Books Commander

Security at Books Commander

We built Books Commander with your privacy and protection in mind. Here's how we ensure your data and QuickBooks connection remain secure and under your control.

Secure Sign-In

Your login is handled using Firebase Authentication — a secure, Google-backed platform. When connecting to QuickBooks, we use Intuit's official flow. Your credentials are never seen or stored by us.

Encrypted & Protected

  • Your QuickBooks tokens are fully encrypted and never exposed to the frontend.
  • Each company connection is isolated with a unique session ID.

Access Controls

  • Only you can read or update your records — no one else has access.
  • Feedback and support messages can be submitted but are never shared or exposed.
  • Our Firestore rules block unauthorized access by design.
  • We do not train on user data*.

Automatic Token Renewal

Tokens expire regularly for safety. Our system refreshes them automatically in the background to keep your connection live without interruptions.

Minimal Data Retention

We do not store your accounting data. Our system acts as a secure bridge — only relaying instructions to QuickBooks when you request it.

System-Level Protections

  • End-to-end encryption for sensitive data
  • Session ID–based access controls
  • Strict database rules for document-level access
  • Secure cookie handling and HTTPS-only traffic
  • Rate limiting and abuse prevention at the API level

What You Can Do

  • Review AI-suggested actions before confirming
  • Treat session IDs like passwords — don't share them
  • Reconnect accounts periodically for freshness
  • Contact support if anything feels unusual
  • Prompt the AI to explain its actions clearly before approving any task
  • Immediately review your QuickBooks records after each action is performed
  • Books Commander does not monitor or verify AI actions — please verify results yourself or with a qualified accountant

Limitations and Best Practices

  • The AI may not always choose the optimal QuickBooks API route — provide clear instructions and review outcomes
  • Use temporary chats when interacting with the AI to avoid saving sensitive data
  • Consider deleting the chat history after each session
  • Disable ChatGPT data usage by going to Settings > Data Controls and toggling off "Improve the model for everyone"
  • Regularly check and clear ChatGPT memories that may store sensitive information
  • OpenAI settings may change — periodically verify your privacy and security preferences

Still have questions? Email us at support@bookscommander.com

* While Books Commander never trains on user data, chats inside ChatGPT may still be used by OpenAI for training purposes. We are not affiliated with ChatGPT. You can prevent this by enabling "temporary chats" or turning off model improvement in ChatGPT settings.