Privacy Policy
Last updated: June 26, 2026
This Privacy Policy explains how MaidCRM (the "Service"), operated by SerpInsider, the operator of MaidCRM and its affiliated residential cleaning brands (the "Operator", "we", "us", or "our"), collects, uses, stores, and protects information. MaidCRM is a private, internal business operations and accounting tool hosted at maidcrm.com and used only by the Operator's authorized staff. This policy gives particular detail on how MaidCRM handles financial data read from connected QuickBooks Online accounts through the Intuit API, because that data is sensitive and is governed by Intuit's requirements.
1. Who this policy covers
MaidCRM is not a consumer product and does not offer public sign-up. Its users are the Operator's owner, virtual assistants, accountant, and other authorized personnel. The data inside MaidCRM relates to the Operator's own business: its customers, leads, cleaners, bookings, communications, and accounting. This policy describes how that data, including data connected from third-party services, is handled.
2. Information we collect
We collect and process the following categories of information:
- Operational business data. Customer and lead contact details, addresses, booking and scheduling information, service history, cleaner onboarding and assignment data, and internal notes, created in the course of running the Operator's cleaning business.
- Communication data. Email and SMS messages sent to and received from customers and cleaners through connected providers, along with their delivery and engagement metadata.
- Authorized-user account data. The identity, login credentials, and role of each authorized staff member, managed through our authentication provider.
- Financial and accounting data from QuickBooks Online. When the Operator connects a QuickBooks Online account, MaidCRM reads accounting data through the Intuit API. This can include profit and loss data, income and expense transactions, invoices, accounts, classes, vendors, and related reporting figures, scoped per brand. This data is used to display accounting and reporting inside MaidCRM. See Section 4 for full detail.
- Payment data. Payment and payout records processed through our payment provider. Full card numbers are handled by the payment provider and are not stored by MaidCRM.
3. How we use information
We use the information above only to operate the Operator's business, specifically to:
- Manage leads, bookings, scheduling, and customer and cleaner communication.
- Produce internal reporting and accounting, including profit and loss, per-brand accounting, and financial dashboards displayed inside MaidCRM.
- Process payments and cleaner payouts.
- Maintain the security and integrity of the Service.
We do not use this information for advertising, and we do not sell it.
4. QuickBooks Online and Intuit data
This section describes how MaidCRM handles data connected from QuickBooks Online ("QBO") through the Intuit Developer APIs.
- Read-only access. MaidCRM reads accounting data from connected QuickBooks Online accounts for reporting purposes only. MaidCRM does not create, modify, or delete any records in your QuickBooks Online account. We request only the access scopes needed to read this reporting data.
- What is read. Accounting and reporting data such as profit and loss reports, income and expense transactions, invoices, accounts, classes, vendors, and company metadata, organized per brand.
- How it is used. Solely to display accounting and financial reporting inside MaidCRM for the Operator's authorized staff, including consolidated and per-brand profit and loss and related internal dashboards. It is used for the Operator's own internal business reporting and for no other purpose.
- Not sold, not shared. QuickBooks Online and Intuit data is never sold, rented, or shared with any third party. It is accessible only to the Operator's authorized staff inside MaidCRM.
- OAuth token security. The OAuth access and refresh tokens that authorize the connection to QuickBooks Online are stored encrypted, server-side only, and are never exposed to the browser or to unauthorized users. Tokens are used only to make read requests to the Intuit API on the Operator's behalf and are refreshed automatically through Intuit's standard OAuth flow.
- Disconnecting. The Operator can disconnect the QuickBooks Online connection at any time, either from within MaidCRM's accounting settings or from the Intuit side. On disconnect, MaidCRM marks the connection inactive, best-effort revokes the stored token with Intuit, and stops reading data from that account. See Section 8 for deletion requests.
5. Other third-party integrations
MaidCRM connects to the following additional services to operate. Each is used only for its stated function, and each provider processes data under its own terms and privacy policy:
- Stripe processes customer payments and cleaner payouts. Card data is handled by Stripe and is not stored by MaidCRM.
- Resend sends transactional and operational email to customers and cleaners.
- OpenPhone sends and receives SMS and call communication with customers and cleaners.
- Clerk provides authentication and identity for authorized staff accounts on maidcrm.com.
- Google is used for connected account and OAuth functionality where the Operator authorizes it.
6. How we store and secure data
Data is encrypted in transit using TLS and encrypted at rest by our hosting and database providers. Sensitive credentials, including third-party OAuth tokens such as the QuickBooks Online connection tokens, are stored server-side only and are never exposed to the client. Access to the Service and its data is restricted to authorized staff and is scoped by role, so each user can reach only the data appropriate to their function. We apply administrative and technical safeguards appropriate to the sensitivity of the data, including authentication on all non-public routes.
7. Data retention
We retain operational and financial data for as long as it is needed for the Operator's legitimate business and accounting purposes, and to meet legal, tax, and recordkeeping obligations. Financial and accounting data read from QuickBooks Online is retained only as long as needed for internal reporting; when a QuickBooks Online connection is disconnected, the associated access tokens are revoked and no further data is read from that account. Data that is no longer needed is deleted or archived in line with our internal retention practices.
8. Disconnecting and deletion requests
The Operator can disconnect the QuickBooks Online connection at any time from MaidCRM's accounting settings or from the Intuit side, which stops all further reading of Intuit data and revokes the stored token. To request deletion of data MaidCRM holds, including any cached QuickBooks Online reporting data and stored OAuth tokens, contact us at privacy@maidcrm.com. We will action verified deletion requests promptly, subject to any legal or tax recordkeeping obligations that require limited retention.
9. Children
MaidCRM is an internal business tool and is not directed to children. We do not knowingly collect personal information from children.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
11. Governing law and contact
This Privacy Policy is governed by the laws of the United States and the state in which the Operator is principally located. Questions about this policy or about how data is handled, including QuickBooks Online and Intuit data, can be directed to privacy@maidcrm.com.