Privacy Policy

Last Updated February 1, 2026

This Privacy Policy describes how Acodei Software, LLC (“Acodei,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you visit our websites or use our products and services (collectively, the “Services”). Acodei provides software that helps users synchronize payment data from Stripe into QuickBooks Online (“QBO”).

If you use Acodei on behalf of a business (for example, as an owner, employee, or accountant), your organization is the customer of the Services and may control how your data is processed. In that context, Acodei acts as a data processor on behalf of your organization (the data controller). For information we collect directly from you to operate our business (such as account and usage data), Acodei acts as the data controller.

Scope

This Privacy Policy applies to information we collect through:

  • Our websites, including https://acodei.com and any subdomains
  • Our web application and related Services
  • Communications with us (for example, support requests and sales inquiries)
  • Any other interactions with Acodei where this Privacy Policy is referenced

Information We Collect

A. Information You Provide

We collect information you provide directly, including:

  • Account information: Name, email address, business or organization name, and account preferences.
  • Authentication information: If you sign up or log in using a third-party identity provider (such as Intuit or Google), we receive certain information from that provider, such as your name, email address, and a unique identifier, consistent with your settings and the provider’s privacy policy.
  • Billing information: If you purchase a subscription, our payment processor (such as Stripe) collects and processes your payment details. We receive only limited billing details, such as card brand, last four digits, and billing address, where available.
  • Support and communications: Information you include in messages, forms, chat, or emails to our support team.

B. Information from Connected Services (Stripe and QuickBooks Online)

When you connect third-party services, we process information from those services to provide the synchronization features you request.

Acodei maintains some data persistently to support features such as sync history, error recovery, and deduplication. Other data may be processed transiently (for example, written to QBO without being stored long-term), except as needed for security, logging, or troubleshooting.

Stripe Data

Depending on your Stripe configuration and what is available via Stripe’s APIs, this may include:

  • Customer identifiers and contact details (such as name, email address, billing and shipping address)
  • Transaction details (amount, currency, timestamps, description, invoice or order identifiers)
  • Refunds, disputes, fees, taxes, and payout or settlement details
  • Related metadata used to create accounting records in QBO

QuickBooks Online Data

We both write data to QBO and read limited QBO data as needed to operate the Services. Depending on your configuration and permissions, this may include:

  • Existing customers or customer identifiers (for matching, deduplication, and syncing)
  • Chart of accounts and account identifiers (for mapping and categorization)
  • Tax codes, items, products, services, classes, locations, and similar configuration data required to create accurate accounting entries
  • Limited record lookups to confirm whether a record already exists or was created successfully

We do not act as a payment processor. Payment processing is handled by Stripe and any other payment providers you connect.

C. Usage, Device, and Log Data

We automatically collect certain information about how the Services are accessed and used, including:

  • IP address, browser type, device type, operating system, and approximate location derived from IP address
  • Pages and screens viewed, features used, clicks, and timestamps
  • Diagnostic data, performance logs, and security-related events

D. Cookies and Tracking Technologies

We use cookies and similar technologies (such as local storage and pixels) for the following purposes:

  • Strictly necessary cookies: Required for authentication, session management, security, and core functionality. If you disable these through your browser, parts of the Services may not function properly.
  • Analytics cookies: Help us understand how the Services are used so we can improve them. We use PostHog for product analytics, which may set cookies and collect usage data.
  • Preference cookies: Remember your settings and choices within the application.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Services. Where required by applicable law (for example, in the EEA or UK), we will obtain your consent before setting non-essential cookies.

Legal Bases for Processing

If you are located in the European Economic Area (“EEA”), United Kingdom (“UK”), or Switzerland, we process your personal data on the following legal bases:

  • Performance of a contract: Processing necessary to provide the Services you have requested.
  • Legitimate interests: Processing necessary to improve the Services, prevent fraud, and ensure security, where those interests are not overridden by your rights.
  • Consent: Where we rely on your consent (for example, for non-essential cookies or marketing communications), you may withdraw consent at any time.
  • Legal obligation: Processing necessary to comply with applicable laws and regulations.

