Privacy Policy

This Privacy Policy explains how PAC Door Order (“PAC”, “we”, “us”) collects, uses, stores, and shares information when you use our website at pac-os.app, our embedded door-builder iframe, and our administrative dashboard (collectively, the “Service”). PAC Door Order is operated by Phill Anton Consulting LLC and provides a multi-tenant SaaS platform used by cabinet door manufacturers (“merchants”) to manage custom door orders and to integrate with the merchant’s own accounting and e-commerce systems, including Intuit QuickBooks Online and Shopify.

We are the data controller for information collected from merchants who hold an account with us. For information collected from end customers who place orders through a merchant’s embedded door builder, we act as a data processor on behalf of that merchant.

1. Information we collect

1.1 Account and profile data

When a merchant signs up we collect their email address, password hash (we never store passwords in plain text — Supabase Auth handles credential hashing), display name, organization name, role, and profile preferences. Organization-level settings include branding colors, theme preferences, and notification email addresses.

1.2 Order and customer data

When an end customer submits a door order through a merchant’s embedded builder we collect the customer’s name, email address, postal address, phone number, and the full specification of the doors ordered (dimensions, finishes, hardware selections, line notes). This data is stored against the merchant’s organization and is visible only to that merchant’s admin users and to PAC’s platform administrators for support and abuse investigation.

1.3 QuickBooks Online integration data

When a merchant connects their QuickBooks Online account to PAC, we receive and store:

• The merchant’s Intuit company ID (“realmId”).
• An OAuth 2.0 access token (one-hour lifetime) and refresh token (rotating, 100-day maximum lifetime), each encrypted at rest with AES-256-GCM before being written to our database. Plain-text tokens exist only in server memory for the duration of a single request.
• The merchant’s QuickBooks company name, displayed in the merchant’s PAC admin to confirm which company is connected.
• When a door order is created through the QuickBooks Online checkout backend, we write an Invoice to the merchant’s QuickBooks company on the merchant’s behalf and store the QuickBooks invoice ID against the order so the merchant can re-open it later. The line-item content of that invoice (door specifications, customer name, totals) is the same order data described in section 1.2.

We do not store the merchant’s QuickBooks accounting data (balances, ledgers, prior invoices, customers we did not create, expenses, payroll, or bank-feed data) on our servers. We read company name and item-catalog records only as needed to create invoices and we discard them after each request.

Merchants can disconnect QuickBooks Online at any time from PAC admin → Integrations → Disconnect QuickBooks. On disconnect we revoke the refresh token with Intuit and null all QuickBooks columns on the merchant’s organization record. Invoices previously created in the merchant’s QuickBooks remain in QuickBooks — disconnecting from PAC does not delete the merchant’s accounting history.

1.4 Shopify integration data

When a merchant connects a Shopify store we receive and store an encrypted Shopify Admin API token scoped to their store and the store domain (e.g. example.myshopify.com). We use this token solely to create Draft Orders on the merchant’s behalf when a customer submits a door order, and to read order status for reconciliation. We do not access Shopify customer lists, product catalogs unrelated to door orders, or financial data.

1.5 Usage and diagnostic data

We collect application logs (timestamps, request paths, error messages, IP address, user-agent string) for security monitoring, debugging, and abuse prevention. Errors are sent to Sentry for diagnostic purposes. We do not use third-party advertising trackers.

1.6 Cookies

We set the following cookies, all HttpOnly and Secure in production:

• Session cookies issued by Supabase Auth to keep a merchant signed in.
• OAuth state cookies (10-minute lifetime) used during the QuickBooks Online and Shopify connect flows to prevent cross-site request forgery.
• Org-selection cookies recording the last organization a merchant was viewing, so we can return them to the right context after navigation.

We do not use third-party advertising or analytics cookies.

2. How we use information

• To provide the Service: render the door builder, save drafts, compute pricing, dispatch orders to a merchant’s chosen checkout backend.
• To authenticate users and authorize access to merchant-scoped data.
• To send transactional email (order confirmations, password resets, integration-failure notifications).
• To detect and prevent abuse, fraud, and security incidents.
• To improve the Service based on aggregated, non-identifying usage patterns.

We do not sell personal information. We do not share personal information with third parties for their own marketing purposes.

3. Sub-processors and integrations

We rely on the following sub-processors to deliver the Service. Each is bound by their own privacy and security commitments; clicking through to their policies will give the full detail.

• Supabase — managed Postgres database, authentication, file storage. supabase.com/privacy
• Vercel — application hosting and edge network. vercel.com/legal/privacy-policy
• Intuit (QuickBooks Online) — invoked when a merchant opts into the QuickBooks Online checkout backend; PAC writes invoices to the merchant’s QBO account. intuit.com/privacy/statement
• Shopify — invoked when a merchant opts into the Shopify checkout backend; PAC writes Draft Orders to the merchant’s Shopify store. shopify.com/legal/privacy
• Resend — transactional email delivery. resend.com/legal/privacy-policy
• Sentry — application error monitoring. sentry.io/privacy
• Mapbox — address autocomplete on the customer order form. mapbox.com/legal/privacy
• Google Document AI — optional, used when a merchant uploads a handwritten or printed order sheet for parsing. policies.google.com/privacy
• Anthropic / OpenAI — used by optional AI-assisted features inside the merchant dashboard; we do not send customer order data to these APIs. anthropic.com/legal/privacy · openai.com/policies/privacy-policy

4. Data security

• All data in transit between browsers, our servers, and our sub-processors is encrypted with TLS 1.2 or higher.
• Sensitive secrets persisted in our database — including QuickBooks Online refresh tokens, Shopify Admin API tokens, and webhook verifier secrets — are encrypted at rest using AES-256-GCM. Encryption keys are stored separately from the database, version-prefixed on every ciphertext to support key rotation without downtime.
• Database access is restricted to PAC’s production application role. PostgreSQL row-level security policies enforce per-organization isolation so that an authenticated request scoped to one organization cannot read or write rows belonging to another.
• PAC engineers access production data only when investigating support tickets or security incidents, with multi-factor authentication required on every administrative login.
• We log capture API correlation identifiers (including Intuit’s intuit_tid header) for every external API call so incidents can be traced to the originating request.

5. Data retention

Account data is retained for as long as the merchant’s account is active. Order data is retained as long as the parent organization exists so merchants can re-open past orders. Application logs are retained for 30 days. Sentry error data is retained per Sentry’s default retention.

On account deletion (see Section 7) we delete all personal data within 30 days, except where a longer retention period is required by law (e.g. tax records).

6. International transfers

PAC’s servers and primary sub-processors are located in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States.

7. Your rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete personal data we hold about you. To exercise any of these rights, contact us at the address below.

• Merchants can update most account data directly in PAC admin settings.
• Merchants can disconnect QuickBooks Online and Shopify at any time from PAC admin → Integrations.
• End customers should contact the merchant who took their order to amend or delete data the merchant collected; PAC will assist the merchant in fulfilling such requests.
• To delete an entire merchant account, email us at support@pac-os.app. We will confirm by email before deletion.

8. Children

The Service is not directed to children under the age of 16 and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of this page reflects the most recent change. Material changes will be announced in the merchant admin dashboard at least seven days before they take effect.

10. Contact

Questions or requests can be sent to support@pac-os.app. If you reach us about a specific QuickBooks Online connection, please include your organization slug and the approximate time of the issue so we can locate the relevant logs.