GoToMyAccounts.com Privacy Statement
Revised 08/09/2017
This privacy notice discloses the privacy practices for the GoToMyAccounts.com website and GoToMyAccounts.com service. This privacy notice outlines the following:
1. What personally identifiable information is collected from you through the web site, how it is used and
2. with whom it may be shared.
3. What choices are available to you regarding the use of your data
4. The security procedures in place to protect the misuse of your information.
5. How you can correct any inaccuracies in the information.
Information Collection, Use, and Sharing
Account Creation
During the account creation process, we only have access to/collect information that you voluntarily give us via the registration form, email, or other direct contact from you. We will not sell or rent this information to anyone.
Billing Data (Your Account)
When or if a customer upgrades to a paid subscription, credit card information is collected. This information is collected and maintained via our billing portal (https://billing.gotomyaccounts.com). This billing portal is SSL secured. Credit card information is encrypted in our database. We DO NOT store the credit card CVV numbers.
Sharing of Data with Third Parties
GoToMyAccounts.com will never share any of your personal or company data without your express permission. GoToMyAccounts.com will never share any of your customer data.
What We Store
The GotoMyAccounts.com service stores certain accounting data in order to accurately present customer data and also to aid employees in entering time/expenses. The service will store/replicate various “lists” used in QuickBooks, including customers, items, accounts, etc. GotoMyAccounts.com stores a one-year history of transactional data (invoices, payments, credits, etc). All entity data such as customers, items, accounts remain as long as the account is active.
Google Drive Integration
GotoMyAccounts allows portal users to connect to a Google Drive account for the purpose of sharing files (if enabled) with customers. GoToMyAccounts does not initiate any file reads, uploads, deletes within the application by any unattended process or script. All file uploads, edit, deletes must be initiated by a staff user with appropriate permissions. A customer user may not delete any file. In addition, any file uploaded or accessed by GoToMyAccounts will by default not be enabled for customers to view. You must explicitly enable permissions for a customer to have the ability to view files. Allowing customers to upload files requires a global option to be set in your settings page. By default, customers DO NOT have the ability to upload files.
Data stored for customer payment processing
Credit Card:
We do not store your customer credit cards. There is one exception to this rule. For offline credit card processing, we store an encrypted credit card number for no more than 7 days. During this period, the card number can be retrieved for offline processing by an admin user or employee user with billing permissions.
Check Drafts:
Our check draft system allows customers to submit a check payment via the web portal. This data is stored and is used to print the check draft locally on check paper. Although the data is not displayed after use, it can be retrieved again by a repeat customer to auto-fill the check fields if a subsequent payment is made.
PayPal:
When a PayPal payment is made, GoToMyAccounts.com stores a secure token which is passed to the PayPal service. Once the transaction has been accepted by PayPal, the secure token is posted back to GoToMyAccounts.com via SSL protected post. The payment data is then updated and processed. No other payment information is stored when using this payment method.
Access By Customers/Clients
The service is designed to expose customer data, including invoice and payment history, through a web-based portal. You may or may not elect to expose this data to any of your customers. A customer’s data is protected by means of a secure login to the web portal. Access to the web portal is controlled by the account admin or an employee user who has customer admin permissions. An admin or employee user may also permit a customer to access the bill payment screen via single-use secure URL.
The URL includes a password protected token - which expires within 7 days of being issued. Customer can receive this secure login URL via email. It should be noted that email is inherently insecure and use of this means of transmission are at the discretion of the account holder. Customers with access to the web portal will never have access to another customer’s data or any other financial data other than their own invoice and payment history.
Access By Employees/Contractors
The service is also intended to serve as a web portal for use by employees, staff, and sub-contractors. These logins are also controlled by the account admin, or an employee user with admin permissions. Access to various parts of the web portal can also be restricted. For example, only employees with access to customer data or customer billing data may access those screens. The web portal does not store or display sensitive employee data such as the Social Security Number, salary, or other payroll data.
Security of Data Transmission
Data Security Between Our Sync Software and Web Portal
The Sync Software transmits and receives data from the web portal via the HTTPS protocol. Data is transmitted as XML.
Data Security on the Web Portal
The entire web portal is secured via SSL encryption. If a customer wishes to implement a custom URL, a dedicated IP address is assigned and an SSL certificate is created and implemented as well.
Data Storage Security
Physical Security
Our web and database servers are housed in a secured data center with 24/7 security. Physical access to servers is restricted to hardware and software maintenance personnel either employed or contracted by GoTomyAccounts.com.
Software/Database Security
Limited personnel are granted access to database and web storage files for the purpose of software development and troubleshooting. All data access is logged. Passwords for these services are changed at regular intervals. Access accounts for terminated staff/contractors are immediately disabled and/or removed from our systems.
Access of Accounts by Support/Development Staff
GoToMyAccounts.com staff will never access your or your customer data without your express permission. If a support person or developer believes that accessing a portal account would be beneficial to resolving an issue, they will always first request permission to do so from the account holder.
Contact by GoToMyAccounts.com
Contact by Email/Phone
Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.