Privacy Policy

This Privacy Policy explains how AttiBooks (“we”, “us”, “the Service”), operated at attibooks.com, collects, uses, and protects information when you install and use our QuickBooks Online integration for Attio CRM.

When you connect AttiBooks to QuickBooks Online and Attio, we access the following data strictly to operate the invoice integration:

• From QuickBooks Online (via Intuit API): invoices, customers, customer names and email addresses, invoice line items, payment status, and company information (realmId, company name).
• From Attio: records you choose to invoice (companies, deals, custom objects), the attributes you map to invoice fields, and workspace settings you configure for AttiBooks.
• From you directly: billing email and payment details (handled by Stripe — we never see card numbers).

We use the data above solely to:

• Create, read, and update invoices in your QuickBooks Online account on your behalf
• Write invoice status and metadata back to your Attio records
• Track monthly invoice usage to enforce your plan limits
• Process subscription payments and send billing-related emails

We do not sell, rent, or share your QuickBooks or Attio data with third parties for advertising, analytics, or any purpose unrelated to operating the Service.

Most of your data never leaves Attio or QuickBooks. Customer names, invoice line items, and financial details are read from QBO and written directly to your Attio workspace — they are not stored on AttiBooks servers.

The only data we persist on our infrastructure (Vercel + Neon Postgres) is:

• Your Attio workspace ID
• Your Attio OAuth access token (used to authenticate API calls)
• Your Stripe customer ID, subscription ID, and plan
• A monthly invoice count per workspace (for usage limits)

QuickBooks OAuth tokens are stored inside Attio’s native connection store, encrypted at rest by Attio. AttiBooks does not handle or store QBO credentials directly.

We rely on the following sub-processors to operate the Service:

• Attio — hosts the app and stores QBO connection tokens
• Intuit (QuickBooks Online) — source of invoice and customer data
• Vercel — hosting for attibooks.com and API routes
• Neon — Postgres database for workspace and usage records
• Stripe — subscription billing and payment processing

All data in transit between Attio, QuickBooks, Stripe, and AttiBooks is encrypted via TLS. Database credentials and API secrets are stored as environment variables and are never written to logs. OAuth tokens are encrypted at rest by Attio.

When you disconnect QuickBooks from Attio, AttiBooks immediately stops calling the Intuit API for your workspace and clears the associated connection state.

You can request deletion of all AttiBooks data associated with your workspace — including your workspace record, Stripe customer reference, and usage history — by emailing help@attibooks.com. We will process deletion requests within 30 days.

AttiBooks is a business tool and is not directed to children under 16. We do not knowingly collect data from children.

We may update this Privacy Policy from time to time. Material changes will be communicated via the email associated with your account. Continued use of the Service after changes constitutes acceptance of the updated policy.

For privacy questions or deletion requests, contact us at help@attibooks.com.