Privacy Policy

Last Updated: February 27, 2026 • Version 1.2

1Introduction

Welcome to Berry Technology . We operate Cross , a cloud-based SaaS platform that integrates with QuickBooks Online, provided by Intuit Inc. Our platform provides cheque printing, invoice printing, voucher printing solutions, and may expand to include additional financial document processing and related services in the future.

We are committed to protecting the privacy and security of your personal and business data. This Privacy Policy explains what information we collect, how we collect it, why we use it, how we protect it, and what rights you have regarding your data when you use our Service.

By accessing or using our Service including through the QuickBooks Online App Marketplace you acknowledge that you have read, understood, and agree to the data practices described in this Privacy Policy. If you do not agree with any part of this Policy, please discontinue use of the Service immediately.

1.1 Scope of This Policy

This Privacy Policy applies to:

  • All users who access the Service via Cross, whether directly or through the QuickBooks Online integration
  • All data collected through your use of the Service, including data retrieved from your QuickBooks Online account
  • All interactions with our website, support channels, and platform features

This Policy does not apply to third-party services, including Intuit's own products and services. We encourage you to review Intuit's Privacy Policy to understand how Intuit handles your data independently of our platform.

1.2 Integration with QuickBooks Online

Our Service integrates with QuickBooks Online using Intuit's OAuth 2.0 authorization framework. This means that we access your QuickBooks Online data only with your explicit authorization.

We never store your Intuit credentials. Authorization is granted and revoked entirely within your Intuit account settings, giving you full control over the data your account shares with our platform.

We access QuickBooks Online data strictly to provide the core functionality of our Service—generating and printing cheques, invoices, and vouchers—and for no other purpose. All data access and processing is performed in compliance with Intuit Developer Platform policies and applicable data protection regulations.

1.3 Our Commitment

01
Transparency
Being clear about what data we access and why
02
Security
Protecting your data using industry standard technical and organizational safeguards
03
User Control
Giving you meaningful rights over your data and deletion options
04
Compliance
Adhering to data protection regulations and Intuit's policies

Contact Information

Address

1st floor, 101 Robert Gunawardena Mawatha, Battaramulla

2Information We Collect

We collect only the data necessary to deliver our cheque, invoice, and voucher printing services. Data is collected through two channels: information you provide directly, and data retrieved from your QuickBooks Online account via the Intuit API.

2.1 Data You Provide Directly

When you register or use our Service, you may provide:

A

Account Information

Business name, email address, and login credentials

2.2 Data Accessed via QuickBooks Online API

With your explicit authorization through Intuit OAuth 2.0, we access the following QuickBooks Online data and nothing beyond what is listed here:

Data CategorySpecific Fields AccessedPurpose
Company ProfileBusiness name, address, phone, logoPopulate payment voucher and invoice headers
Invoice DataCustomer name, Invoice date, Invoice number, line items, payment terms, amounts, due datesGenerate invoice print documents
Vendor / Payee DataVendor name, addressGenerate voucher and cheque payee field
Payment RecordsPayment amount, date, reference numberGenerate voucher and cheque amount field
Currency SettingsDefault currency and formatEnsure accurate formatting on all print output
🛡️

Strict Privacy Guard:We do not access: payroll data, tax filings, banking credentials, employee records, or any QBO data outside the scope defined above.

2.3 Automatically Collected Technical Data

When you use our platform, we automatically collect limited technical data for performance and security purposes:

🌐

Environment

IP address, browser type, and operating system

📜

Logs

Session activity logs and error reports

Metadata

API request timestamps and response metadata

Privacy Guarantee: This data is never sold and is used solely for platform stability, security monitoring, and troubleshooting.

3How We Use Your Data

We use the data we collect solely to operate, maintain, and improve our Service. We do not use your data for advertising, profiling, or any purpose unrelated to the printing functions you have authorized.

3.1 Core Service Delivery

The primary reason we access your QuickBooks Online data is to perform specific printing and document generation functions:

Cheque Printing

Active

Generate and render professional cheque print documents.

