Privacy Policy

Effective Date: January 16, 2026

ShareTrack, Inc. ("ShareTrack," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cap table and certificate management platform, including our integrations with third-party services such as QuickBooks Online.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: Name, email address, organization name, job title, phone number, and password when you create an account.
  • Shareholder Data: Names, addresses, contact information, ownership records, share certificates, and transaction history you enter into the platform.
  • Payment Information: Billing address and payment details processed through our PCI-compliant payment processors. We do not store full credit card numbers on our servers.
  • Communications: Messages, support requests, meeting recordings, and feedback you send to us.
  • Board Meeting Content: Audio recordings, transcriptions, and meeting minutes you upload or generate using our AI-powered features.

1.2 Information from Third-Party Integrations

When you connect ShareTrack to third-party services, we may receive information from those services:

  • QuickBooks Online: When you authorize the QuickBooks Online integration, we access your company name, customer records, invoice data, and payment status as necessary to sync invoices and maintain customer records. We access this data solely to provide the integration functionality you have authorized.
  • Authentication Providers: If you use single sign-on (SSO), we receive basic profile information from your identity provider.

1.3 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on the platform, click patterns, and interaction analytics.
  • Device Information: Browser type and version, operating system, IP address, device identifiers, and screen resolution.
  • Cookies and Similar Technologies: Session cookies for authentication, preference cookies for user experience, and analytics cookies to understand usage patterns. See Section 10 for more details.
  • Log Data: Server logs including access times, error logs, and request metadata. We do NOT log QuickBooks data, OAuth tokens, or user credentials in our application logs.

2. How We Use Your Information

We use collected information exclusively for the following purposes:

  • Service Delivery: Provide, operate, and maintain our platform and its features
  • Transaction Processing: Process subscriptions, generate invoices, and sync data with authorized integrations
  • Communication: Send administrative messages, security alerts, and service updates
  • Support: Respond to your support requests and troubleshoot issues
  • Improvement: Analyze usage patterns to enhance platform performance and user experience
  • Security: Detect, prevent, and address fraud, abuse, and security issues
  • Compliance: Comply with legal obligations and enforce our terms

3. QuickBooks Online Data Handling

We take special care with data accessed through the QuickBooks Online integration:

3.1 Data We Access

When you authorize the integration, we access:

  • Company profile information
  • Customer records (names, addresses, email)
  • Invoice creation and status
  • Payment status for invoices we create

3.2 How We Use QuickBooks Data

  • We use QuickBooks data solely to provide the invoice synchronization feature you have authorized
  • We do not sell, rent, or share QuickBooks data with third parties for their own purposes
  • We do not use QuickBooks data for advertising or marketing purposes
  • We do not provide API access to QuickBooks data to any third parties
  • QuickBooks data is not used for any purpose beyond the functional operation of the integration

3.3 Data Storage and Security

  • OAuth access tokens and refresh tokens are encrypted at rest using AES-256 encryption
  • Tokens are stored server-side only; never exposed to client-side code or browsers
  • Tokens are never logged or exposed in URLs, error messages, or application logs
  • QuickBooks data is stored in isolated, encrypted database tables with row-level security
  • Proactive token refresh occurs before expiration to maintain seamless connectivity
  • CSRF protection via OAuth state parameter prevents unauthorized authorization requests

3.4 Synchronization Model

  • All syncs are user-initiated (on-demand); no continuous background data capture
  • Invoice syncs push data from ShareTrack to QuickBooks (not the reverse)
  • Customer syncs pull contact updates from QuickBooks to update shareholder records
  • Financial reports are fetched on-demand for dashboard display only

3.5 Disconnection and Data Deletion

You may disconnect the QuickBooks integration at any time through your ShareTrack account settings. Upon disconnection:

  • We immediately and permanently delete all stored OAuth tokens
  • We cease all access to your QuickBooks account
  • Historical sync status records may be retained for audit purposes but no new data will be accessed
  • You may request complete deletion of all QuickBooks-related data by contacting privacy@sharetrack.org

4. Deepgram Audio Transcription

ShareTrack uses Deepgram for audio transcription of board meeting recordings:

4.1 Data We Send to Deepgram

  • Audio files you upload for transcription (MP3, WAV, and other audio formats)
  • No personally identifiable information is sent as metadata
  • Audio is transmitted securely via HTTPS/TLS

4.2 How Deepgram Processes Your Data

  • Stateless Processing: Deepgram processes audio in real-time and does not store your audio files
  • No Training: Your audio is not used to train Deepgram's AI models
  • Immediate Deletion: Audio data is deleted from Deepgram's servers immediately after transcription
  • Speaker Diarization: The transcription identifies different speakers but does not identify individuals by name

4.3 Data Returned

Deepgram returns a text transcript with speaker labels. This transcript is stored in ShareTrack's database associated with your board meeting record. We do not share transcripts with third parties.