How We Use Information

We use information for the following purposes:

  • Providing, operating, maintaining, and securing the Services
  • Performing data synchronization between Stripe and QBO according to your configuration and instructions
  • Setting up and maintaining mappings (for example, accounts, customers, and tax codes)
  • Providing support and responding to inquiries
  • Monitoring, preventing, and investigating fraud, abuse, or security incidents
  • Improving and developing the Services, including through product analytics and session replay
  • Sending service-related communications (for example, account notices, security alerts, and product updates)
  • Sending marketing communications where you have opted in or where permitted by law

How We Share Information

We do not sell personal information. We do not “share” personal information for cross-context behavioral advertising as defined under the California Privacy Rights Act (“CPRA”).

We may disclose information in the following circumstances:

A. Service Providers (Sub-processors)

We use third-party vendors to support the Services. These providers are authorized to process information only as necessary to provide services to us and are subject to contractual confidentiality and data protection obligations.

Examples include providers for:

  • Cloud infrastructure and hosting (such as AWS)
  • Product analytics and session replay (such as PostHog)
  • Email delivery (such as Loops)
  • Customer support tooling (such as Help Scout)
  • Internal communications (such as Slack)
  • Monitoring and observability (such as New Relic)

A current list of sub-processors is available at https://acodei.com/sub-processors.

We will provide reasonable advance notice (at least 30 days) before adding or replacing a sub-processor that processes personal data.

B. Connected Platforms You Authorize

When you connect Stripe and QBO, we exchange data between those platforms to perform the Services you request and according to your settings.

C. Legal and Safety

We may disclose information if we reasonably believe disclosure is required by law or necessary to protect the rights, property, and safety of Acodei, our users, or others.

D. Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. We will notify affected users before personal information becomes subject to a different privacy policy.

Analytics and Session Replay

We use analytics tools (such as PostHog) to understand usage patterns and improve the Services. Where enabled, session replay records user interactions with the application interface (such as clicks, scrolls, and navigation) to help diagnose issues and improve usability.

Session replay is configured with safeguards, including:

  • Text input fields are masked or redacted by default
  • Session replay is designed to avoid capturing passwords, payment credentials, or sensitive form data
  • Access is restricted to authorized personnel on a need-to-know basis
  • Recordings are retained only as long as necessary for these purposes

Data Retention

We retain information only as long as necessary for the purposes described in this Privacy Policy.

  • Active accounts: We retain information required to operate the Services while your account remains active.
  • Persistently stored sync data: Transaction records maintained for sync history and deduplication are retained while your account is active.
  • Transiently processed data: Data processed and written to QBO without persistent storage is generally not retained beyond the processing window.
  • After termination or disconnection: We delete or de-identify personal information and connected-services data within 30 days. Limited encrypted backups and logs may be retained for up to 90 days, after which they are purged, unless longer retention is required by law.

Security

We implement reasonable technical and organizational measures designed to protect information, including:

  • Encryption in transit (TLS) and at rest
  • Role-based access controls and least-privilege principles
  • Regular review of security practices
  • Monitoring for unauthorized access or anomalous activity

No security measures are perfect, and we cannot guarantee absolute security.

International Data Transfers

We process information in the United States and other locations where we or our service providers operate. Where required for transfers of personal data from the EEA, UK, or Switzerland, we rely on recognized transfer mechanisms such as Standard Contractual Clauses (“SCCs”) and the UK International Data Transfer Addendum.

Your Rights and Choices

You may access, update, or correct certain account information through the Services. You may also contact us at support@acodei.com.

Depending on your location, you may have additional rights under applicable privacy laws, including the GDPR and the CCPA/CPRA. These may include the right to access, correct, delete, or port your personal data, or to object to or restrict certain processing. To exercise any of these rights, contact support@acodei.com.

If you are an end customer of one of our business users (for example, you made a purchase from a merchant that uses Acodei), please contact that merchant directly. We process end-customer data on behalf of our business users and will refer individual rights requests to the appropriate business user.

Children’s Privacy

The Services are intended for business use and are not directed to children. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on our website and revise the effective date. For material changes, we will provide notice through the Services or by email where reasonably practicable.

Data Processing Addendum (Business Users)

If you are a business customer and Acodei processes personal data on your behalf as a data processor, our Data Processing Agreement (“DPA”) applies and forms part of the agreement governing your use of the Services. The DPA is available at: https://acodei.com/dpa.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact:

Acodei Software, LLC
Bountiful, Utah
Email: support@acodei.com
Website: https://www.acodei.com