Security

• All of our infrastructure is managed following the latest best practices in security
  ‍
• Our databases all employ industry-standard AES-256 encryption-at-rest for the entire dataset, and sensitive data is additionally protected by AES-256 application-level encryption
  ‍
• When communicating between systems, LiveFlow always uses TLS encryption, a cryptographic protocol designed for privacy and data security
  ‍
• The abilities to access or modify our systems are granted on the principle of least privilege, and are always protected by multi-factor authentication

In order to import reports from QuickBooks, we need to store tokens that allow us to perform API operations on the user’s behalf

• We always store the access tokens with the highest-level of protection, including both at-rest and application-level encryption
  
  
• The access these tokens are providing can easily be revoked by the user with just one click inside our application, or via QuickBooks Online
  
  

In order to debug issues that may arise, our engineers may need to inspect the structure of the reports that LiveFlow has created in your spreadsheets

• Unless the user has explicitly granted them access to a spreadsheet, they will not be able to see any of the sensitive information inside those sheets
  
  
• They will be able to identify the positions of the various rows and columns, but they will not be able to see any names or numbers in the sheet, or in the report data received from QuickBooks
  
  

LiveFlow only ever reads data from the QuickBooks API, and will never make changes to your data in QuickBooks

In order for LiveFlow to help automate your workflows in Google Sheets, we need you to authorize our application to perform various operations on your behalf. When you first install LiveFlow, you’ll be presented with a screen like the one shown below.

Some of these permissions might sound a little bit scary at first glance, but let us outline here why exactly we need each of them.


See, edit, create and delete all your Google Sheets spreadsheets

First and foremost, our application needs to be able to edit your spreadsheets in order to create and refresh all the reports you create. In order for us to perform all the operations necessary to complete those actions efficiently, we need to use the Google Sheets API. Without this permission, we simply can’t do all the nice things we want to do for you.

We will only ever use this access in spreadsheets where you have explicitly activated LiveFlow. Within each spreadsheet where LiveFlow is activated, we will only ever make changes in sheets created by LiveFlow. Even within each sheet, LiveFlow will only ever make changes to rows and columns created by LiveFlow – if you add your own rows and columns to the sheet, we won’t touch them! We will never delete any of your spreadsheets, sheets, rows, or columns.

Connect to an external service

This permission allows us to communicate with systems and services outside of Google Sheets. We need this permission to communicate with: 

• QuickBooks: required to import and refresh your reports
• Our own backend APIs: required to authorize access and coordinate integrations
• MixPanel: to track usage of important features

‍

Allow this application to run when you are not present

LiveFlow provides a simple way to import reports from QuickBooks into Google Sheets, but some of the best value we provide comes from automatically refreshing those reports. You can choose to refresh your reports whenever you open your spreadsheet, or to automatically refresh every hour. In either case, we need permission to do our work without you having to actively open our add-on every time.

Display and run third-party web content in prompts and sidebars inside Google applications

This one’s pretty simple! In order to allow you to interact with LiveFlow inside Google Sheets, we need this permission to show you our user interface. That user interface allows you to connect QuickBooks accounts, to create and manage your reports, and even to drill down into your numbers without leaving the sheet – without this permission, we couldn’t do any of that.