Data Security

How SimpleCommerceSync protects your data and maintains security.

Our Security Commitment

We take the security of your data seriously. This article explains how we protect your information and what measures are in place.

Data Protection

Encryption

In Transit:

  • All connections use HTTPS (TLS 1.2+)
  • Data is encrypted between your browser and our servers
  • API calls to HubSpot and QuickBooks are encrypted

At Rest:

  • Sensitive data is encrypted in our database
  • OAuth tokens are securely stored
  • Passwords are hashed (never stored in plain text)

Password Security

  • Passwords are hashed using industry-standard algorithms
  • We never store or see your actual password
  • Password reset uses secure, time-limited tokens

OAuth and Connections

How OAuth Works

When you connect HubSpot or QuickBooks:

  1. You authorize directly with HubSpot/QuickBooks
  2. They give us tokens (not your password)
  3. Tokens grant limited, revocable access
  4. You can disconnect anytime

Token Security

  • Tokens are encrypted in our database
  • Automatically refreshed before expiration
  • Revoked when you disconnect

What We Can Access

We only access what's needed for sync:

  • Invoices, payments, products, quotes
  • Contacts (for customer matching)
  • Tax rates and codes

We cannot:

  • Access your email
  • Read HubSpot conversations
  • Access unrelated QuickBooks data

Data We Store

What We Keep

Data Type Why We Store It
Account info Your login and settings
OAuth tokens To access connected systems
Sync logs History of what synced
Configuration Your sync settings

What We Don't Store

  • Full invoice content (we process, not store)
  • Customer payment details
  • HubSpot conversation data
  • Unrelated business data

Data Access

Who Can Access Your Data

  • You - Full access to your account
  • Our systems - Automated sync processing
  • Support team - Only when troubleshooting (with your permission)

No Third-Party Sharing

We do not:

  • Sell your data
  • Share with advertisers
  • Provide data to third parties (except as required by law)

Infrastructure Security

Hosting

  • Hosted on secure cloud infrastructure
  • Regular security updates
  • Firewall protection
  • DDoS protection

Monitoring

  • 24/7 system monitoring
  • Automated threat detection
  • Security logging and auditing

Your Responsibilities

Account Security

To keep your account secure:

  • Use a strong, unique password
  • Don't share your login credentials
  • Log out on shared devices
  • Keep your email secure (for password resets)

Connection Security

  • Only connect systems you control
  • Review permissions when connecting
  • Disconnect if access is no longer needed

Data Retention

How Long We Keep Data

  • Sync logs: Retained while account active
  • Configuration: Retained while account active
  • Account data: Until you delete account

After Account Deletion

When you delete your account:

  • Account data is removed
  • Sync logs are deleted
  • OAuth tokens are revoked
  • Backups are purged according to schedule

Compliance

Privacy Practices

We follow privacy best practices:

  • Minimal data collection
  • Purpose limitation
  • User control over data
  • Transparency about practices

Data Requests

You can request:

  • Export of your data
  • Deletion of your account
  • Information about what we store

Contact support for data requests.

Security Incidents

If a Breach Occurs

In the unlikely event of a security incident:

  1. We'll investigate immediately
  2. Affected users will be notified
  3. We'll take corrective action
  4. We'll provide guidance on next steps

Reporting Security Issues

If you discover a security vulnerability:

  • Contact us immediately
  • Do not exploit the vulnerability
  • We appreciate responsible disclosure

Questions

For security questions or concerns:

  • Review this documentation
  • Contact support
  • Request additional information