Clock to Bill

Privacy Policy

Effective date: June 2026

1. About This Policy

This Privacy Policy describes how CTA Integrity, LLC (“CTA Integrity,” “we,” “our,” or “us”), headquartered in Salt Lake City, Utah, collects, uses, and protects information in connection with Clock to Bill — a private billing automation service (“the Service”). Clock to Bill is not publicly available; access is by invitation only and limited to authorized users of subscribing bookkeeping firms.

By using the Service, you acknowledge that you have read and understood this Policy. Questions or requests may be directed to support@ctaintegrity.com.

2. Information We Collect

We collect the following categories of information when you use the Service:

  • Account information: your name and email address, provided at the time your account is created by an administrator.
  • QuickBooks OAuth tokens: access and refresh tokens issued by Intuit when you authorize the Service to connect to your QuickBooks Online and QuickBooks Time accounts. These tokens are stored encrypted at rest using AES-256-GCM.
  • Time entry data: billable time entries retrieved from QuickBooks Time via the authorized OAuth connection, including employee names, client (jobcode) identifiers, dates, and durations.
  • Invoice data: invoice drafts computed by the Service and invoices created in QuickBooks Online on your behalf, including client names, billing amounts, and invoice dates.
  • Usage logs: records of actions taken within the Service (e.g., billing runs initiated, invoices sent) for audit and troubleshooting purposes.

We do not collect payment card information, Social Security numbers, or other sensitive personal identifiers beyond what is described above.

3. How We Use Your Information

Information collected is used solely to operate the Service, which includes:

  • Authenticating your account and maintaining your session.
  • Connecting to QuickBooks Online and QuickBooks Time on your behalf to retrieve time entries and create invoices.
  • Computing invoice drafts for your review and sending approved invoices via QuickBooks Online.
  • Sending transactional emails (e.g., magic-link login emails) necessary to operate the Service.
  • Maintaining audit logs of billing and invoice actions for your firm’s records.
  • Diagnosing and resolving technical issues.

We do not use your data for advertising, profiling, or any purpose unrelated to operating the Service.

4. Third-Party Service Providers

We share data with the following third-party service providers only to the extent necessary to operate the Service. Each is bound by its own privacy and security commitments.

  • Intuit / QuickBooks: OAuth authorization and data exchange for QuickBooks Online and QuickBooks Time. Your data is subject to Intuit’s Privacy Statement.
  • Supabase: cloud database and authentication infrastructure. Data is stored in the United States.
  • Vercel: application hosting and edge network. The Service runs on Vercel’s infrastructure.
  • Resend: transactional email delivery (e.g., magic-link login emails).

We do not sell, rent, or otherwise disclose your data to any other third parties.

5. Data Security

OAuth tokens are encrypted at rest using AES-256-GCM with a unique initialization vector per token. Access to the Service requires authentication. We implement reasonable technical and organizational measures to protect your data against unauthorized access, loss, or disclosure. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your firm maintains an active account with the Service. Time entries, invoice drafts, and audit logs are retained to support billing history and reconciliation. If you discontinue use of the Service, you may request deletion of your data by contacting support@ctaintegrity.com. We will fulfill deletion requests within a reasonable time, subject to any legal obligations to retain records.

7. Your Rights

You may contact us at support@ctaintegrity.com to:

  • Request access to the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Revoke QuickBooks OAuth authorization (you may also revoke access directly within your Intuit account settings).

8. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify affected users by email or by posting a notice within the Service. Continued use of the Service after such notice constitutes acceptance of the updated Policy.

9. Governing Law

This Privacy Policy is governed by the laws of the State of Utah, without regard to its conflict of law provisions.

10. Contact

CTA Integrity, LLC
Salt Lake City, Utah
support@ctaintegrity.com