Data Used:

Vendor/payee name, payment amount, date

Invoice Generation

Active

Generate and render high-fidelity invoice print documents.

Data Used:

Customer records, invoice date, line items, amounts, due dates, terms

Voucher Solutions

Active

Generate and render payment voucher print documents.

Data Used:

Vendor/payee name, payment amount, reference numbers

Branding & Format

Active

Populate correct company branding and regional formatting from QBO.

Data Used:

Company name, address, logo, currency settings

👤 3.2 Account & Platform Management

  • Authenticate identity and manage secure Service access.
  • Maintain saved print templates and layout preferences.
  • Communicate service-related updates and feature releases.

🛡️ 3.3 Security & Compliance

  • Detect and prevent unauthorized access or fraudulent activity.
  • Monitor API usage for Intuit developer platform compliance.
  • Maintain secure audit logs for data access events.

📈 3.4 Service Improvement

Using anonymized and aggregated data only:

  • Improve print template performance and rendering accuracy.
  • Resolve platform errors and prioritize feature development.

NOTE: No personally identifiable or QBO data is used for analytics.

⚖️ 3.5 Legal Obligations

  • Comply with applicable laws, regulations, or government requests.
  • Enforce our Terms of Service and protect legal rights.
  • Respond to valid legal processes (subpoenas, court orders).

4Data Storage & Security

We implement industry-standard technical and organizational safeguards to protect your data—including all QuickBooks Online data accessed via the Intuit API—against unauthorized access, loss, or disclosure.

4.1 Data Retention & Storage

Data TypeStorage LocationRetention Period
Account & ProfileSecured Cloud Database Duration of active account
QBO API Tokens (OAuth 2.0)Encrypted Token Store (Server-side only) Until revoked or session expires
Generated Print DocumentsTemporary Secure Storage Purged within 24 hours
Audit & Access LogsSecured Log Management System 90 days (Auto-deleted)
Billing RecordsPCI-Compliant Payment Processor As required by law

Note: We do not store raw QuickBooks Online data beyond what is immediately required to render your requested print document. Once generated, source data is not retained.

4.2 Enterprise Security Controls

🔒

Encryption in Transit

Data is encrypted using TLS 1.2 or higher during transmission.

💾

Encryption at Rest

All stored data, including OAuth tokens, is encrypted using AES-256.

🔑

OAuth 2.0 Token Security

Tokens are stored server-side in HttpOnly cookies, never exposed to the client.

👥

Role-Based Access (RBAC)

Internal access is restricted to authorized personnel on a strict need-to-know basis.

🔎

Scope Minimization

We only request the minimum QBO API permissions required for the Service.

🛡️

Vulnerability Management

Regular security reviews and dependency audits to identify and remediate risks.

⚠️ 4.3 Data Breach Response

In the event of a confirmed data breach affecting your data, we will:

  • Notify affected users within 72 hours of confirmation.
  • Immediately revoke compromised access tokens.
  • Provide a clear incident summary and user actions
  • Notify Intuit per Developer Platform requirements.

🤝 4.4 Shared Responsibility

While we protect the infrastructure, you are responsible for:

  • Maintaining the confidentiality of your login credentials.
  • Promptly notifying us of any suspected unauthorized access.
  • Revoking QBO access via Intuit Account settings if you discontinue our Service.

5Data Sharing

We do not sell, rent, trade, or lease your personal or business data — including any data accessed from your QuickBooks Online account — to any external party, under any circumstance.

🛡️ 5.1 Our Core Commitment

Your data exists within our platform for one purpose only: to generate your requested print documents. It is never monetized, shared for marketing purposes, or disclosed to any party outside of what is strictly necessary to operate the Service.

We do not sell your data. We do not share your QuickBooks Online data with any external party for any purpose beyond delivering your print documents.

