Back

REDIS.4U Privacy Policy

v2.0 · effective 6/8/2026

REDIS.4U Privacy Policy

Effective date: 2026-06-08 Version: 2.0

This Privacy Policy describes how REDIS.4U LLC, a North Carolina limited liability company and a wholly-owned subsidiary of Jarbiz Inc. (NC SOSID 2679093), doing business as REDIS.4U ("Company", "we", "us", "our"), collects, uses, stores, and protects information when you ("you", "your") use the REDIS.4U software-as-a-service platform at https://app.redis4u.com.

REDIS.4U is a business-to-business (B2B) operating system for wholesale distribution. Our direct customers are business entities ("Tenants"). Tenants' own customers, suppliers, and employees may have information about them stored in REDIS.4U by the Tenant. This Policy addresses both groups.

We do not sell, rent, or trade your personal data or your QuickBooks data to any third party for any purpose.


1. Data we collect

1.1 From Tenants

Account information

  • Business name, contact name, email, phone
  • Legal entity name, federal tax ID (EIN)
  • Owner / principal contacts
  • User credentials (passwords are hashed; never stored in plaintext)

Operational data

  • Product catalog, pricing, customer records, vendor records
  • Orders, invoices, payments, credit memos
  • Delivery routes, driver runs, warehouse counts
  • Photos of conditions or claims, signed onboarding documents

Financial data

  • Bank account and routing numbers for ACH (encrypted at rest — see §6.1)
  • Payment history, credit limits, dunning history

QuickBooks data (when connected)

  • QuickBooks OAuth tokens (encrypted at rest — see §6.1)
  • Customer, vendor, item, account, invoice, payment, and bill records as synced from the Tenant's QuickBooks Online company

1.2 Collected automatically

  • Session data: IP address, browser user-agent, login timestamps, device identifiers (for push notifications)
  • Audit log: every operator action that mutates data is logged with operator ID, timestamp, IP address, and a before/after snapshot of the changed record
  • Usage analytics: page-view counts and feature-usage metrics, in aggregate, for product improvement (no third-party advertising trackers)
  • Device and browser information for security and compatibility

1.3 From third parties

  • QuickBooks Online — when a Tenant authorizes via OAuth, the data described above
  • CourtListener — public federal court bankruptcy records when an authorized AR or Counsel role runs a bankruptcy check on a Tenant's own customer
  • Google Maps Platform — only Tenant-entered addresses, for geocoding and route optimization

2. How we use data

We use the information described in §1 to:

  • Provide the service to Tenants and their authorized Users
  • Sync data with QuickBooks Online when a Tenant has connected their company
  • Compute internal signals the Tenant uses to operate — the Customer Social Score (CSS), AR aging buckets, market-spread indicators
  • Bill and manage accounts
  • Provide customer support
  • Improve REDIS.4U through aggregated and anonymized usage data — no identifiable Tenant or customer data is used for this purpose
  • Comply with legal obligations (tax, accounting, anti-money-laundering, sanctions screening)

We do not:

  • Sell, rent, or trade your personal data or your QuickBooks data to any third party.
  • Use your data for advertising.
  • Use your data to train AI models offered to other Tenants or the public.
  • Share QuickBooks data with any third party without your explicit consent (other than as listed in §4 sub-processors).

3. Generative AI and automated processing

REDIS.4U uses large language models ("LLMs") from Anthropic (Claude Haiku, Sonnet, and Opus) to assist Tenants. Use cases:

  1. CReMA sales agent — inbound parser ("YIN") interprets free-text customer order messages and maps them to catalog products (including Spanish↔English). Outbound composer ("YANG") drafts short, personalized customer messages (order reminders, etc.).
  2. AR & Legal collections — staff-only conversational assistant ("AR Desk copilot") that advises clerks and managers on overdue accounts (informational only — never takes external action). A "counsel" thread that provides creditor's-attorney-perspective legal information (not a substitute for an attorney of record). A Legal AI engine that drafts demand letters and repayment agreements — these require a Manager countersign before any external send.
  3. Catalog tooling — generating product marketing descriptions and proposing categorizations, name aliases (AKAs), and related/substitute product mappings.
  4. Upsell engine — surfacing add-on suggestions to staff based on the Tenant's own order history.

