Privacy Policy

Last updated: April 2, 2026

1. Overview

Canopy is an internal business management application operated by Landscape Images Ltd ("LIL," "we," "our"). This privacy policy describes how we collect, use, and protect information within the application, including data exchanged with third-party services such as Intuit QuickBooks Online.

2. Information We Collect

Canopy processes the following categories of information:

  • Employee data — names, email addresses, and roles for authenticated users of the application.
  • Client data — business names, contact information, service addresses, and project details entered by LIL staff.
  • Financial data — bids, pricing, and maintenance agreement terms created within the application.
  • QuickBooks data — customer records, employee records, project records, and time entries synchronized from Intuit QuickBooks Online via their REST API.
  • Timekeeping data — crew time entries, clock-in/out times, and work logs recorded through the Crew Clock feature.

3. How We Use Information

All data collected and processed by Canopy is used exclusively to operate Landscape Images Ltd's business. Specifically:

  • Managing client relationships, leads, and project workflows.
  • Creating and tracking bids, maintenance agreements, and service schedules.
  • Synchronizing business records with QuickBooks Online for accounting purposes.
  • Tracking employee time and generating labor reports.

We do not sell, rent, or share any data with third parties for marketing or advertising purposes. Data is never used for purposes other than delivering our business services.

4. QuickBooks Online Integration

Canopy integrates with Intuit QuickBooks Online to synchronize customer, employee, project, and time entry records. This integration:

  • Requests only the com.intuit.quickbooks.accounting OAuth scope — the minimum required for our business operations.
  • Stores OAuth tokens (access and refresh) in a server-side database table accessible only via service-role credentials. Tokens are never exposed to client-side code.
  • Supports full disconnection — revoking tokens at Intuit and deleting all stored credentials locally.
  • Synchronizes data on a nightly schedule and on-demand by authorized administrators.

5. Data Storage and Security

  • Database — hosted on Supabase (PostgreSQL) with row-level security enabled on all tables. Encrypted at rest.
  • Application — hosted on Vercel. All traffic is encrypted in transit via HTTPS/TLS.
  • Authentication — invite-only access with email/password authentication. Role-based access control (super_admin, admin, staff, field) restricts access to sensitive operations.
  • Secrets — API keys and OAuth credentials are stored as server-side environment variables, never in client-side code or version control.

6. Customer-Facing Services

Canopy provides limited public-facing pages for LIL clients, including maintenance agreement review and onboarding forms. These pages:

  • Are accessible via unique, token-based URLs shared directly with clients.
  • Collect only the information necessary for agreement acceptance (e.g., signature, property access details, service preferences).
  • Do not use cookies for tracking or analytics.
  • Do not share client-submitted data with any third party.

7. Data Retention

Business records are retained for the duration of the client relationship and as required by applicable tax and business regulations. QuickBooks synchronization data is retained as long as the integration remains active. Users may request deletion of their personal data by contacting LIL management.

8. Access and Control

Only authorized LIL employees can access Canopy. Administrative functions (including QuickBooks connection management, user invitations, and feature configuration) are restricted to admin and super_admin roles. All write operations are recorded in an audit log.

9. Contact

For questions about this privacy policy or data handling practices, contact Landscape Images Ltd management directly.