Privacy Policy

Version 1.0 – Effective December 22, 2025

1. Introduction

GGLR Accounting ("we," "us," "our") is committed to protecting the privacy of users of the GGLR Accounting workflow automation platform ("Service"). This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information in accordance with:

Personal Information Protection and Electronic Documents Act (PIPEDA) – Federal private-sector privacy law
Applicable Canadian privacy laws and any substantially similar provincial laws that may apply, as amended from time to time
QuickBooks Online Privacy Statement
Intuit Privacy Statement

2. What Personal Information Do We Collect?

2.1 Information You Provide Directly

When you register for the Service or use it, we collect:

Account Information: Name, email address, business name, telephone number, business address, accounting firm credentials
Financial Data: QuickBooks Online credentials (securely encrypted), client names, invoices, sales data, tax information, business expense records
Communication Data: Messages, inquiries, support tickets, feedback
Integration Data: Credentials for connected services (QuickBooks Online, Google Sheets, Gmail, email providers) – stored securely and used only to perform requested functions

2.2 Information Collected Automatically

We collect certain information automatically when you use the Service:

Log Data: IP address, browser type, pages accessed, time and date of access, referrer URL
Device Information: Operating system, device type, device identifiers
Usage Analytics: Features used, frequency of use, errors encountered (for Service improvement)
Cookies and Tracking: Session cookies for authentication; analytical cookies to understand usage patterns (with your consent where required)

2.3 Information from Third Parties

We may receive information about you from:

QuickBooks Online and Intuit: Your company name, business structure, accounting data (via OAuth connection)
Email Providers: Email addresses and message metadata when integrating Gmail or other providers
Cloud Providers: Data stored by Google Sheets or other integrated platforms

3. How Do We Use Personal Information?

We use personal information only for purposes you would reasonably expect:

4. Who Do We Share Personal Information With?

We share personal information only in these circumstances:

4.1 Service Providers and Processors

We share information with third parties who process it on our behalf:

QuickBooks Online and Intuit: Your financial data is shared directly via OAuth API; governed by Intuit Privacy Statement
Google: Gmail and Google Sheets integration; governed by Google Privacy Policy
Email Service Providers: If you use third-party email providers, your messages are processed per their terms
Cloud Infrastructure Providers: Secure servers that host the Service and your data

Data Processing Agreements: We maintain written agreements with all processors confirming they process data only as instructed and maintain appropriate security.

4.2 Legal Requirements

We may disclose personal information if required by:

Court order or subpoena
Law enforcement investigation (with notice to you unless prohibited by law)
Financial regulator, tax authority (CRA), or securities commission investigation
Protection of life, health, or safety in urgent situations

4.3 Business Transfers

If GGLR Accounting is acquired, merges, or sells substantially all assets, your personal information may be transferred to the successor. We will notify you of any such change and your rights regarding use of information.

5. How Long Do We Keep Your Information?

We retain personal information only as long as necessary for the purposes outlined:

If you request account deletion, we will delete personal information within 30 days except:

Information required by law (tax records, legal holds)
Information needed to resolve outstanding disputes
Anonymized or aggregated data (cannot identify you)

6. How Do We Protect Your Information?

We implement industry-standard safeguards:

6.1 Technical Measures

Encryption in Transit: TLS/SSL encryption for all data in motion
Encryption at Rest: AES-256 encryption for sensitive data stored on servers
Access Controls: Role-based access; only authorized personnel access data
Authentication: Multi-factor authentication (MFA) available for accounts
Regular Audits: Quarterly security assessments and penetration testing

6.2 Organizational Measures

Privacy by Design: Privacy assessments for new features and integrations
Employee Training: Annual privacy and security training for all staff
Incident Response Plan: Documented procedures for investigating and responding to breaches
Data Minimization: We collect only information necessary for the Service

6.3 Limitation of Liability

Despite these measures, no security is absolute. GGLR Accounting is not liable for unauthorized access resulting from:

Your failure to keep credentials confidential
Breach of third-party services (QuickBooks Online, Google, email providers)
Your use of unsecured networks (public WiFi)
Social engineering or phishing attacks

However, we are liable for breaches caused by our negligence or failure to implement reasonable safeguards.

