Privacy Policy
1. Scope
This Privacy Policy describes how Peregrine Professional Services Inc. (“Peregrine”, “we”) collects, uses, shares, and protects information when you use our services, including the Peregrine application, dashboard, and integrations with third-party platforms (collectively, the “Service”).
This policy applies to customers (the businesses we provide accounting and bookkeeping services to), authorized users (individuals at customer organizations who access the Service), and visitors to our website. We act primarily as a data processor for customer financial data and as a data controller for account and contact information of authorized users.
2. What We Collect
2.1 Account information
When you sign up or are added as an authorized user, we collect: name, business email address, role, and the workspace or company you are associated with. This information is provided directly by you or your organization’s administrator.
2.2 Connected platform data
When you authorize Peregrine to connect to a third-party platform on your behalf, we read data within the scope you grant. The categories below describe typical scopes; you grant access at the time of connection and may revoke at any time. Specific to the Intuit / QuickBooks Online integration:
- Read-only access to accounting records: transactions, invoices, bills, payments, journal entries, vendors, customers, accounts (chart of accounts), tax codes, items, and reports — limited to what is necessary to perform the bookkeeping and reconciliation services you have contracted Peregrine to provide.
- Company metadata: company name, fiscal-year start, currency, address (as set in QuickBooks).
- Connection metadata: realm IDs, OAuth tokens (encrypted at rest), token expiry, last-sync timestamps.
We connect to additional third-party platforms (such as Slack, Google Drive, Plaid, Float Financial, Rippling, and Financial Cents) only at your direction and only with the scopes necessary for the agreed services. The categories of data read from each platform are defined by the scope you grant during the connection flow and are documented in our service agreement.
2.3 Usage and device information
When you use the Service, we automatically collect: log entries (timestamps, IP address, request URL, response status), device and browser information (user agent), and product usage events (which pages were viewed, which actions were taken). We use this information for security, debugging, and improving the Service.
2.4 Communications
If you communicate with us by email or through support channels, we retain those communications and any attachments to provide support and maintain a record of our interactions.
3. What We Don’t Collect
- We do not collect or store payment-card numbers (PANs) for the businesses we serve. Where bank or card data is needed, we use machine-masked references (last-4 digits) provided by financial-data partners.
- We do not collect biometric data, health information, or special categories of personal data unless you knowingly upload them as attachments (which is not a normal use of the Service).
- We do not access third-party accounts beyond the OAuth scopes or API tokens you authorize, and we do not write back to a connected platform unless that capability is part of the agreed service and you have explicitly authorized it.
- We do not sell personal information.
4. How We Use It
We use the information described above to:
- Provide, maintain, and operate the Service, including running automated agents that perform bookkeeping, reconciliation, drift detection, and similar tasks on your data.
- Generate reports, alerts, and recommendations for your authorized users and senior reviewers (CPAs).
- Authenticate users, prevent fraud, and protect the Service from abuse.
- Communicate with you about the Service, including service-related announcements and customer support.
- Improve the Service through anonymized or aggregated analytics. We do not use your business’s identifiable data to train general-purpose AI models that benefit third parties.
- Comply with our legal and contractual obligations.
5. Sharing & Sub-processors
We share information only as necessary to operate the Service, with categories of recipients described below. We require sub-processors to protect information consistent with this policy and applicable law. Our current sub-processor list (subject to change with notice) includes:
| Sub-processor | Purpose | Region |
|---|---|---|
| Vercel Inc. | Application hosting and edge delivery | United States |
| Neon, Inc. | Postgres database hosting | United States (planned migration to Canadian region for Canadian customers) |
| Cloudflare, Inc. | DNS and security | Global |
| Clerk, Inc. | Authentication and session management (SSO + MFA) | United States |
| Anthropic, PBC | Large-language-model inference for agent operations under a zero-retention enterprise agreement | United States |
| GitHub, Inc. | Source-code hosting and CI checks | United States |
| Sentry (Functional Software, Inc.) | Application error monitoring (planned) | United States |
We may also share information with: (a) your authorized users within your organization; (b) your senior reviewer at Peregrine (the CPA accountable for your account); (c) professional advisors such as auditors and counsel under appropriate confidentiality obligations; (d) legal authorities when required by law or to protect rights, property, or safety; and (e) successors in the event of a merger, acquisition, or asset sale, with notice and continuation of equivalent protections.
6. Retention
We retain information for as long as needed to provide the Service and as required by applicable law, professional accounting standards, or contractual commitments. Typical retention periods:
- Bookkeeping records and source documents: 7 years after the end of the fiscal year, consistent with Canadian and U.S. tax-record retention norms.
- Transaction sync logs: 24 months.
- Webhook payloads: 90 days.
- Application debug logs: 30 days.
- Account and contact information: for the life of your account plus 7 years after termination.
On termination of the service agreement, we will return or destroy your data on request within 30 days, subject to retention required by law. Where we delete data, we destroy the per-customer encryption key, rendering any residual ciphertext permanently unreadable.
7. Security
We protect information using a layered set of administrative, technical, and physical controls, including:
- Encryption in transit (TLS 1.2+) and at rest (AES-256 or equivalent).
- Per-customer key wrapping for sensitive credentials and tokens, so a compromise affecting one customer cannot cascade to others.
- Single sign-on, multi-factor authentication, and just-in-time access for staff with operational access to production systems.
- Row-level security in the database to enforce per-customer isolation.
- Immutable audit logs of every operator action and every automated mutation.
- Annual third-party penetration testing (planned beginning January 2027) and SOC 2 evidence collection.
No method of transmission or storage is perfectly secure. If we become aware of a security incident affecting your information, we will notify you in accordance with applicable law and our service agreement, with a target of within 72 hours.
8. Data Residency & International Transfers
Peregrine is a Canadian company. Our primary infrastructure is currently hosted in the United States (Vercel and Neon’s aws-us-east-1 region). For Canadian customers subject to provincial privacy laws (including Quebec’s Law 25), we are planning a migration of database storage and model inference to Canadian regions; we will notify affected customers in advance of any change. Where international transfers occur, we rely on appropriate safeguards including contractual commitments and the standards of the receiving jurisdiction.
9. Your Rights
Subject to applicable law, you may have the right to:
- Access the personal information we hold about you.
- Request correction of inaccurate information.
- Request deletion of personal information, subject to retention required by law or to provide ongoing services.
- Object to or restrict certain processing.
- Receive a copy of personal information in a portable format.
- Withdraw consent for processing that relies on consent.
To exercise these rights, contact privacy@peregrineps.com. We will respond within the timeframe required by applicable law (typically 30 days). For business customers, requests concerning data we process on your behalf should be directed to your organization in the first instance.
10. Cookies
The Peregrine application dashboard uses functional cookies and similar technologies necessary for authentication, session management, and security. We do not use advertising or tracking cookies on the application. Our marketing website (peregrineps.com) may use a small number of analytics cookies to understand traffic; these can be disabled in your browser without affecting site functionality.
11. Children’s Privacy
The Service is intended for business use and is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.
12. Changes
We may update this Privacy Policy from time to time. Material changes will be communicated to customers with at least 30 days’ notice via email or through the Service. The current version is always available at peregrineps.com/legal/privacy, and previous versions are available on request.
13. Contact
For privacy questions, requests, or complaints, contact:
Peregrine Professional Services Inc.
Privacy Office
Ottawa, Ontario, Canada
Email: privacy@peregrineps.com
If you are located in Canada and are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada or your provincial privacy authority. If you are located in another jurisdiction, you may contact your local data-protection authority.