4.4 Your Control

  • Audio transcription is entirely optional—you can enter meeting minutes manually
  • You can delete transcripts at any time through the ShareTrack interface
  • Original audio files are stored in ShareTrack; you control their retention and deletion

5. OpenAI Meeting Minutes Generation

ShareTrack uses OpenAI to generate professional meeting minutes from transcripts:

5.1 Data We Send to OpenAI

  • Meeting transcripts (text only, not audio)
  • Meeting metadata (date, time, meeting name)
  • Your selected detail level preference (summary, standard, or detailed)

5.2 How OpenAI Processes Your Data

  • API Processing: Data is sent via OpenAI's API and processed according to their API Data Usage Policy
  • No Training: OpenAI does not use API data to train their models
  • Data Retention: OpenAI may retain API inputs for up to 30 days for abuse monitoring, then deletes them
  • No Human Review: Unless flagged for safety, your content is not reviewed by OpenAI staff

5.3 Generated Content

OpenAI returns formatted meeting minutes including:

  • Call to order and adjournment times
  • Attendees present (extracted from transcript)
  • Agenda and topics discussed
  • Motions, resolutions, and voting outcomes
  • Action items with responsible parties

Generated minutes are stored in ShareTrack and can be edited, printed, or deleted by you.

5.4 Your Control

  • AI minutes generation is optional—you can write minutes manually
  • You can edit or completely replace AI-generated content before saving
  • You control the detail level of generated minutes
  • All generated content can be deleted at any time

6. Information Sharing and Disclosure

We do not sell your personal information. We may share data only in the following circumstances:

6.1 Service Providers

We use trusted third-party service providers who assist in operating our platform:

  • Cloud Infrastructure: Hosting, database, and storage services
  • Payment Processing: PCI-compliant payment processors for subscription billing
  • Analytics: Anonymized usage analytics to improve our service
  • AI Services: Audio transcription and meeting minutes generation

All service providers are contractually obligated to protect your data and use it only for the services they provide to us.

6.2 Third-Party Integrations

When you authorize integrations (such as QuickBooks Online), we share data as necessary to provide the integration functionality. Your use of third-party services is governed by their respective privacy policies.

6.3 Legal Requirements

We may disclose information when required by law, subpoena, court order, or government request, or to protect our rights, property, and safety.

6.4 Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will notify you of any such change and any choices you may have.

7. Data Security

We implement comprehensive security measures aligned with industry best practices:

7.1 Encryption

  • In Transit: All data transmitted using TLS 1.2 or higher with AES-256 encryption
  • At Rest: All sensitive data encrypted using AES-256 encryption
  • Credentials: User passwords hashed using bcrypt with appropriate cost factors; never stored in plain text

7.2 Access Controls

  • Multi-tenant data isolation with database row-level security (RLS)
  • Role-based access controls (RBAC) for user permissions
  • Session management with secure, HTTP-only cookies
  • Automatic session timeout and invalidation

7.3 Infrastructure Security

  • Regular security patches and updates applied to all systems
  • HTTPS enforced on all application endpoints
  • Protection against CSRF, XSS, SQL injection, and other common vulnerabilities
  • Regular security audits and vulnerability assessments
  • Automated backup and disaster recovery procedures

7.4 Logging and Monitoring

  • Security event monitoring and alerting
  • Audit logs for sensitive operations
  • We do NOT log user credentials, OAuth tokens, or sensitive QuickBooks data

8. Data Retention

  • Active Accounts: We retain your data for as long as your account is active and as needed to provide services.
  • Account Termination: Upon account termination, we will delete or anonymize your data within 90 days, unless retention is required by law or for legitimate business purposes (such as audit trails).
  • Backup Retention: Encrypted backups may be retained for up to 30 days after deletion for disaster recovery purposes.
  • Legal Holds: Data subject to legal holds or regulatory requirements may be retained longer as required.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request restriction of certain processing activities
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise these rights, contact us at privacy@sharetrack.org. We will respond to your request within 30 days.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect, use, and disclose
  • Right to request deletion of your personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

11. International Data Transfers

ShareTrack is based in the United States. If you access our services from outside the US, your information may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable laws.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Enable core functionality like authentication and security
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Understand how users interact with our platform

You can control cookies through your browser settings. Note that disabling essential cookies may impact platform functionality.

13. Children's Privacy

ShareTrack is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the updated policy on this page with a new effective date
  • Sending an email notification for significant changes
  • Displaying an in-app notification

Your continued use of ShareTrack after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

For QuickBooks-related privacy inquiries, you may also contact Intuit directly at their privacy portal.