Privacy Policy
Effective 2026.06.10
WolfStrata (“WolfStrata,” “we,” “us”) provides an automated financial-analysis service that reads your accounting data, computes deterministic signals, and generates plain-language narratives. This policy explains what data we handle and how. It applies to the WolfStrata application at wolfiq.surajshetty.com.
Our principles: we do not sell your data, we do not serve advertising, and we collect the minimum needed to run the service.
1. Information we collect
- Account information. Your email address and a securely hashed password used to sign in.
- QuickBooks Online (QBO) data.With your explicit authorization, we retrieve financial reports from your connected QuickBooks company — Profit & Loss, Balance Sheet, and Cash Flow — for the periods you analyze. We store the OAuth access and refresh tokens needed to maintain that connection.
- Your own AI keys (optional).If you supply your own API key for an AI provider (“bring your own key”), we store it to make requests on your behalf.
- Usage analytics. We use PeerLinq, our own self-hosted analytics, to understand feature usage. It is first-party and is never shared with third-party ad networks.
- Operational telemetry. We send application traces to Honeycomb to monitor reliability and performance. Sensitive query parameters (such as auth tokens) are redacted before they leave the application.
2. How we use your data
We use your data solely to operate the service: to authenticate you, to retrieve and analyze your QuickBooks financials, to generate narratives and signal results, and to keep the platform secure and reliable. We do not sell or rent your data, and we do not use it for advertising or profiling.
3. AI processing
To generate the written narrative that accompanies your analysis, we send a prompt to an AI provider. That prompt contains period-level aggregate figures (such as revenue, gross profit, net income, ending cash, total assets, total liabilities, and equity) and short signal summaries. It does not include individual transactions, customer names, vendor names, or line-item ledger detail.
By default we use Anthropic (Claude). If you configure your own key, your requests go to your chosen provider (Anthropic, OpenAI, or Google) under your account with that provider.
4. Service providers (subprocessors)
We rely on the following providers to deliver the service:
- Intuit / QuickBooks Online — source of the financial data you connect.
- Anthropic, OpenAI, or Google — AI narrative generation (per the section above).
- Amazon Web Services (AWS) — application hosting and encrypted off-site backups.
- Honeycomb — operational telemetry and monitoring.
- PeerLinq — our self-hosted, first-party usage analytics.
5. How we store and protect your data
Data is stored in a PostgreSQL database on AWS infrastructure and transmitted over TLS. Sensitive credentials — QuickBooks access and refresh tokens, AI keys you provide, and multi-factor authentication secrets — are application-encrypted at rest using AES-256-GCM envelope encryption: a per-tenant data key is itself wrapped by an AWS Key Management Service master key. The application never has access to the master key material.
Customer financial data (your QuickBooks snapshots and the derived analyses) is not additionally encrypted at the application layer; it sits on encrypted storage with access protected by the controls below. We chose this trade-off deliberately so the signal-analysis pipeline remains debuggable; we do not claim “end-to-end encrypted” or that the operator cannot read your data.
The access controls in place:
- Multi-tenant isolation enforced by the database.Postgres row-level security restricts every query to the authenticated tenant — even an application bug that omits a tenant filter cannot return another tenant’s rows.
- Operator access requires MFA + re-authentication. The platform operator account uses TOTP-based multi-factor authentication, and sensitive actions (connecting/disconnecting accounting systems, changing keys) require password re-verification within a short window.
- Tamper-evident audit log. Security-significant events are recorded in an append-only, hash-chained audit log. Modification or deletion of audit entries is rejected at the database level.
- Encrypted backups. Database backups are stored server-side-encrypted in AWS S3 with access restricted to the operator. Local backups are pruned after 30 days.
6. Data retention
We retain your account data and connected financial data for as long as your account is active. Local database backups are pruned after 30 days; encrypted off-site backups are retained to protect against data loss. You may request deletion of your account and associated data at any time (see “Your choices”).
7. Disconnecting QuickBooks
You can disconnect your QuickBooks company at any time, either from within WolfStrata or from your Intuit account’s connected-apps settings. When you disconnect, we stop syncing and delete the stored QuickBooks tokens. Previously computed analyses may be retained unless you also request their deletion.
8. Your choices and rights
You may request access to, correction of, or deletion of your personal data, and you may withdraw your QuickBooks authorization at any time. To make a request, contact us at sshetty@wolfstrata.com.
9. Children's privacy
WolfStrata is a business tool intended for use by adults. It is not directed to children and we do not knowingly collect data from anyone under 18.
10. Changes to this policy
We may update this policy as the service evolves. Material changes will be reflected by an updated effective date at the top of this page.
11. Contact
Questions about this policy or your data? Contact us at sshetty@wolfstrata.com. This policy is governed by the laws of Manitoba, Canada.