Privacy Policy

Introduction

QLink-Pay, LLC ("we," "us," or "our") operates the QLink-Pay platform at qlinkpay.com (the "Service"). We are committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using QLink-Pay, you consent to the data practices described in this policy.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account or use our Service, we collect:

• Account Information: Name, email address, business name, phone number, billing address
• Authentication Credentials: Encrypted passwords, OAuth tokens for third-party services
• Payment Information: Payment method details (processed and stored by Stripe)
• Business Information: Company details, tax identification numbers (if applicable)
• Communications: Messages you send us through support channels

1.2 Information from Third-Party Services

QuickBooks Online Data:

When you connect your QuickBooks Online account via OAuth 2.0, we access:

• Company information (business name, address, email, phone)
• Customer records (names, email addresses, billing information)
• Invoice data (invoice numbers, amounts, dates, due dates, payment status)
• Payment records (payment amounts, dates, methods)
• Account balances and aging reports

We do NOT access:

• Your QuickBooks login credentials
• Banking or credit card information stored in QuickBooks
• Tax returns or sensitive financial documents
• Employee payroll information

Stripe Payment Data:

When you process payments through Stripe Connect, we receive:

• Transaction amounts and dates
• Payment method types (e.g., credit card, ACH)
• Payment status (successful, failed, pending)
• Customer payment information (as provided by Stripe)

Note: Stripe independently collects and processes payment card information. Please review Stripe's Privacy Policy for details on how they handle your payment data.

1.3 Automatically Collected Information

Usage Data:

• IP address and geographic location
• Browser type and version
• Device information (type, operating system)
• Pages visited and features used
• Time spent on pages
• Referral sources

Cookies and Tracking:

We use essential cookies for:

• Authentication and session management
• Security and fraud prevention
• Service functionality

We do NOT use:

• Third-party advertising cookies
• Behavioral tracking for marketing purposes
• Cross-site tracking

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Service Delivery

• Create and manage your account
• Generate and send customer statements
• Process payment transactions through Stripe
• Sync data between QuickBooks and our platform
• Provide customer support and troubleshooting

2.2 Communication

• Send transactional emails (statements, payment confirmations)
• Provide service updates and important notices
• Respond to your inquiries and support requests
• Send account-related notifications

We will NEVER:

• Sell your personal information to third parties
• Send unsolicited marketing emails without your consent
• Share your data for advertising purposes

2.3 Service Improvement

• Analyze usage patterns to improve features
• Identify and fix technical issues
• Develop new functionalities
• Enhance user experience

2.4 Legal and Security

• Prevent fraud and unauthorized access
• Comply with legal obligations
• Enforce our Terms of Service
• Protect our rights and property
• Respond to legal requests from authorities

3. Data Sharing and Disclosure

3.1 Service Providers

We share limited data with trusted third-party service providers:

3.2 Business Transfers

If QLink-Pay is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice on our Service before your data is transferred and becomes subject to a different privacy policy.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal requests from courts or government agencies
• Subpoenas, court orders, or legal process
• National security or law enforcement requirements
• Protection of our legal rights or safety of others

3.4 With Your Consent

We may share your information for other purposes with your explicit consent.

4. Data Security

4.1 Security Measures

We implement industry-standard security measures to protect your data:

4.2 Data Retention

Active Data:

• Account information: Retained while your account is active
• Transaction records: Retained for 7 years (IRS requirements)
• Statement PDFs: Stored in secure Supabase storage
• Audit logs: Retained for 2 years

After Account Deletion:

• Personal data: Deleted upon request
• Transaction records: Retained for 7 years (legal requirement)
• Aggregated analytics: May be retained indefinitely (anonymized)

Note: We are implementing automated data deletion processes to ensure PDFs and inactive data are removed in accordance with our retention policies.

4.3 Security Incident Response

In the event of a data breach affecting your personal information, we will:

• Investigate and contain the breach immediately
• Notify affected users as required by applicable law
• Inform relevant supervisory authorities as required
• Provide details of the breach and remediation steps
• Offer assistance and support as appropriate

We maintain incident response procedures and work to minimize the impact of any security incidents.

5. Your Privacy Rights

5.1 Rights Under GDPR (EU Users)

If you are located in the European Economic Area (EEA), you have the following rights:

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restrict Processing: Request limitation on how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data for certain purposes
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with your local supervisory authority

5.2 Rights Under CCPA/CPRA (California Users)

If you are a California resident, you have these rights:

• Right to Know: Know what personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information (Note: We do NOT sell personal information)
• Right to Limit Use of Sensitive Personal Information: Limit use of sensitive data (e.g., financial information)
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights

5.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: [email protected]
• Subject Line: "Privacy Rights Request"
• Include: Your name, account email, and specific request

Response Time:

• GDPR requests: Within 30 days
• CCPA requests: Within 45 days (may extend to 90 days if complex)

Verification:

We may ask you to verify your identity before processing requests to protect against unauthorized access.

6. Data Transfers

6.1 International Transfers

QLink-Pay is based in the United States. If you access our Service from outside the U.S., your information will be transferred to, stored, and processed in the United States.

For EU Users:

• We comply with EU-US Data Privacy Framework
• We use Standard Contractual Clauses (SCCs) where applicable
• Our service providers are GDPR-compliant

For UK Users:

• We comply with UK-US Data Privacy Framework
• We adhere to UK GDPR requirements

6.2 Third-Party Country Transfers

Some of our service providers may process data in other countries. We ensure these transfers comply with applicable data protection laws through:

• Adequacy decisions
• Standard Contractual Clauses
• Binding Corporate Rules
• Certification schemes (e.g., Privacy Shield successor frameworks)

7. Children's Privacy

QLink-Pay is a business-to-business service and is not intended for individuals under 18 years of age.

We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately at [email protected], and we will delete it promptly.

8. Third-Party Links

Our Service may contain links to third-party websites or services not operated by us. We are not responsible for the privacy practices of these third parties.

We strongly advise you to review the privacy policies of any third-party sites you visit. This includes:

• QuickBooks Online
• Stripe payment portal
• External resources linked in statements

9. California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes.

Disclosure: We do NOT share personal information with third parties for their direct marketing purposes.

10. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. We currently do not respond to DNT signals because there is no industry-wide standard for implementing DNT compliance.

11. Business Use Disclosure (CCPA)

In the past 12 months, we have collected and disclosed the following categories of personal information for business purposes:

We do NOT sell personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

• Changes in our practices
• Legal or regulatory requirements
• New features or services

Notification of Changes:

• Material changes: Email notification + prominent notice on Service
• Minor changes: Updated "Last Updated" date at top of policy
• 30 days' notice for significant changes

Your Continued Use:

Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions, concerns, or requests regarding this Privacy Policy:

14. Supervisory Authority Contact Information

15. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide our Service (account management, statement generation, payment processing)
• Legitimate Interests: Fraud prevention, security monitoring, service improvement (balanced against your privacy rights)
• Consent: Optional features, marketing communications (where you've opted in)
• Legal Obligation: Tax compliance, responding to legal requests, enforcing Terms of Service

Appendix A: Data Processing Details