TotalCare IT Logo
Home Terms of Service

Privacy Policy

Last Updated: October 24, 2025

At TotalCare IT ("we," "us," or "our"), we are committed to protecting your privacy and handling your personal information with care and transparency. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the TotalCare AI Partner Portal and QuickBooks Online integration (the "Service").

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, company name, phone number
  • Authentication Data: Microsoft 365 credentials (handled by Microsoft, not stored by us)
  • Communication Data: Messages, support requests, and feedback you send to us

1.2 QuickBooks Data

When you connect QuickBooks Online, we access:

  • Company Information: Business name, industry, fiscal year
  • Financial Data: Transactions, invoices, bills, payments, bank data
  • Customer & Vendor Data: Names, contact information, transaction history
  • Reports: Profit & loss, balance sheet, cash flow statements
  • Tax Information: Tax rates, tax forms, tax-related data

1.3 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent
  • Device Information: Browser type, operating system, IP address
  • Cookies: Session cookies, authentication tokens, analytics cookies
  • Log Data: Access times, error logs, API calls

1.4 Third-Party Services

  • HubSpot: Website analytics, chat interactions, form submissions
  • Microsoft 365: Authentication and identity verification
  • Autotask: Service ticket and activity data

2. How We Use Your Information

2.1 To Provide the Service

  • Process and analyze your QuickBooks data
  • Generate AI-powered insights and recommendations
  • Create automated reports and dashboards
  • Synchronize data between systems
  • Provide customer support

2.2 To Improve the Service

  • Analyze usage patterns and trends
  • Train and improve AI models (using anonymized data)
  • Develop new features and functionality
  • Fix bugs and optimize performance

2.3 To Communicate

  • Send service notifications and updates
  • Respond to support requests
  • Provide product announcements
  • Send marketing communications (with your consent)

2.4 For Security and Compliance

  • Detect and prevent fraud
  • Monitor for security threats
  • Comply with legal obligations
  • Enforce our terms and policies

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

  • Contract: Processing necessary to provide the Service
  • Consent: Where you have given explicit consent
  • Legitimate Interests: For service improvement and security
  • Legal Obligation: To comply with applicable laws

4. Information Sharing and Disclosure

4.1 We Do NOT Sell Your Data

We never sell, rent, or trade your personal information or QuickBooks data to third parties for marketing purposes.

4.2 Service Providers

We share data with trusted service providers who help us operate the Service:

  • Cloud Hosting: AWS for secure data storage and processing
  • AI Services: Anthropic (Claude) and OpenAI for AI analysis
  • Analytics: HubSpot for website analytics
  • Authentication: Microsoft for identity verification

All service providers are contractually obligated to protect your data.

4.3 Legal Requirements

We may disclose information if required by law or in response to:

  • Court orders or subpoenas
  • Government or regulatory requests
  • Legal processes and investigations
  • Protection of our rights or safety

4.4 Business Transfers

If we merge, are acquired, or sell assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4.5 With Your Consent

We may share information with third parties when you explicitly consent to such sharing.

5. Data Security

5.1 Security Measures

We implement comprehensive security measures:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access, multi-factor authentication
  • Network Security: Firewalls, intrusion detection, DDoS protection
  • Monitoring: 24/7 security monitoring and logging
  • Audits: Regular security assessments and penetration testing
  • Incident Response: Documented procedures for security incidents

5.2 QuickBooks Data Security

QuickBooks data is accessed via Intuit's secure OAuth 2.0 protocol. We:

  • Never store your QuickBooks login credentials
  • Use encrypted API tokens that expire regularly
  • Comply with Intuit's security requirements
  • Store only necessary data for providing the Service

5.3 Employee Access

  • Limited to authorized personnel only
  • Subject to confidentiality agreements
  • Logged and monitored for security
  • Provided on a need-to-know basis

6. Data Retention

6.1 Active Accounts

We retain your data for as long as your account is active and as necessary to provide the Service.

6.2 Disconnected QuickBooks

When you disconnect QuickBooks:

  • Access to your QuickBooks data is immediately revoked
  • Stored QuickBooks data is deleted within 30 days
  • Anonymized analytics data may be retained

6.3 Closed Accounts

When you close your account:

  • Personal data is deleted within 90 days
  • Some data may be retained for legal or regulatory compliance
  • Backups are deleted according to our backup retention policy

6.4 Legal Holds

Data subject to legal holds or required for compliance will be retained as legally required.

7. Your Privacy Rights

7.1 Access and Portability

  • Request a copy of your personal data
  • Download your data in a portable format
  • View what information we have about you

7.2 Correction and Update

  • Update your account information
  • Correct inaccurate data
  • Complete incomplete data

7.3 Deletion (Right to be Forgotten)

  • Request deletion of your personal data
  • Close your account and delete all data
  • Disconnect QuickBooks and delete associated data

7.4 Restriction and Objection

  • Restrict processing of your data
  • Object to certain uses of your data
  • Withdraw consent for marketing communications

7.5 How to Exercise Your Rights

Contact us at privacy@totalcareit.com to exercise any of these rights. We will respond within 30 days.

8. Cookies and Tracking

8.1 Essential Cookies

  • Authentication and session management
  • Security and fraud prevention
  • Service functionality

8.2 Analytics Cookies

  • HubSpot for website analytics
  • Usage patterns and trends
  • Performance monitoring

8.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality.

9. International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses for EU data transfers
  • Privacy Shield Framework (where applicable)
  • Adequacy decisions by relevant authorities
  • Binding Corporate Rules

10. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children. If we discover we have collected data from a child, we will delete it immediately.

11. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to Know: What personal information we collect and how it's used
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of sale of personal information (we don't sell)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

Contact privacy@totalcareit.com to exercise these rights.

12. Nevada Privacy Rights

Nevada residents may opt out of the sale of personal information. We do not sell personal information, but you may contact us at privacy@totalcareit.com to exercise this right.

13. Data Breach Notification

In the event of a data breach affecting your personal information:

  • We will notify affected users within 72 hours
  • Notification will include nature of breach and mitigation steps
  • We will notify relevant regulatory authorities as required
  • We will provide support and guidance to affected users

14. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. Please review their privacy policies.

15. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be communicated via:

  • Email notification for material changes
  • Prominent notice in the Partner Portal
  • Updated "Last Modified" date

Continued use after changes indicates acceptance of the updated policy.

16. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your data:

Privacy Officer
TotalCare IT
Prevailing Networks Inc. dba TotalCareIT
Email: privacy@totalcareit.com
General: ai@totalcareit.com
Website: totalcareit.com

17. Compliance Certifications

We are committed to maintaining the highest standards of data protection:

  • Intuit Developer: Compliance with Intuit's data handling requirements
  • GDPR: General Data Protection Regulation compliance
  • CCPA: California Consumer Privacy Act compliance
  • SOC 2: Security and availability controls (in progress)

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO ITS TERMS.

View Terms of Service Back to Home