Exhibit B: Intuit data stewardship principles

Your use of Services is subject to the Intuit Partner Platform Terms of Service (“Agreement”). The following terms also apply and shall prevail over any conflict or inconsistency with the Agreement. By installing, accessing, or using the QuickBooksAPIServices, you agreed to these terms. If you do not agree to these terms, then you may not use the Services.

Last revised: September 2012

Data Stewardship Principles

At Intuit, we view strong privacy as a key part of the value that we deliver to our customers. Intuit’s Data Stewardship Principles were developed to describe Intuit’s values regarding the data our customers entrust to us. We are focused on using data for innovation, to help improve our customers’ lives – and doing so in a responsible manner with the highest integrity. These Data Stewardship Principles also apply to our 3rd party developers – and are described in more detail below. Intuit’s 3rd party developers must abide by them.

Data Stewardship Principle What it means to 3rd party platform developers
We will not:
Without explicit permission, sell, publish or share data entrusted to us by a customer that identifies the customer or any person
  • Information which is linked to a person or a company that is collected as part of your application or service must not be shared with an outside 3rd party – either through a sale, or sharing or any type of publication.
We will:
Use customer data to help our customers improve their financial livesThis means: we help them make or save money, be more productive, be in compliance
  • Developers are encouraged to create applications and services which use customer data to help customers improve their financial lives.
We will:
Use customer data to operate our business, including helping our customers improve their user experience and understand the products and servicesthat are available to help them
  • Developers may use the data on customer use of their products/services to “help them run their business”. This includes: understanding and improving the behavior and function of their offering; helping customers identify additional services which might be beneficial to them.
  • Note: Developers must adhere to all other laws regulating commercial messaging (e.g., CAN-SPAM, etc.)
We will:
Give customers choices about our use of data that identifies them
  • Developers may use data specific to a customer as a central component of the application or service, or as an ancillary functionality that provides significant benefits to the customer.
  • We encourage the exploration and implementation of ways in which data can be used to this effect.
  • Before using data in this way, developers must clearly explain the data use and offer the customer the choice to accept or decline that use.
  • For cases in which the data use is necessary for the application or service, it is allowable to predicate the customer’s use of the application or service on his or her acceptance of the data use. I.e., after clearly explaining to the customer the intended data use, the customer may decline by not signing up for the application or service.
We will:
Give open and clear explanations about how we use data
  • Developer must explain to customers what data will be collected or accessed and how it will be used.
  • These explanations must be clear and straightforward.
  • The explanations must be part of the application/service description (such as customer-facing marketing material), in addition to inclusion in the Term of Service or End User License Agreement.
  • Developers are also encouraged to provide JIT (Just in Time) notices of data collection and/or use in situations that would not typically be expected by the customer.
  • Apps must only use user data for the stated purpose of the App
  • Apps must not collect or use any data that’s not necessary for the stated purpose of the App
  • There must be no “surprises” regarding a customer’s understanding of what is happening to his/her data.
  • All Apps must also have a privacy policy that is easily available to users before they purchase/ use/ download the App
  • The privacy policy must specify the data retention and deletion policies and practices that pertain to the application.
We will:
Publish or share combined, unidentifiable customer data, but only in a way that would not allow the customer or any person to be identified
  • If your application or service includes anonymized, aggregated data which is viewable by customers, or other individuals, the Developer must ensure that the information about individual people and/or companies cannot be derived, or “re-identified” from the data.
  • In evaluating this possibility, the Developer must consider the likelihood of re-identification if the data were to be combined with any other publicly available data set, and ensure that outcome is not possible.
We will:
Train our employees about how to keep data safe and secure, and educate our customers about how to keep their and their customers’ data safe andsecure
  • Developers must train their employees on Intuit’s Data Stewardship Principles, and their implications to 3rd party developers.
  • Developers should implement formal and informal mechanisms to educate and train their employees and End Users on ways to secure customer data.

September 2012