Privacy Policy

1. Who we are

GeniusBooks is a product of Om369 LLC-FZ ("Om369", "we", "us", "our"), a company registered in the United Arab Emirates. GeniusBooks provides an AI bookkeeping assistant that works on top of QuickBooks Online.

This Privacy Policy explains how we collect, use, protect, and share personal data when you use the GeniusBooks service (the "Service"), including our website, web application, and messaging integrations.

For privacy questions or to exercise your rights, contact us at privacy@geniusbooks.ai.

2. What data we collect

We collect and process the following categories of personal data:

• Account information: your name, email address, and authentication credentials when you register.
• QuickBooks data accessed via OAuth: customers, invoices, expenses, items, chart of accounts, and financial reports needed to perform the tasks you request. We access this data on your behalf using OAuth tokens — we never see or store your QuickBooks password.
• Usage data: information about how you interact with the Service (features used, timestamps, error logs) to maintain reliability and improve the product.
• Messaging identifiers: if you connect via WhatsApp or Telegram, the platform identifier needed to deliver replies to you.
• Payment information: billing details are processed by Stripe; we receive only a truncated card reference and transaction confirmations — we never store full card numbers.
• Device and browser information: IP address, browser type, operating system, and referring URL collected automatically for security and analytics purposes.
• Communications: records of support requests or feedback you send us.

3. How we use your data

We use your personal data for the following purposes:

• To provide the Service — creating invoices, recording expenses, generating reports, and performing the bookkeeping tasks you request.
• To process your requests through our AI provider to generate responses and proposed actions on your behalf.
• To authenticate you and maintain the security of your account.
• To process payments and manage your subscription.
• To provide customer support and respond to your inquiries.
• To maintain, monitor, secure, and improve the Service.
• To comply with applicable laws, regulations, and legal obligations.
• To send transactional communications (account confirmations, billing receipts, service updates).
• To send marketing communications where you have opted in (you can unsubscribe at any time).

4. Legal bases for processing

Where the GDPR applies (EU/EEA users), we process personal data under the following legal bases:

• Performance of contract: processing necessary to provide you with the Service you signed up for.
• Legitimate interests: operating, maintaining, and improving the Service; fraud prevention; security.
• Legal obligation: processing required to comply with applicable laws.
• Consent: where required (e.g., marketing emails, optional cookies), which you may withdraw at any time.

5. California residents (CCPA/CPRA)

If you are a California resident, you have the right to: (a) know what personal information we collect, use, and disclose; (b) request deletion of your personal information; (c) opt-out of the sale or sharing of your personal information; and (d) non-discrimination for exercising your rights.

We do not sell or share (as those terms are defined under the CCPA/CPRA) your personal information. We do not use sensitive personal information for purposes beyond what is necessary to provide the Service.

To exercise your rights, contact privacy@geniusbooks.ai. We will verify your identity before processing requests.

6. Sharing & subprocessors

We share personal data only with trusted third-party subprocessors that help us operate the Service, under written agreements that require them to protect your data with at least the same level of security and confidentiality we provide.

Current categories of subprocessors include: cloud infrastructure hosting, AI model providers, payment processors, messaging delivery platforms, email services, and analytics tools.

A current list of subprocessors is maintained on our Subprocessors page (/legal/subprocessors). We provide advance notice of material subprocessor changes.

We do not sell your personal data. We may disclose data if required by law, court order, or governmental authority.

7. AI processing disclosure

When you make requests through GeniusBooks, your instructions and relevant QuickBooks data context are sent to our AI provider to generate responses and proposed actions. This processing is integral to providing the Service.

No action is written to your QuickBooks account until you explicitly confirm it.

We contractually require our AI provider not to use your data to train their models. AI outputs are generated in real-time and are not stored by the AI provider beyond the processing session.

AI-generated outputs may contain errors. You remain responsible for reviewing and approving all actions. GeniusBooks does not provide tax, legal, accounting, or financial advice.

8. Data retention & deletion

We retain your account and usage data for as long as your account is active and as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

QuickBooks data is cached only for the duration of your active session and is not stored permanently on our servers.

You can disconnect your QuickBooks account at any time — your data remains safely in QuickBooks. You can also request complete deletion of your GeniusBooks account and all associated data by contacting privacy@geniusbooks.ai.

Upon account deletion, we remove your personal data within 30 days, except where retention is required by law (e.g., billing records for tax compliance).

9. Security measures

We implement appropriate technical and organizational measures to protect your personal data, including:

• OAuth-based authentication — we never handle or store your QuickBooks password.
• Encryption of access tokens at rest using industry-standard algorithms.
• TLS (Transport Layer Security) for all data in transit.
• Least-privilege access controls — only essential personnel can access production systems.
• Audit logging of all data access and administrative actions.
• Regular security reviews and dependency updates.

10. International data transfers

Your data may be processed in countries other than your country of residence, including the United States and the United Arab Emirates, where our infrastructure and subprocessors are located.

Where data is transferred outside the EEA/UK, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms.

Our Data Processing Addendum (DPA) includes the applicable SCCs for customers who require them.

11. Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access — obtain a copy of the personal data we hold about you.
• Right to rectification — correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") — request deletion of your data.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to restrict processing — limit how we process your data in certain circumstances.
• Right to object — object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent — where processing is based on consent, withdraw at any time.
• Right to lodge a complaint — file a complaint with your local data protection authority.

12. Cookies & tracking

We use cookies and similar technologies as described in our Cookie Policy (/legal/cookies). We honor your consent choices and the "essential only" setting.

We do not use fingerprinting or hidden tracking technologies.

13. Children

GeniusBooks is a business tool not directed to children. We do not knowingly collect personal data from individuals under 16 years of age (or the age required by local law). If we learn that we have collected data from a child, we will delete it promptly.

14. Third-party links

The Service may contain links to third-party websites or services (e.g., QuickBooks, Stripe). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by email or in-app notification.

Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

16. Contact us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

• Email: privacy@geniusbooks.ai
• General support: support@geniusbooks.ai
• Entity: Om369 LLC-FZ, United Arab Emirates