QuickBooks integration¶
Beta — Integration details
This integration's setup steps are based on standard QuickBooks API patterns. Specific field names, scopes, and authentication flows will be verified against the live Dxtra application. If you encounter differences, please report an issue.
Connect QuickBooks to Dxtra to document financial data processing, manage data subject rights for customer and vendor records, and maintain compliance with privacy regulations while meeting financial record retention requirements.
Overview¶
QuickBooks stores customer and vendor personal data alongside financial records — names, email addresses, phone numbers, billing addresses, bank account details, tax identifiers, and transaction history. Privacy regulations like GDPR and CCPA require you to document this processing, respond to data subject requests, and delete personal data when requested, while tax and accounting laws often require you to retain financial records for 3-7 years.
Dxtra helps you navigate this tension by tracking what personal data QuickBooks holds, automating data subject request responses, and documenting your legal basis for retaining financial records.
What Dxtra tracks from QuickBooks¶
| Data category | Details |
|---|---|
| Customer records | Name, email, phone, billing address, shipping address |
| Vendor records | Name, email, phone, business address, tax identifiers |
| Invoice data | Invoice numbers, line items, amounts, payment terms |
| Payment records | Payment dates, amounts, payment methods |
| Expense records | Vendor payments, expense categories, receipt data |
| Tax information | Tax IDs, tax filing data, 1099 information |
Financial record retention
Tax laws in most jurisdictions require you to retain financial records for 3-7 years. When a data subject requests deletion, Dxtra helps you pseudonymize personal data in financial records rather than delete the records entirely. This satisfies both the deletion request and your legal obligation to retain financial records. See GDPR Article 17(3)(e) for the legal basis.
Prerequisites¶
- Active QuickBooks Online account (Simple Start, Essentials, Plus, or Advanced)
- Dxtra workspace with admin access
- QuickBooks Online admin access
Setup instructions¶
Step 1: Add QuickBooks as a processor¶
- Log in to your Dxtra dashboard
- Go to Processors in the sidebar
- Click the Select Processor dropdown
- Find and select QuickBooks
Step 2: Authorize the connection¶
- Click Connect with Intuit when prompted
- Sign in with your QuickBooks Online admin credentials
- Select the QuickBooks company file to connect
- Grant Dxtra read access to customer, vendor, and transaction data
- Click Confirm and Onboard
QuickBooks now appears in your Manage Processors table with an Interconnected badge.
QuickBooks Desktop
Dxtra integrates with QuickBooks Online. If you use QuickBooks Desktop, you can sync data using the QuickBooks Online migration tool or set up a custom integration using webhooks.
How data subject rights work¶
Access requests¶
When a customer or vendor requests their data:
- Create a new DSRR in Dxtra with the individual's email
- Dxtra queries QuickBooks for all records associated with that email:
- Customer or vendor profile
- Invoice and payment history
- Communication and notes
- Generate an export (excluding sensitive financial details you are legally required to retain)
- Deliver within your jurisdiction's deadline
Deletion requests¶
When an individual requests erasure:
- Create a deletion DSRR in Dxtra
- Dxtra evaluates which records can be deleted and which must be retained:
- Can delete: Marketing preferences, non-essential notes, communication history
- Must retain: Financial transactions within the legal retention period
- For retained records, Dxtra pseudonymizes personal data (replaces names and emails with anonymized identifiers)
- Sends confirmation to the data subject explaining what was deleted and what was retained (with legal basis)
Document your retention policy
Configure your data retention periods in Dxtra to match your jurisdiction's requirements. This automates the decision about what to delete versus retain when processing DSRRs.
Rectification requests¶
When a customer or vendor requests correction of their data:
- Create a rectification DSRR in Dxtra
- Dxtra updates the customer or vendor profile in QuickBooks
- Historical transaction records are not modified (financial accuracy requirement)
- Log the change for your compliance audit trail
Data retention and legal basis¶
Financial data sits at the intersection of privacy law and tax law. Here is how Dxtra handles this:
| Jurisdiction | Retention requirement | Legal basis for retention |
|---|---|---|
| United States | 3-7 years (IRS) | Legal obligation |
| United Kingdom | 6 years (HMRC) | Legal obligation |
| European Union | Varies by member state (typically 5-10 years) | GDPR Article 17(3)(e) — legal obligation |
| Australia | 5 years (ATO) | Legal obligation |
| Canada | 6 years (CRA) | Legal obligation |
Dxtra automatically applies the correct retention period based on your configured jurisdictions.
Troubleshooting¶
QuickBooks authorization failed¶
- Verify you are using QuickBooks Online (not Desktop)
- Confirm your account has admin access
- Clear browser cookies and try the authorization flow again
- Check that your QuickBooks subscription is active
Customer data not found¶
- Verify the email address matches exactly in QuickBooks
- Check both Customer and Vendor lists (the same individual may appear in both)
- QuickBooks may store the email in the "Primary email" or "CC email" field — Dxtra searches both
Pseudonymization not applying¶
- Verify the retention period is configured in Dxtra for your jurisdiction
- Check that the transaction date falls within the retention window
- If the retention period has passed, Dxtra deletes the record entirely instead of pseudonymizing
Best practices¶
- Configure retention periods first — Set your data retention policy before processing any DSRRs
- Map both customers and vendors — Remember that vendors are also data subjects with privacy rights
- Separate financial and marketing data — Delete marketing preferences immediately on request; retain financial records per your legal obligation
- Audit regularly — Review QuickBooks data mapping quarterly to catch new data fields or categories
- Document your legal basis — Your privacy notice should explain that financial records are retained under legal obligation
Related documentation¶
- Xero integration — Xero accounting platform
- NetSuite integration — NetSuite ERP platform
- Stripe integration — Payment processing data
- Data subject rights — Handle access, deletion, and rectification requests
- Processing activity logs — Document your data processing activities
Next step: Configure your data retention policy to ensure financial records are retained and deleted according to your legal obligations.