1 What Data We Collect

BOS collects data from client business systems only through explicit, client-authorized API connections. The data we may access includes:

• Financial data — transactions, invoices, account balances, and financial reports
• Sales data — transactions, product records, and inventory levels
• Customer and vendor information — names, contact details, and account history
• Operational and compliance data required for reporting and analytics

Data is collected exclusively from systems the client explicitly authorizes BOS to access. We do not collect data beyond the scope required to deliver agreed-upon services.

2 How We Use Data

BOS uses client data exclusively for legitimate business intelligence and service delivery purposes, including:

• Building consolidated dashboards and reports tailored to the client’s business
• Providing business intelligence, analytics, and performance insights
• Fulfilling the specific scope of work defined in our service agreement

We do not sell, rent, share, or otherwise disclose client data to third parties for marketing or commercial purposes. Data is never used for any purpose beyond what is outlined in the client’s service agreement.

3 How We Protect Data

BOS applies industry-standard security controls to protect all client data:

• Encryption in transit using TLS 1.2 or higher for all data transfers
• Encryption at rest for all stored data within our cloud infrastructure
• Secure credential storage using Microsoft Azure Key Vault
• Role-based access controls limiting data access to authorized BOS personnel only
• Regular security reviews and monitoring of data infrastructure

Access to client data is restricted to BOS personnel directly involved in delivering services to that client.

4 Data Retention

BOS retains client data for the duration of the active service engagement. Upon termination of services, client data is retained for up to 90 days to support continuity and transition, after which it is securely deleted.

Clients may request earlier deletion of their data at any time by contacting BOS in writing. We will confirm deletion within 30 days of a verified request.

5 Third-Party Services

To deliver our solutions, BOS utilizes the following third-party service providers. Each maintains their own privacy policies and security certifications:

• Microsoft Azure — cloud infrastructure and encrypted data storage (US regions)
• Microsoft Power BI — dashboard and report delivery
• Intuit QuickBooks Online API — authorized access to client accounting data

BOS will notify clients of any material changes to third-party providers that may affect data handling.

6 Client Rights

Clients have the right to:

• Request a description of data BOS holds on their behalf
• Request correction of inaccurate data
• Request deletion of their data at any time
• Revoke BOS access to any connected system at any time without penalty

To exercise any of these rights, contact us using the information below.

7 Updates to This Policy

BOS may update this Privacy Policy periodically to reflect changes in our services or applicable law. We will post the revised policy on this page with an updated effective date. Continued use of BOS services after any update constitutes acceptance of the revised policy.

Effective Date: February 24, 2026

8 Contact Us