WFAS PSA is a private, single-organization business application used internally by WFAS to manage clients, projects, time, expenses, and invoicing. This policy explains what data the application handles and how it is protected.
Business records entered by authorized users: client and contact details, project and time/expense records, billing rates, and invoices. The application does not collect protected health information (PHI), payment card data, or consumer banking data.
When connected to QuickBooks Online, the application accesses Intuit data solely to provide its accounting integration: it reads company information and the chart of accounts, and creates or updates Customers, Invoices, Items, and Journal Entries that originate in WFAS PSA, and reads invoice/payment status. It stores only the QuickBooks identifiers needed to keep those records linked, plus the OAuth tokens required to maintain the connection. Intuit data is used only to deliver this functionality for the connected company. It is never sold, never used for advertising, and never shared with or shown to any party other than the connected company.
The application is hosted on Amazon Web Services. Data is encrypted at rest (encrypted storage volumes and encrypted, access-controlled backups) and encrypted in transit (HTTPS/TLS only). OAuth credentials and tokens are stored in encrypted storage and are never exposed to end-user browsers. Access is restricted by authenticated, role-based controls, with least-privilege infrastructure permissions.
Business records are retained for as long as needed for operational and accounting purposes. The QuickBooks connection can be revoked at any time from within the application, which invalidates the stored tokens. Records can be removed by an administrator on request.
The application is single-tenant and serves one organization. Data is not sold or disclosed to third parties, except infrastructure providers (AWS) acting solely as hosting processors, or where required by law.
Questions or requests regarding this policy or your data: support@bluearmor-us.com.