REDIS.4U Privacy Policy
Effective date: 2026-06-08
Version: 2.0
This Privacy Policy describes how REDIS.4U LLC, a North Carolina
limited liability company and a wholly-owned subsidiary of Jarbiz
Inc. (NC SOSID 2679093), doing business as REDIS.4U ("Company",
"we", "us", "our"), collects, uses, stores, and protects information
when you ("you", "your") use the REDIS.4U software-as-a-service
platform at https://app.redis4u.com.
REDIS.4U is a business-to-business (B2B) operating system for
wholesale distribution. Our direct customers are business entities
("Tenants"). Tenants' own customers, suppliers, and employees may have
information about them stored in REDIS.4U by the Tenant. This Policy
addresses both groups.
We do not sell, rent, or trade your personal data or your
QuickBooks data to any third party for any purpose.
1. Data we collect
1.1 From Tenants
Account information
- Business name, contact name, email, phone
- Legal entity name, federal tax ID (EIN)
- Owner / principal contacts
- User credentials (passwords are hashed; never stored in plaintext)
Operational data
- Product catalog, pricing, customer records, vendor records
- Orders, invoices, payments, credit memos
- Delivery routes, driver runs, warehouse counts
- Photos of conditions or claims, signed onboarding documents
Financial data
- Bank account and routing numbers for ACH (encrypted at rest —
see §6.1)
- Payment history, credit limits, dunning history
QuickBooks data (when connected)
- QuickBooks OAuth tokens (encrypted at rest — see §6.1)
- Customer, vendor, item, account, invoice, payment, and bill
records as synced from the Tenant's QuickBooks Online company
1.2 Collected automatically
- Session data: IP address, browser user-agent, login timestamps,
device identifiers (for push notifications)
- Audit log: every operator action that mutates data is logged
with operator ID, timestamp, IP address, and a before/after
snapshot of the changed record
- Usage analytics: page-view counts and feature-usage metrics, in
aggregate, for product improvement (no third-party advertising
trackers)
- Device and browser information for security and compatibility
1.3 From third parties
- QuickBooks Online — when a Tenant authorizes via OAuth, the
data described above
- CourtListener — public federal court bankruptcy records
when an authorized AR or Counsel role runs a bankruptcy check on
a Tenant's own customer
- Google Maps Platform — only Tenant-entered addresses, for
geocoding and route optimization
2. How we use data
We use the information described in §1 to:
- Provide the service to Tenants and their authorized Users
- Sync data with QuickBooks Online when a Tenant has connected
their company
- Compute internal signals the Tenant uses to operate — the
Customer Social Score (CSS), AR aging buckets, market-spread
indicators
- Bill and manage accounts
- Provide customer support
- Improve REDIS.4U through aggregated and anonymized usage
data — no identifiable Tenant or customer data is used for
this purpose
- Comply with legal obligations (tax, accounting,
anti-money-laundering, sanctions screening)
We do not:
- Sell, rent, or trade your personal data or your QuickBooks data
to any third party.
- Use your data for advertising.
- Use your data to train AI models offered to other Tenants or the
public.
- Share QuickBooks data with any third party without your explicit
consent (other than as listed in §4 sub-processors).
3. Generative AI and automated processing
REDIS.4U uses large language models ("LLMs") from Anthropic (Claude
Haiku, Sonnet, and Opus) to assist Tenants. Use cases:
- CReMA sales agent — inbound parser ("YIN") interprets free-text
customer order messages and maps them to catalog products
(including Spanish↔English). Outbound composer ("YANG") drafts
short, personalized customer messages (order reminders, etc.).
- AR & Legal collections — staff-only conversational assistant
("AR Desk copilot") that advises clerks and managers on overdue
accounts (informational only — never takes external action). A
"counsel" thread that provides creditor's-attorney-perspective
legal information (not a substitute for an attorney of record). A
Legal AI engine that drafts demand letters and repayment
agreements — these require a Manager countersign before any
external send.
- Catalog tooling — generating product marketing descriptions
and proposing categorizations, name aliases (AKAs), and
related/substitute product mappings.
- Upsell engine — surfacing add-on suggestions to staff based on
the Tenant's own order history.
Key disclosures:
- AI features are AI-assisted, not autonomous. Outputs are
surfaced for human review.
