Legal

Privacy Policy

Effective Date: March 1, 2026  ·  Last Updated: March 1, 2026

1. Who We Are

MSPA Money ("we," "us," or "our") is a financial intelligence platform operated by MSPA Money LLC. Our platform connects to QuickBooks Online and bank accounts to provide med-spa-specific financial analysis, benchmarking, and coaching insights to practice owners.

Contact us at: support@mspamoney.com

2. Information We Collect

We collect the following categories of information:

Account Information

• Name, email address, and password when you create an account
• Business name and practice details you provide during onboarding
• Billing information processed through Stripe (we do not store card numbers)

QuickBooks Data (via Intuit API)

• Profit & loss statements and financial reports
• Chart of accounts and account structures
• Transaction categorizations and vendor information
• We access your QuickBooks data with read and write permissions to install our chart of accounts template and pull financial reports. We do not access personal patient data through QuickBooks.

Bank Account Data (via Plaid)

• Account balances and institution names
• Transaction data for cash flow analysis
• We access bank data through Plaid's secure API. We do not store your bank login credentials.

Usage Data

• Pages and features accessed within the platform
• Browser type, device type, and IP address
• Session timing and interaction data for product improvement

3. How We Use Your Information

We use your information to:

• Provide and operate the MSPA Money platform and dashboard
• Pull and analyze your financial data from QuickBooks and Plaid
• Generate benchmark comparisons, coaching insights, and financial reports
• Reconcile your books and install the MSPA chart of accounts (with your authorization)
• Process payments through Stripe
• Send monthly financial reports and important account notifications
• Improve our platform features and performance
• Comply with legal obligations

We do not sell your personal information or financial data to third parties. We do not use your financial data for advertising purposes.

4. QuickBooks Integration & Intuit Data

Our platform integrates with Intuit QuickBooks Online via their official API. By connecting your QuickBooks account, you authorize MSPA Money to:

• Read your financial reports, chart of accounts, and transaction data
• Write to your QuickBooks account to install the MSPA chart of accounts template during onboarding (with your explicit approval)
• Refresh your authorization token to maintain the connection

Your QuickBooks credentials are never stored by MSPA Money. We use OAuth 2.0 tokens issued by Intuit, which you can revoke at any time through your Intuit account settings. We handle Intuit data in accordance with Intuit's API Terms of Service.

5. Plaid Integration & Bank Data

Bank account connections are powered by Plaid Technologies, Inc. When you connect a bank account:

• You authenticate directly with your bank through Plaid's secure interface
• MSPA Money receives account balance and transaction data through Plaid's API
• Your bank login credentials are never seen or stored by MSPA Money
• You can disconnect your bank account at any time through the Settings panel

Plaid's privacy practices are governed by Plaid's Privacy Policy.

6. Data Storage & Security

Your data is stored securely using the following infrastructure:

• Database: Supabase (hosted on AWS), with row-level security ensuring each account can only access its own data
• API: Hosted on Railway with environment-variable-based secret management
• All data in transit is encrypted using TLS 1.2 or higher
• OAuth tokens are stored encrypted and are never exposed in client-side code

We follow industry-standard security practices, but no system is 100% secure. We will notify you promptly in the event of a data breach that affects your personal information.

7. Data Sharing

We share your data only in the following limited circumstances:

• Service Providers: Supabase (database), Railway (hosting), Stripe (payments), Plaid (bank connections), Intuit (QuickBooks API). Each is bound by data processing agreements.
• Your Bookkeeper: If you are assigned a MSPA Money bookkeeper as part of your onboarding, they will access your QuickBooks account with your authorization to reconcile books and install the chart of accounts.
• Coaches: If your account is linked to a coaching relationship (e.g., with a George Birnbach coaching program), your coach may view your dashboard with your consent.
• Legal Requirements: We may disclose information if required by law, court order, or government authority.
• Business Transfer: If MSPA Money is acquired or merged, your data may be transferred as part of that transaction, with notice provided to you.

We do not sell your data. We do not share financial data with any third party for advertising or marketing purposes.

8. Data Retention

We retain your account data for as long as your account is active. If you cancel your subscription:

• Your dashboard access is deactivated immediately
• Your financial data is retained for 90 days to allow for data export requests
• After 90 days, your data is permanently deleted from our systems
• QuickBooks and bank connections are revoked automatically upon account closure

9. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Export your financial data before account closure
• Revoke QuickBooks and bank connections at any time
• Opt out of non-essential communications

To exercise any of these rights, contact us at support@mspamoney.com.

10. Cookies

We use minimal cookies necessary for platform operation:

• Authentication session cookies (required for login)
• Preference cookies (dashboard settings)

We do not use advertising cookies or third-party tracking cookies.

11. Children's Privacy

MSPA Money is a business-to-business platform intended for use by adults operating medical spa businesses. We do not knowingly collect information from anyone under 18 years of age.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy on this page with a revised effective date. Continued use of the platform after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions, requests, or concerns:

• Email: support@mspamoney.com
• Website: mspamoney.com