:

  • In Figures: remove the company connection, or close your account, in Settings.
  • In QuickBooks: your Intuit account settings → connected apps → disconnect.
  • In Google: your Google Account → Security → third-party access → remove Figures.

SOC 2

SOC 2: on our roadmap.

Questions

Security questions, or want to report something? Email support@figureshq.com — a real person (the founder) reads it.

See also our Privacy Policy and Terms.