- Model prompts contain only the Tenant's operational data needed
for the feature. QuickBooks OAuth tokens, credentials, and
payment card data are never sent to any AI provider.
- Per Anthropic's API terms (as of the effective date), prompts and
completions are not used to train Anthropic's foundation models.
- AI outputs are not professional advice. The Tenant operator is
responsible for every action taken on an AI suggestion.
3.1 Customer Social Score (CSS) — automated scoring
REDIS.4U computes a per-customer creditworthiness score (CSS) for the
Tenant's own customers from punctuality of payments, exposure (open
balance vs credit limit), escalation events, and longevity. The CSS
is used only to surface signals to the Tenant — it is not sold or
shared. Under CCPA, GDPR, and similar laws this constitutes
automated decision-making; the customer has the right to request an
explanation of the score and to ask the Tenant to override it.
4. Third-party sub-processors
We use the following sub-processors to operate REDIS.4U. Each is bound
by a written agreement requiring them to safeguard data and use it
only to provide their service to REDIS.4U. A live, maintained list is
available at /legal/sub-processors.
| Sub-processor | Purpose | Region |
|---|---|---|
| Supabase | Database and file storage (operational data) | United States |
| Vercel | Application hosting and edge delivery | United States |
| Anthropic | LLM API for AI-assisted features | United States |
| Resend | Transactional email | United States |
| Intuit / QuickBooks Online | OAuth and accounting sync (when Tenant connects) | United States |
| Google Maps Platform | Address geocoding and route optimization | United States |
| CourtListener (Free Law Project) | Public federal court record lookups | United States |
| Stripe | Payment processing (when subscription billing is enabled) | United States |
5. QuickBooks Online data
When a Tenant connects REDIS.4U to a QuickBooks Online ("QBO")
company, the following commitments apply. These reflect our
obligations as a member of the Intuit Developer Program.
- We read: customer records, vendor records, items, accounts,
invoices, payments, bills, taxes, and company information.
- We write: customers, vendors, items, invoices, payments,
bills, and credit memos that the Tenant created in REDIS.4U and
chose to sync.
- We will not use QuickBooks data for any purpose other than
providing the REDIS.4U service to the Tenant.
- We will not sell QuickBooks data, or share it with any third
party, without the Tenant's explicit consent (other than the
sub-processors listed in §4, each bound by data-protection
agreements).
- Users can revoke OAuth access at any time from
Settings → QuickBooks sync → Disconnect, or from the user's QBO
account settings.
- All QuickBooks data will be deleted within 30 days of account
termination. This includes all synced QBO records in our
primary database. Backups are purged within an additional 30
days.
- Records already written by REDIS.4U into the QBO company remain
in that QBO company; we do not delete records from the
Tenant's QBO instance on disconnect.
6. Data security
6.1 Encryption at rest
- QuickBooks OAuth refresh + access tokens — AES-256-GCM with
a dedicated key (
QBO_TOKEN_ENC_KEY).
- ACH bank account and routing numbers — AES-256-GCM with a
separate dedicated key (
ONBOARDING_ENC_KEY).
- All other operational data — encrypted at the database
layer by our hosting provider (Supabase / Postgres on AWS) at
rest.
6.2 Encryption in transit
All connections use HTTPS with TLS 1.2 or higher (TLS 1.3 by
default). HTTPS is enforced via HSTS headers.
6.3 Tenant isolation
REDIS.4U enforces logical separation of customer data at the
database level. Database queries are scoped to the requesting
Tenant's identifier; application routes enforce the same scoping on
top of database isolation.
6.4 Access controls and audit logging
- User passwords are hashed with bcrypt (10 rounds). Plaintext is
never stored.
- Role-based access control limits which Users can view or modify
which records.
- Every mutation to a Tenant's data is logged with the operator's
user ID, timestamp, IP address, and a snapshot of the
before/after record.
6.5 Incident notification
If we determine that there has been an unauthorized acquisition of
Tenant data that triggers a notification obligation under applicable
law, we will notify affected Tenants without undue delay (typically
within 72 hours of confirmation) and provide the details required by
law.
