FifthFirm
Get Started

Privacy Policy

Last updated: April 27, 2026

1. Introduction

Digital Inventory Group LLC ("FifthFirm", "we", "us") operates the FifthFirm platform at fifthfirm.com. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, organization name
  • Client data: business names, financial records, tax documents you upload or connect via QuickBooks Online
  • Payment information: processed by our payment provider (Stripe)
  • Communications: support requests, feedback, and correspondence

2.2 Information from Third-Party Integrations

When you connect QuickBooks Online, we receive access to financial data including chart of accounts, transactions, invoices, bills, customers, vendors, and financial reports. We access only the data scopes you explicitly authorize during the OAuth connection flow.

2.3 OAuth Scopes and Data Access

When you connect your QuickBooks Online account, FifthFirm requests the following OAuth 2.0 scopes:

  • com.intuit.quickbooks.accounting — Read and write access to accounting data including chart of accounts, transactions, customers, vendors, items, and reports
  • openid, profile, email — Basic identity verification for single sign-on

You may revoke FifthFirm's access at any time through your QuickBooks Online account at Apps > Manage Apps, or by contacting us at privacy@fifthfirm.com.

2.4 Automatically Collected Information

  • Usage data: pages visited, features used, actions taken within the platform
  • Device information: browser type, operating system, IP address
  • Cookies: essential session cookies for authentication and CSRF protection. We do not use advertising or tracking cookies.

3. How We Use Your Information

  • Provide, maintain, and improve the Service, including AI-powered bookkeeping, reporting, and advisory features
  • Process financial data to generate reports, categorize transactions, and prepare tax documents
  • Communicate with you about your account, updates, and support
  • Ensure security, detect fraud, and comply with legal obligations
  • Analyze usage patterns to improve the platform (aggregated, de-identified data only)

AI Model Training: Your data is not used to train AI models. AI-powered features use pre-trained models applied to your data at runtime only.

4. Data Sharing and Disclosure

We do not sell, rent, or share your personal or financial data for cross-context behavioral advertising. We may share data:

  • With your consent: When you explicitly authorize sharing
  • Service providers: Third-party vendors who assist in operating the Service (hosting, payment processing), bound by confidentiality agreements and data processing agreements
  • Legal requirements: When required by law, subpoena, or government request
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to affected users

5. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • OAuth 2.0 for third-party integrations (no password storage)
  • Role-based access controls within the platform
  • Multi-tenant data isolation between organizations
  • Regular security assessments and monitoring
  • Audit logging of all data access and modifications

No system is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using commercially reasonable measures.

6. Data Retention

We retain your data according to the following schedule:

Data TypeRetention Period
Account profile informationDuration of account + 30 days
QuickBooks Online cached dataDuration of active integration + 30 days post-disconnect
Financial transaction records7 years (IRS record retention)
Audit logs7 years
Support correspondence3 years
Usage analytics (aggregated)Indefinite (de-identified)
AI model training dataNot applicable — your data is not used to train AI models

After the retention period, data is permanently deleted or irreversibly anonymized.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format (CSV or JSON)
  • Withdraw consent for data processing
  • Disconnect third-party integrations at any time via your account settings

To exercise these rights, contact us at privacy@fifthfirm.com. We will respond within 30 days (or as required by your jurisdiction).

8. Your State Privacy Rights

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to: (i) know what personal information we collect, use, and disclose; (ii) request deletion of your personal information; (iii) opt out of the sale or sharing of personal information; and (iv) not be discriminated against for exercising these rights. We do not sell or share your personal information as defined by the CCPA/CPRA. To exercise your rights, contact privacy@fifthfirm.com. We will respond within 45 days.

Virginia, Colorado, Connecticut, and Other States

Residents of states with consumer privacy laws (VCDPA, CPA, CTDPA, and others) have similar rights to access, correct, delete, and obtain a copy of their personal data, and to opt out of targeted advertising and profiling. To exercise any right, email privacy@fifthfirm.com with your state of residence. We will respond within the timeframe required by your state's law.

Do Not Sell or Share

We do not sell or share personal information for cross-context behavioral advertising. No opt-out mechanism is required because no such activity occurs, but you may contact us at any time to confirm.

9. Data Breach Notification

In the event of a security breach involving your personal information, we will notify affected users without unreasonable delay and no later than as required by applicable law (typically 30–72 days depending on jurisdiction). Notification will include: (a) a description of the breach; (b) the types of data involved; (c) steps we are taking to address the breach; and (d) steps you can take to protect yourself. We will also notify relevant regulatory authorities as required by law.

10. QuickBooks Online Integration

When you connect your QuickBooks Online account to FifthFirm:

  • We use Intuit's OAuth 2.0 protocol — we never see or store your QBO password
  • You can revoke access at any time through your QBO account settings or through FifthFirm
  • We access only the data scopes you authorize
  • Financial data accessed via QBO is used solely to provide the services you requested
  • We do not sell, rent, or trade your QuickBooks data to any third party
  • Upon disconnecting, cached QBO data is deleted within 30 days

QuickBooks, QuickBooks Online, and Intuit are trademarks of Intuit Inc. FifthFirm is not affiliated with, endorsed by, or sponsored by Intuit Inc.

11. Data Processing for B2B Clients

When your organization uses FifthFirm to process client financial data, Digital Inventory Group LLC acts as a data processor on your behalf. You remain the data controller. A Data Processing Agreement (DPA) is available upon request and governs our processing of personal data on your behalf. Contact legal@fifthfirm.com to obtain a copy.

12. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Service at least 30 days before they take effect. Continued use after changes constitutes acceptance.

14. Contact Us

For privacy-related inquiries:
Digital Inventory Group LLC
Email: privacy@fifthfirm.com