GILE Healthcare Real Estate
Return to suite
Sign in

Privacy Policy for GILE Suite

Last updated: 2026-06-17

1. Who we are & scope

Arizona Healthcare Realty, LLC, an Arizona limited liability company doing business as GILE Commercial Real Estate (“GILE CRE,” “we,” “us,” or “our”), operates GILE Suite, an internal commercial-real-estate operations product (the “Portal”) for authorized staff and brokers, at www.gilesuite.com. GILE CRE is the operator and data controller of the Portal; “GILE Suite” and the “Portal” refer to the product GILE CRE operates. This Privacy Policy describes how GILE CRE collects, uses, and protects information in connection with the Portal.

2. Information we collect

  • Google sign-in identity data. We authenticate users through Google OAuth (via NextAuth). We receive your name, email address, Google account identifier, and basic profile information, used solely to authenticate you and confirm you are on the suite access directory.
  • Suite, broker & deal data. Information you enter or that is stored on your behalf — broker profiles, deal and transaction records, commission splits, referral records, invoices, lease records, files you upload, notifications, and related operational data.
  • QuickBooks Online / Intuit financial data. A firm administrator connects one QuickBooks Online company to the suite on the firm’s behalf via Intuit’s API. The Portal both reads invoices, accounts-receivable aging, and related earnings data for reporting and reconciliation, and creates customers and commission invoices in QuickBooks for closed deals. The granted scope is com.intuit.quickbooks.accounting (full accounting access). The Portal does not delete existing QuickBooks records.
  • Technical & usage data. Standard request logs, session cookies used for authentication, and minimal diagnostic data necessary to operate and secure the service.

3. How we use information

We use information to authenticate users; gate access by suite role and grants; display financial reports; reconcile commissions and earnings; send operational email notifications; and secure and maintain the service. We do not use your information for advertising, and we do not sell personal data.

4. Third-party processors / sub-processors

  • Google — OAuth sign-in and identity.
  • Intuit / QuickBooks Online — financial data source the Portal reads from and writes invoices/customers to (also governed by Intuit’s own terms and privacy policy).
  • Turso (libSQL) — application database hosting. Stores the operational, suite, and QuickBooks-derived data described in this policy.
  • Vercel — application hosting and deployment.
  • Vercel Blob — file storage. Files you upload (for example, invoice attachments) are stored in Vercel Blob storage rather than in the application database.
  • Resend — transactional email delivery.

5. QuickBooks data handling specifics

A firm administrator connects a single QuickBooks Online company to the suite on the firm’s behalf; QuickBooks Online access and refresh tokens are stored securely server-side. The integration uses QuickBooks data in two ways. Read: the Portal pulls invoices and accounts-receivable aging, runs a scheduled earnings sync, and performs feasibility reads to render reports and reconciliation for authorized users — all read operations. Write: when a deal closes, the Portal creates the corresponding customer and commission invoices in QuickBooks on the firm’s behalf. The Portal does not delete existing QuickBooks records.

Storage of QuickBooks-derived data. QuickBooks-derived data that the Portal syncs — including invoices, accounts-receivable aging, and earnings records — is copied into and stored in the application database (Turso) so the Portal can render reports and reconciliation. This stored copy is retained as described in §6 and is not automatically deleted when QuickBooks is disconnected. Disconnecting QuickBooks deletes only the stored OAuth credentials (as described below); it does not erase data already synced into the application database. To request deletion of QuickBooks-derived data stored in the Portal, contact Caleb@gilecre.com (see §6 and §8 for how requests are handled and the limited retention carve-outs).

A firm administrator can disconnect QuickBooks at any time from within the Portal (the developer tools area → QuickBooks connection). Disconnecting immediately deletes the stored OAuth credentials, so the Portal can no longer access QuickBooks data, and requests revocation of the token with Intuit on a best-effort basis. The local deletion is the operative safeguard; if the revocation request to Intuit fails, the failure is logged and the local credentials remain deleted. The connection can also be revoked at any time via Intuit’s My Apps. After disconnection the Portal stops accessing QuickBooks data.

6. Data retention

Operational and financial-report data — including QuickBooks-derived data synced into the application database (Turso) — is retained for the duration of the business relationship and for up to seven (7) years thereafter, or longer where a longer period is required by applicable tax, accounting, or legal obligations. QuickBooks OAuth tokens are deleted when an administrator disconnects QuickBooks in the Portal (which also requests revocation of the token with Intuit), as described in §5; deleting the tokens does not delete QuickBooks-derived data already stored in the application database, which follows the retention schedule above.

Uploaded files. Files you upload (for example, invoice attachments) are stored in Vercel Blob storage and retained for the duration of the business relationship and the retention period above. You may request deletion of a stored file by contacting Caleb@gilecre.com; we honor such requests subject to the same tax, accounting, and legal retention carve-outs described in §8.

7. Data security

Access is restricted to authenticated, authorized suite members by role and grant. We use transport encryption (HTTPS), and the QuickBooks connection is scoped to com.intuit.quickbooks.accounting (full accounting access) with tokens held server-side and never exposed to the browser.

Security-incident notification. In the event of a confirmed personal-data breach affecting your information, we will notify affected users without undue delay, and, where required by applicable law or by our agreements with Intuit, we will also notify Intuit and the relevant supervisory authorities within the timeframes those laws and agreements require.

8. Your rights & choices

You may request access to, correction of, or deletion of your personal data; disconnect QuickBooks; or deactivate your account by contacting Caleb@gilecre.com. We aim to respond to verifiable requests within thirty (30) days. To protect your data we may first need to verify your identity (for example, by confirming control of the email address associated with your account).

We do not sell or share your personal information. We do not sell personal information, and we do not share it for cross-context behavioral advertising, as those terms are used under U.S. state privacy laws.

Retention carve-out for deletion requests. We honor deletion requests except where retention is required to meet tax, accounting, or other legal obligations. Where such an obligation applies, we will restrict processing of the affected data to what the obligation requires and delete it once the required retention period expires.

9. Cookies & tracking

The Portal uses only first-party authentication session cookies (set by NextAuth) to keep you signed in; these persist for the duration of your session, subject to the session expiry described in our security practices. We do not use any third-party advertising or analytics cookies or trackers.

10. Children’s privacy

The service is not directed to children, and we do not knowingly collect personal information from minors.

11. Electronic acceptance

Use of the Portal requires accepting our Terms of Service via the in-app acceptance prompt. When a new version of the Terms or this Privacy Policy is published, you may be asked to accept again before continuing to use the Portal.

12. Changes to this policy

We may update this policy from time to time. The “Last updated” date reflects the latest revision.

13. Contact

Arizona Healthcare Realty, LLC (dba GILE Commercial Real Estate) — operator and data controller of GILE Suite.
15333 N Pima Rd, Suite 305, Scottsdale, AZ 85260
Caleb@gilecre.com · www.gilesuite.com

This Privacy Policy is governed by the law and venue specified in the governing-law section of our Terms of Service (State of Arizona).

Privacy Policy · Terms of Service