Key disclosures:

  • AI features are AI-assisted, not autonomous. Outputs are surfaced for human review.
  • Model prompts contain only the Tenant's operational data needed for the feature. QuickBooks OAuth tokens, credentials, and payment card data are never sent to any AI provider.
  • Per Anthropic's API terms (as of the effective date), prompts and completions are not used to train Anthropic's foundation models.
  • AI outputs are not professional advice. The Tenant operator is responsible for every action taken on an AI suggestion.

3.1 Customer Social Score (CSS) — automated scoring

REDIS.4U computes a per-customer creditworthiness score (CSS) for the Tenant's own customers from punctuality of payments, exposure (open balance vs credit limit), escalation events, and longevity. The CSS is used only to surface signals to the Tenant — it is not sold or shared. Under CCPA, GDPR, and similar laws this constitutes automated decision-making; the customer has the right to request an explanation of the score and to ask the Tenant to override it.


4. Third-party sub-processors

We use the following sub-processors to operate REDIS.4U. Each is bound by a written agreement requiring them to safeguard data and use it only to provide their service to REDIS.4U. A live, maintained list is available at /legal/sub-processors.

| Sub-processor | Purpose | Region | |---|---|---| | Supabase | Database and file storage (operational data) | United States | | Vercel | Application hosting and edge delivery | United States | | Anthropic | LLM API for AI-assisted features | United States | | Resend | Transactional email | United States | | Intuit / QuickBooks Online | OAuth and accounting sync (when Tenant connects) | United States | | Google Maps Platform | Address geocoding and route optimization | United States | | CourtListener (Free Law Project) | Public federal court record lookups | United States | | Stripe | Payment processing (when subscription billing is enabled) | United States |


5. QuickBooks Online data

When a Tenant connects REDIS.4U to a QuickBooks Online ("QBO") company, the following commitments apply. These reflect our obligations as a member of the Intuit Developer Program.

  • We read: customer records, vendor records, items, accounts, invoices, payments, bills, taxes, and company information.
  • We write: customers, vendors, items, invoices, payments, bills, and credit memos that the Tenant created in REDIS.4U and chose to sync.
  • We will not use QuickBooks data for any purpose other than providing the REDIS.4U service to the Tenant.
  • We will not sell QuickBooks data, or share it with any third party, without the Tenant's explicit consent (other than the sub-processors listed in §4, each bound by data-protection agreements).
  • Users can revoke OAuth access at any time from Settings → QuickBooks sync → Disconnect, or from the user's QBO account settings.
  • All QuickBooks data will be deleted within 30 days of account termination. This includes all synced QBO records in our primary database. Backups are purged within an additional 30 days.
  • Records already written by REDIS.4U into the QBO company remain in that QBO company; we do not delete records from the Tenant's QBO instance on disconnect.

6. Data security

6.1 Encryption at rest

  • QuickBooks OAuth refresh + access tokens — AES-256-GCM with a dedicated key (QBO_TOKEN_ENC_KEY).
  • ACH bank account and routing numbers — AES-256-GCM with a separate dedicated key (ONBOARDING_ENC_KEY).
  • All other operational data — encrypted at the database layer by our hosting provider (Supabase / Postgres on AWS) at rest.

6.2 Encryption in transit

All connections use HTTPS with TLS 1.2 or higher (TLS 1.3 by default). HTTPS is enforced via HSTS headers.

6.3 Tenant isolation

REDIS.4U enforces logical separation of customer data at the database level. Database queries are scoped to the requesting Tenant's identifier; application routes enforce the same scoping on top of database isolation.

6.4 Access controls and audit logging

  • User passwords are hashed with bcrypt (10 rounds). Plaintext is never stored.
  • Role-based access control limits which Users can view or modify which records.
  • Every mutation to a Tenant's data is logged with the operator's user ID, timestamp, IP address, and a snapshot of the before/after record.

6.5 Incident notification

If we determine that there has been an unauthorized acquisition of Tenant data that triggers a notification obligation under applicable law, we will notify affected Tenants without undue delay (typically within 72 hours of confirmation) and provide the details required by law.


