Privacy Policy

This Privacy Policy describes how Springhead, LLC ("Springhead," "we," "us") collects, uses, and protects your data when you use our products. Currently that means Tick, our Chrome extension for QuickBooks Online.

What we collect

When you use Tick, we collect:

• Account information: your email address (from Supabase Auth) and Stripe billing data (handled by Stripe; we do not store credit card numbers).
• QuickBooks Online data: for each QBO company you connect, we read your chart of accounts, your historical categorized transactions (for learning client-specific rules), and your current "For Review" queue. We write only transaction categorizations back to QBO. We do not access payroll, payments, or any other QBO data.
• Usage data: per-account counts of categorizations performed, model spend in cents, and error logs (no personally identifying information beyond what appears in merchant names).

How we use your data

We use the data we collect to:

• Categorize your transactions (this is the product).
• Learn client-specific rules so categorization improves over time.
• Monitor service health and usage patterns.
• Bill your subscription via Stripe.

Third parties

To operate Tick, we share specific data with these processors:

• Anthropic (Claude API): we send transaction descriptions and amounts (no PII beyond what appears in merchant names) to Anthropic's Claude API for categorization. Per Anthropic's Commercial Terms, Anthropic does not use API-submitted data to train their models.
• Intuit (QuickBooks): we authenticate to QBO via OAuth and call Intuit's API on your behalf. Intuit's privacy policy applies to the data flowing through their platform.
• Stripe: handles all payment processing. We never see your full card number.
• Supabase: hosts the database where your account data, rules, and transaction history are stored.
• Vercel: hosts our web infrastructure.
• Postmark: sends transactional emails (account, billing, daily admin summaries).

Data retention and deletion

If you cancel your Tick subscription:

• Your QBO connection is severed immediately.
• We retain your data in a soft-deleted state for 30 days, in case you reactivate.
• After 30 days, we hard-delete all rules, transaction history, category mappings, and account data.

You can request immediate deletion of your data at any time by emailing [email protected].

Security

We protect your data with:

• Encrypted-at-rest storage of QBO OAuth tokens (AES-256-GCM).
• Row-level security in our database, enforcing per-user data isolation.
• TLS for all data in transit.
• Service-role-only access to administrative data (e.g., aggregate usage and error logs).

Your rights

You have the right to access, correct, or delete your data. To exercise any of these rights, email [email protected].

Changes to this policy

If we materially change this policy, we'll notify subscribers via email at the address on file. Non-material updates are reflected by changing the "Last updated" date at the top.

Contact

Springhead, LLC
Arkansas, USA
[email protected]