Last updated: March 2026
When you connect your QuickBooks Online account, we access invoice, payment, and customer data solely to sync it to your Mercury account. We store your QuickBooks Realm ID and OAuth tokens to maintain the connection.
Your Mercury API token is encrypted at rest using AES-256-GCM and is never exposed in plain text after initial entry. We do not share your credentials with any third party.
Sync logs are retained for 90 days. When you disconnect, all data (credentials, mappings, and logs) is permanently deleted within 30 days. You can request immediate deletion at any time.
For privacy questions, email privacy@billrelay.io.