7. DVB Net Aware — anonymized cross-Tenant intelligence

REDIS.4U operates a Vendor Brain ("DVB Net Aware") that aggregates anonymized, non-identifiable vendor pricing observations submitted by participating Tenants. Aggregate signals (e.g., network-median price for an item) are returned to participating Tenants to help detect outlier vendor invoices.

  • No Tenant-identifiable data is ever surfaced to another Tenant.
  • No QuickBooks data is sent to DVB.
  • No customer-identifiable fields (Tenant customer names, customer-specific pricing) are included in DVB observations.
  • Tenants may opt out of DVB contribution at any time from Settings → Tenant → DVB Net Aware.

8. Cookies

We use only strictly necessary cookies:

  • next-auth.session-token — your login session
  • qbo_oauth_state — one-time anti-CSRF token during a QuickBooks OAuth round-trip (deleted after 10 minutes)
  • acting_tenant — when a platform administrator is "acting as" a specific Tenant for support

We do not use advertising cookies, third-party analytics trackers, fingerprinting, or session-replay tools.


9. Data retention

| Data category | Retention | |---|---| | Active Tenant operational data | Duration of subscription | | After termination — active database | Permanently deleted within 30 days of the end of the 30-day export window | | After termination — cold backup | Purged within an additional 30 days | | QuickBooks data after termination | Deleted within 30 days of termination | | Audit log | 7 years (records of system events, not personal data) | | Anonymized / aggregated DVB observations | Indefinite |

Tenants may request earlier deletion or longer retention by written request to privacy@redis4u.com.


10. Your rights

Even where not currently required by law, we honor the following rights:

  • Right to access — request a copy of the personal information we hold about you
  • Right to correction — ask us to fix inaccurate information
  • Right to deletion — ask us to delete your information
  • Right to portability — receive your information in a portable format
  • Right to revoke OAuth or integrations at any time
  • Right to object to certain processing
  • Right to lodge a complaint with a data-protection authority

To exercise these rights, email privacy@redis4u.com.

10.1 Tenant-controlled data

If your information is in REDIS.4U because a Tenant (your supplier, distributor, etc.) put it there, contact that Tenant directly. We are the data processor; the Tenant is the data controller for that information. We will assist the Tenant in responding.

10.2 California residents (CCPA)

You have the right to know, delete, correct, opt-out of sale (we do not sell), and not be discriminated against. We will verify identity before fulfilling requests.

10.3 EU / UK / EEA residents (GDPR / UK GDPR)

We process data on the lawful bases of contract performance, legitimate interest, and where applicable, consent. International transfers to the US rely on Standard Contractual Clauses. A Data Processing Addendum is available on request.


11. Children

REDIS.4U is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. This service is not subject to COPPA (the Children's Online Privacy Protection Act) because it is not directed at or designed for children. If you believe we have inadvertently collected data from a child under 13, please contact privacy@redis4u.com and we will delete it.


12. International data transfers

REDIS.4U is hosted in the United States. If you access REDIS.4U from outside the US, your information may be transferred to, stored, and processed in the US. For EU / UK transfers we rely on Standard Contractual Clauses.


13. Governing law

This Privacy Policy is governed by the laws of the State of North Carolina. Any dispute arising out of this Policy will be resolved in the state courts located in Alamance County, North Carolina, or the United States District Court for the Middle District of North Carolina.


14. Changes to this Policy

We will notify Tenants and Users of material changes through the platform (in-app notice) and update the Effective date at the top. Continued use of REDIS.4U after notice constitutes acceptance.

We maintain a version history of Privacy Policy revisions. Prior versions are available on request.


15. Contact

  • Email — privacy: privacy@redis4u.com
  • Email — legal: legal@redis4u.com
  • Mailing address: REDIS.4U LLC c/o Jarbiz Inc. Attn: Privacy 1239 S. Fifth St., Ste. F Mebane, NC 27302 United States
  • Data Protection Officer (EU/UK): Not appointed. REDIS.4U does not yet have EU/UK Tenants requiring a designated DPO under GDPR Article 37. EU/UK Tenants requiring a designated contact should email privacy@redis4u.com.

Intuit and QuickBooks are registered trademarks of Intuit Inc. Used with permission.