5.2 Internal Data Access

Access to your data within our organization is governed by strict internal controls and limited to specific roles:

Access LevelWhoWhat They Can Access
Platform OperationsAuthorized engineers onlySystem logs, error reports — no raw QBO data
Customer SupportSupport staff on request basisAccount information only, with user consent
Billing & FinanceFinance teamSubscription and payment records only
Executive / ManagementAggregated reporting onlyNo personally identifiable data

⚖️ 5.3 Legally Required Disclosures

We may disclose data only under strictly limited circumstances:

  • To comply with a valid court order, subpoena, or government request.
  • To protect the legal rights, property, or safety of our company or public.
  • To investigate confirmed fraudulent activity or security incidents.
In all such cases, we will disclose only the minimum data required and notify affected users promptly where legally permitted.

🔄 5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets:

  • Notify all active users no less than 30 days prior.
  • Ensure successor entity is bound by this Privacy Policy.
  • Provide the option to request deletion prior to transfer.

6User Rights & Control

You have full rights over your data at every stage of your relationship with our Service. We are committed to honoring these rights promptly and without restriction.

6.1 Your Rights at a Glance

RightWhat It MeansHow to Exercise
AccessRequest a copy of all data we hold about you.Email anjalee@berrytechnology.lk
CorrectionRequest correction of inaccurate data.Email anjalee@berrytechnology.lk
DeletionRequest permanent deletion of your data.Email anjalee@berrytechnology.lk
RestrictionRequest we limit how we process your data.Email anjalee@berrytechnology.lk
PortabilityReceive your data in a portable format.Email anjalee@berrytechnology.lk
ObjectionObject to any specific data processing activity.Email anjalee@berrytechnology.lk

We will respond to all verified requests within 30 days of receipt.

🔌 6.2 Revoking QuickBooks Online Access

You may disconnect our platform from your QuickBooks Online account at any time, without penalty, directly through your Intuit account settings:

1Intuit Account
2Apps
3Cross
4Remove Access

• Upon disconnection, all active OAuth 2.0 tokens are immediately invalidated.

• No further QuickBooks Online data will be accessed or retrieved by our platform.

Note: Revoking access does not automatically delete previously generated print documents. Submit a separate deletion request if required.

🗑️ 6.3 Account & Data Deletion

To request full deletion of your account and all associated data, email anjalee@berrytechnology.lk with the subject: "Data Deletion Request".

  • Identity verification within 5 business days.
  • Permanent deletion within 30 days of confirmation.
  • Deletion is irreversible.

Subscription must be cancelled prior to deletion.

📑 6.4 Deletion Exceptions

Certain data may be retained solely where required by law:

  • Billing and transaction records for tax/accounting.
  • Audit logs for the legally required minimum period.
  • Data subject to active legal holds or investigations.

Retained data will not be used for any operational or commercial purpose.

7Policy Updates & Contact Information

We reserve the right to update this Privacy Policy periodically to reflect changes in our Service, legal obligations, or Intuit platform requirements. We are committed to keeping you informed of any meaningful changes.

7.1 How We Notify You of Changes

When this Policy is updated, we will:

  • 🌐Post the revised Policy at crossbooks.online/privacy-policy with an updated 'Last Updated' date.
  • 📧Send an email notification to all registered users no less than 14 days before material changes take effect.
  • 🚩Display an in-platform notification banner highlighting the nature of the change upon your next login.

Continued use of the Service after the effective date constitutes your acceptance. If you do not agree, you may request account deletion per Section 6.3.

7.2 What Constitutes a Material Change

Change TypeExample
Data Collection ScopeAccessing new QuickBooks Online API data fields
Data Sharing PracticesEngaging a new service provider with data access
User Rights ModificationsChanges to deletion or access request timelines
Security PracticesSignificant changes to encryption or storage methods
Legal JurisdictionChanges to governing law or dispute resolution

🕒 7.3 Policy Version History

v1.0February 27, 2026

Initial publication — production launch

📧 7.4 Contact Information

Privacy & Security

anjalee@berrytechnology.lk

General Support

anjalee@berrytechnology.lk

Registered Address

1st floor, 101 Robert Gunawardena Mawatha, Battaramulla

Responds within 5 business days

Governing Law: This Privacy Policy is governed by the laws of Sri Lanka, without regard to its conflict of law provisions.

© 2026 Berry Technology Platform. All rights reserved.