7. Cookies and Tracking Technologies

7.1 How We Use Cookies

Session Cookies: Required for authentication; automatically deleted when you log out
Preference Cookies: Remember your settings (e.g., language, notification preferences)
Analytics Cookies: Track usage patterns to improve the Service (anonymized; no personal identifiers)

7.2 Your Cookie Choices

You can disable cookies in your browser settings, but some features of the Service may not function properly without them.

8. Data Subject Rights (PIPEDA)

You have the following rights under PIPEDA:

8.1 Right of Access

You can request a complete record of personal information we hold about you, including sources, use, and recipients. We will respond within 30 days.

8.2 Right to Correction

If your personal information is inaccurate, incomplete, or outdated, you can request corrections. We will update records within 15 business days.

8.3 Right to Deletion (Right to be Forgotten)

You can request deletion of your personal information, except:

Information required by law (tax records must be kept 6 years under CRA rules)
Information needed to fulfill a contractual obligation
Information subject to a legal hold

We will respond within 30 days and explain any retention necessity.

8.4 Right to Data Portability

You can request your personal information in a portable format (e.g., CSV, JSON) to transfer to another service. We will provide this within 30 days at no cost.

8.5 Right to Withdraw Consent

If we rely on your consent for any processing, you can withdraw it at any time. Withdrawal does not affect the legality of processing before you withdrew consent.

8.6 Right to Opt-Out of Marketing

We do not send unsolicited marketing. If you receive any, you can opt-out by clicking "unsubscribe" in the email or contacting us.

8.7 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you can:

Contact us directly (see Section 14)
Lodge a complaint with the Office of the Privacy Commissioner of Canada

9. Cross-Border Data Transfers

Some of your personal information may be processed or stored in the United States (via QuickBooks Online, Google, or cloud providers). By using the Service, you consent to this transfer. We ensure that:

Transfers comply with PIPEDA and Canadian privacy laws
Recipient organizations provide protections comparable to Canadian privacy laws
You retain all rights under Canadian privacy law

10. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children. If we become aware that we have done so, we will delete it immediately and notify the parent/guardian.

11. Third-Party Services and Links

The Service may integrate with or link to third-party services (QuickBooks Online, Google, email providers). This Privacy Policy applies only to information GGLR Accounting collects. These third parties have their own privacy policies:

We are not responsible for third parties' privacy practices. We recommend reviewing their policies.

12. Updates to This Privacy Policy

We may update this Privacy Policy to reflect legal changes, Service improvements, or feedback. Material changes will be communicated:

By email notification to your account address
By prominent notice on the Service
With an effective date clearly marked

Your continued use of the Service after updates constitutes acceptance of the revised policy. We encourage you to review this policy periodically.

13. Privacy Officer and Accountability

GGLR Accounting designates a Privacy Officer responsible for:

Ensuring PIPEDA compliance and adherence to applicable Canadian privacy laws
Receiving and investigating privacy complaints
Conducting privacy impact assessments for new features
Overseeing data breach investigations and notification
Training staff on privacy practices

14. How to Contact Us

If you have questions about this Privacy Policy, wish to exercise any data rights, or report a privacy concern:

GGLR Accounting
165-4338 Innes Rd

Ottawa, Ontario, Canada
Telephone: (647) 694-4599

Privacy Officer
Email: admin@gglraccounting.com

We will respond to inquiries within 30 calendar days. If your inquiry relates to a data breach, we will prioritize it and respond within 5 business days.

Appendix A: Summary of PIPEDA Rights

By using the GGLR Accounting Service, you acknowledge that you have read, understood, and agree to be bound by both this Privacy Policy and the End-User License Agreement.