— Annex · Mercurius —
Privacy Policy
A short, honest accounting of what data Mercurius touches, where it lives, and who else sees it.
This is a private accounting tool, not a product for sale. It is operated by WvH Hospitality LLC, through its Managing Member JM Woody van Horn, on a single MacBook, on behalf of a small roster of fractional-CFO and bookkeeping clients who have authorized such access in writing.
1. Who We Are
WvH Hospitality LLC, a California limited liability company (Est. 2017), acting through its Managing Member, JM Woody van Horn (full legal name: John Morsell Woody van Horn). Mailing address: 1947 Garnet St, Mentone, CA 92359. Contact: me@wvhhospitality.com.
2. Scope
Mercurius, a WvH Hospitality LLC AI Agent ("the bot"), is a Model Context Protocol server that allows Claude (Anthropic's AI assistant) to perform accounting work against QuickBooks Online realms that have explicitly authorized the operator via Intuit's OAuth 2.0 consent flow. The bot runs locally on a single MacBook in Mentone, California. There is no hosted version, no shared instance, no SaaS layer, no marketing site capturing visitor data, and no analytics.
3. What Data Is Accessed
Only data within QuickBooks Online realms for which the realm-owner has granted access via Intuit's standard OAuth flow. This includes:
- Chart of accounts, customers, vendors, items, classes, locations, departments
- Transactions of all kinds — invoices, bills, expenses, journal entries, payments, transfers, deposits
- Reports — Trial Balance, Profit & Loss, Balance Sheet, Cash Flow, A/R and A/P Aging, General Ledger, Transaction List
- Standard QBO metadata — company info, fiscal year, base currency, sales-tax setup
Access is scoped exactly as Intuit defines it. The bot cannot see realms it has not been authorized for.
4. Where Data Lives
Locally, on the operator's MacBook
- OAuth refresh tokens are stored in macOS Keychain via the
keyringlibrary — encrypted at rest by Apple's Data Protection. They are never written to a flat file or copied off the machine. - An audit log at
~/.qbo-mcp-audit.jsonlrecords every read and every write performed by the bot, including timestamp, environment (sandbox vs. production), realm ID, tool name, request hash, and result status. This log exists so the operator (and the realm-owner, on request) can reconstruct exactly what the bot did and when. - Retrieved data (e.g., a Trial Balance pulled to answer a question) lives transiently in the operator's working memory and in any saved working files the operator chooses to keep, the same as if the data had been pulled through QBO's web UI and pasted into a worksheet. Such files follow the operator's standard client-file retention policy.
Nowhere else WvH controls
WvH Hospitality does not operate any server, database, cloud bucket, analytics platform, marketing automation, or telemetry endpoint that receives data from the bot. The bot does not "phone home." There is no WvH-hosted infrastructure that could be breached.
5. Third Parties Involved
Intuit (QuickBooks Online)
The source of the data. Their privacy statement governs how QBO stores it. The bot communicates with Intuit's QuickBooks Online API over TLS using the OAuth 2.0 access token issued by the realm-owner.
Anthropic (Claude)
When the operator asks Claude a question that requires QBO data, the relevant data — the rows of a report, the body of an invoice, the names of a few vendors — is included in the conversation context that Claude needs in order to reason. That conversation context is processed by Anthropic's API. Anthropic's privacy policy and Data Processing Addendum apply to that traffic. Per Anthropic's standard commercial terms for API usage, your data is not used to train their models.
Apple (macOS)
Apple's macOS Keychain holds the encrypted OAuth refresh tokens. Apple's privacy policy applies.
That's it.
No advertising networks, no analytics vendors, no CRMs, no email-marketing tools, no offshore processors. The list above is exhaustive.
6. What We Do Not Do
- We do not sell your data. There is no commercial market we participate in for it.
- We do not share your data with anyone outside the third parties named in §5.
- We do not use your data to train any AI model.
- We do not use your data for marketing — ours or anyone else's.
- We do not retain your data beyond the operator's standard engagement-file retention policy (currently seven years, matching IRS recordkeeping convention).
7. Your Rights
If you are a realm-owner (a WvH Hospitality client whose QBO realm is connected to the bot), you may at any time:
- Disconnect by removing the bot from your authorized apps at qbo.intuit.com/app/managelinks. This invalidates the OAuth token immediately.
- Request deletion of audit log entries pertaining to your realm, by emailing me@wvhhospitality.com. Standard processing within seven business days.
- Request a copy of any working files derived from your data that the operator has kept in his client folder for you.
- Ask anything about what the bot has done in your books. The audit log makes this answerable to the request hash.
8. Children
The bot is an accounting tool used in a professional services context. It is not directed to anyone under 18 and does not knowingly process children's data.
9. Security
Refresh tokens live encrypted in macOS Keychain. Network traffic to Intuit and Anthropic is over TLS. The MacBook itself is protected by FileVault full-disk encryption, automatic lock, and standard macOS security updates. There is no public-facing network surface — the bot cannot be reached from the internet.
10. International Transfers
The operator is in California. Intuit and Anthropic operate primarily in the United States. If you are accessing this from outside the U.S. and engage WvH for accounting services, your data will be processed in the U.S.
11. Changes to This Policy
If we change anything material about how the bot handles data, we'll update this page and revise the effective date below. Material changes (new third-party processors, new data flows) will additionally be communicated to active clients by email before taking effect.
12. Contact
Privacy questions, requests, or concerns: me@wvhhospitality.com. Please put "Mercurius — Privacy" in the subject line so it routes correctly.