Privacy Policy

entrpy, LLC (“entrpy”, “we”) builds bespoke software for individual clients under signed consulting engagements. Our software is private, single-tenant, and operates exclusively on behalf of the contracting client. This policy explains what data our software accesses, how we store it, and how to revoke access.

1. Scope

This policy covers software developed by entrpy that integrates with third-party services on a client’s behalf. It does not cover how those third-party services themselves handle data — refer to the relevant provider’s policy.

2. What our software accesses

Our software accesses only the data needed to perform the workflows the client has authorized. For our QuickBooks Online integration, this means data within the scope com.intuit.quickbooks.accounting: customers, vendors, estimates, purchase orders, and related entities. We do not request payments, payroll, or user-identity scopes.

All write operations are read-or-create-or-update. Our software never deletes records.

3. Storage and security

OAuth refresh tokens and other credentials are stored on hardware owned and operated by the client (e.g., a dedicated server on the client’s network), with file-system permissions restricted to the operating user. Credentials are never committed to source control, shared with third parties, or transmitted outside the client’s infrastructure except to the third-party service that issued them.

Operational state (in-flight workflow records) is stored locally alongside the software. We retain only what is needed to drive the workflow; no analytics or telemetry is collected on end users.

4. Sharing

We do not sell, rent, or share data accessed by our software with any third party, except to the third-party services the client has authorized us to integrate with (e.g., posting an estimate back to QuickBooks Online).

5. Revoking access

You may revoke our software’s access at any time:

• QuickBooks Online:sign in to QuickBooks, open Settings → Apps → My Apps, find the entrpy connection, and click Disconnect.
• Other services:revoke the OAuth grant from the relevant provider’s account or security settings.

On revocation, our software loses the ability to read or write to that service. Any cached credentials on disk are invalidated by the provider and become unusable.

6. Data subject requests

To request information about or deletion of data our software has accessed on your behalf, contact us at the address below. Where the data lives in a third-party system (e.g., your own QuickBooks company), the source-of-truth records remain in that system and are subject to that provider’s policies.

7. Changes

We may update this policy as our software evolves. The “Last updated” date above reflects the most recent change.

8. Contact

Questions or requests: hello@entrpy.co.