Temporary data storage

  • Conductor does not permanently retain your end-user data (such as QuickBooks Desktop data).
  • For operational purposes, API request logs, which include end-user data, are temporarily stored securely in a SOC 2 compliant log manager for 15 days before permanent deletion.
  • The logs are encrypted at rest using AES-256 and in transit using HTTPS/TLS.
  • The logs are stored in certified data centers located in Germany and Finland within the EU.
  • Access to these logs is strictly limited to authorized Conductor engineers, who use them solely for debugging, customer support, and product improvement.

Permanent data storage

  • The only data Conductor stores permanently pertains to managing and authenticating your Conductor account, connections, end-users, API keys, and projects. This does not include any end-user data.
  • This data is stored in a centralized SOC 2 compliant database hosted by AWS in the US West (Oregon) region. There is no physical or logical separation of customer data within the database.
  • The database is encrypted at rest and requires SSL/TLS encryption for all connections.
  • Access to the database is strictly limited to authorized Conductor engineers.

API request security

  • All API requests to Conductor are authenticated using an API key and restricted to HTTPS.
  • Secret API keys are cryptographically signed (JWT + HS256). The full plaintext value is never stored on Conductor’s servers.
  • Data in transit is encrypted, and requests are processed through our SOC 2 compliant backend hosted by AWS in the US West (Oregon) region.

Security and compliance

  • Conductor is currently in its 2025 SOC 2 Type 2 audit with an independent AICPA-accredited auditor. We use the same firm who audits OpenAI and Perplexity.
  • Conductor satisfies the controls for SOC 2 Type 2’s Security, Availability, and Confidentiality Trust Service Criteria, as enumerated in Conductor’s Trust Center.
  • Conductor’s Privacy Policy outlines our data handling practices.

Data subprocessors

Conductor subprocessors are third-party entities authorized to process data to support Conductor services in accordance with our service agreements. Conductor requires each subprocessor to meet specific contractual obligations to ensure they enforce security controls and comply with data protection regulations.
SubprocessorFunctionLocation
Better StackLogging manager for ingesting, parsing, and querying API request logs for debugging, offering customer support, and product improvement purposes. Retains end-user data for 15 days before deletion.Germany, Finland
NeonPostgres database hosting (using AWS underneath) for managing customer data, such as for authentication, connections, and account management. Does not store any end-user data.Oregon - US West (AWS)
RenderCompute instance hosting (using AWS underneath) for running Conductor’s core API services. Processes and transmits end-user data as needed to authenticate, process, and fulfill customers’ API requests.Oregon - US West (AWS)
SentryApplication monitoring and error tracking. Captures diagnostic data and metadata around application errors and performance issues. May include limited customer data if present in error contexts.Iowa, U.S.; Frankfurt, Germany
VercelWeb app hosting for Conductor’s web user interfaces. Does not directly process or store customer and end-user data.N. California - US West (AWS)

Data processing

Categories of personal data transferred

The specific categories of personal data processed will depend on what data the customer chooses to request from QuickBooks Desktop company files via Conductor’s API. This could include data such as names, contact information, financial account details, transaction records, and accounting data related to the employees, contractors, customers, and vendors of the customer’s end-user businesses.

Sensitive data handling

Based on Conductor’s recommended API configuration, the QuickBooks Desktop data accessible via Conductor’s API typically would not include highly sensitive personal data, such as Social Security Numbers, credit card details, or bank account numbers. However, if explicitly requested by the customer via the Conductor API, some sensitive data transferred can include:
  • Payroll and benefits information for employees and contractors, without direct identifiers such as Social Security Numbers.
  • Confidential revenue, expense, and profitability data for end-users’ businesses.
  • Proprietary vendor and supplier details, contracts, and transaction terms.
Conductor applies the following safeguards to protect this sensitive data:
  • Strict purpose limitation: Sensitive data is only used for the specific purposes of enabling end-user integrations (e.g., QuickBooks Desktop) via Conductor’s API, and never for any other purposes.
  • Encryption: All sensitive data is encrypted in transit (HTTPS/TLS) and at rest (AES-256) using industry-standard encryption protocols.
  • Onward transfer restrictions: Conductor does not transfer any sensitive data to third parties or subprocessors without prior consent from the customer, and any approved transfers are governed by contracts ensuring the same level of data protection.
  • Retention limitations: Conductor does not retain any end-user data on a permanent basis. For operational purposes, API request logs that include end-user data are temporarily stored securely in a log manager for 15 days before permanent deletion.
  • Access restrictions: Access to sensitive customer and end-user data is restricted to only the necessary Conductor staff who have undergone specialized privacy and security training.

Data transfer frequency

As the customer’s end-users interact with the integration, data will be transferred via Conductor’s API on a continuous basis, whenever the customer initiates pulling data from or pushing data to QuickBooks Desktop. The frequency and volume of these transfers will depend on how the customer designs the integration and how actively their users engage with the QuickBooks Desktop connected features.