Legal

Privacy Policy

Last updated: 2026-01-01. This is a starter policy intended for review by the operating firm's counsel before public launch.

What this product is

PCLAW MIGRATE (the “Service”) is a workflow tool that helps law-firm operators move a PCLaw general ledger into QuickBooks Online. The Service accepts an exported PCLaw CSV file, encrypts it on receipt, parses it into journal entries, and posts those entries to the firm's connected QuickBooks Online company via Intuit's official OAuth 2.0 API.

What we collect

• Account data — firm name, your work email, and a hashed password used to sign you in.
• Uploaded ledger files — the PCLaw CSV you upload. Files are encrypted at rest with AES-256 (Fernet) immediately after upload; the unencrypted copy is removed.
• QuickBooks Online OAuth tokens — the access and refresh tokens Intuit issues when you click “Connect to QuickBooks.” Tokens are encrypted at rest and used only to call Intuit's API on your behalf to read the chart of accounts and create JournalEntry records you initiate.
• Operational metadata — job IDs, file SHA-256 hashes, import counts, error messages, and a per-firm audit log of in-app actions (sign-in, upload, connect, import, reverse, etc.).

What we do not do

• We do not sell your data, your firm's data, or your clients' data.
• We do not share your QuickBooks data with advertisers or analytics brokers.
• We do not use your uploaded ledgers to train machine-learning models.
• We do not access your QuickBooks company beyond what is needed to fulfill the import you trigger (read accounts, create JournalEntry records, look up customers/vendors).

How we secure data

• Uploaded files are encrypted at rest with AES-256 (Fernet symmetric encryption).
• QuickBooks OAuth tokens are encrypted at rest with the same scheme.
• Sessions are HTTP-only and (in production) HTTPS-only cookies. CSRF protection is enforced on every state-changing request.
• The application validates required production environment variables on startup and fails fast if any are missing or malformed.

Retention

Encrypted source files, encrypted output files, and OAuth tokens are kept while the corresponding migration job exists in your firm workspace, and are deleted when you delete the job or your workspace. We retain the operational audit log so you can investigate prior imports and reversals.

Your rights

You can delete any individual job from the Service at any time, which deletes its encrypted files and revokes its stored QuickBooks tokens from our database. You can also disconnect a QuickBooks company directly from inside QuickBooks Online → Apps. To delete your firm workspace entirely, contact support.

Sub-processors

The Service runs on Render (hosting), uses Intuit's QuickBooks Online API (mandatory), and may use a transactional email provider for support correspondence. No other sub-processor receives uploaded ledger files or QuickBooks tokens.

Contact

For privacy questions or data-deletion requests, email privacy@pclawmigrate.com or see the support page.