7. DVB Net Aware — anonymized cross-Tenant intelligence
REDIS.4U operates a Vendor Brain ("DVB Net Aware") that aggregates
anonymized, non-identifiable vendor pricing observations
submitted by participating Tenants. Aggregate signals (e.g.,
network-median price for an item) are returned to participating
Tenants to help detect outlier vendor invoices.
- No Tenant-identifiable data is ever surfaced to another
Tenant.
- No QuickBooks data is sent to DVB.
- No customer-identifiable fields (Tenant customer names,
customer-specific pricing) are included in DVB observations.
- Tenants may opt out of DVB contribution at any time from
Settings → Tenant → DVB Net Aware.
8. Cookies
We use only strictly necessary cookies:
next-auth.session-token — your login session
qbo_oauth_state — one-time anti-CSRF token during a QuickBooks
OAuth round-trip (deleted after 10 minutes)
acting_tenant — when a platform administrator is "acting as" a
specific Tenant for support
We do not use advertising cookies, third-party analytics trackers,
fingerprinting, or session-replay tools.
9. Data retention
| Data category | Retention |
|---|---|
| Active Tenant operational data | Duration of subscription |
| After termination — active database | Permanently deleted within 30 days of the end of the 30-day export window |
| After termination — cold backup | Purged within an additional 30 days |
| QuickBooks data after termination | Deleted within 30 days of termination |
| Audit log | 7 years (records of system events, not personal data) |
| Anonymized / aggregated DVB observations | Indefinite |
Tenants may request earlier deletion or longer retention by written
request to privacy@redis4u.com.
10. Your rights
Even where not currently required by law, we honor the following
rights:
- Right to access — request a copy of the personal information
we hold about you
- Right to correction — ask us to fix inaccurate information
- Right to deletion — ask us to delete your information
- Right to portability — receive your information in a portable
format
- Right to revoke OAuth or integrations at any time
- Right to object to certain processing
- Right to lodge a complaint with a data-protection authority
To exercise these rights, email
privacy@redis4u.com.
10.1 Tenant-controlled data
If your information is in REDIS.4U because a Tenant (your supplier,
distributor, etc.) put it there, contact that Tenant directly. We are
the data processor; the Tenant is the data controller for
that information. We will assist the Tenant in responding.
10.2 California residents (CCPA)
You have the right to know, delete, correct, opt-out of sale (we do
not sell), and not be discriminated against. We will verify identity
before fulfilling requests.
10.3 EU / UK / EEA residents (GDPR / UK GDPR)
We process data on the lawful bases of contract performance,
legitimate interest, and where applicable, consent. International
transfers to the US rely on Standard Contractual Clauses. A Data
Processing Addendum is available on request.
11. Children
REDIS.4U is not directed at children under 13. We do not
knowingly collect personal information from anyone under 13.
This service is not subject to COPPA (the Children's Online
Privacy Protection Act) because it is not directed at or designed
for children. If you believe we have inadvertently collected data
from a child under 13, please contact privacy@redis4u.com and we
will delete it.
12. International data transfers
REDIS.4U is hosted in the United States. If you access REDIS.4U from
outside the US, your information may be transferred to, stored, and
processed in the US. For EU / UK transfers we rely on Standard
Contractual Clauses.
13. Governing law
This Privacy Policy is governed by the laws of the State of North
Carolina. Any dispute arising out of this Policy will be resolved
in the state courts located in Alamance County, North Carolina,
or the United States District Court for the Middle District of
North Carolina.
14. Changes to this Policy
We will notify Tenants and Users of material changes through the
platform (in-app notice) and update the Effective date at the
top. Continued use of REDIS.4U after notice constitutes acceptance.
We maintain a version history of Privacy Policy revisions. Prior
versions are available on request.
15. Contact
- Email — privacy: privacy@redis4u.com
- Email — legal: legal@redis4u.com
- Mailing address:
REDIS.4U LLC
c/o Jarbiz Inc.
Attn: Privacy
1239 S. Fifth St., Ste. F
Mebane, NC 27302
United States
- Data Protection Officer (EU/UK): Not appointed. REDIS.4U does
not yet have EU/UK Tenants requiring a designated DPO under GDPR
Article 37. EU/UK Tenants requiring a designated contact should
email privacy@redis4u.com.
Intuit and QuickBooks are registered trademarks of Intuit Inc. Used
with permission.