← Good Job

Last updated: 2026-04-26

Good Job — Privacy Policy

Good Job is a software-as-a-service application operated by Municipal Winemakers, LLC (“we”, “us”) at goodjob.wine. This policy explains what information the application collects, how it's used, and who it's shared with.

1. What we collect

  • Account information: name and email address, stored via Clerk (our identity provider), used to authenticate users in your subscription.
  • Production records: data your operators enter into Good Job in the course of wine production — harvest weigh tags, cellar events, bottling runs, lab results, inventory counts, and similar. You own this data; see the Terms.
  • Billing information: handled by Stripe. We receive only the subscription status and billing-cycle metadata; we never see card numbers or bank account information.
  • QuickBooks data (when connected): chart of accounts, vendor list, and bills. These are read from your connected QuickBooks Online company via the Intuit Accounting API and used for fruit-cost matching and producing draft journal entries for your review. We never access payroll, banking, or payments data.
  • Shopify data (when connected): product, inventory, and order data used to reflect finished-goods movement against production records. We support Shopify either via your custom-app token or via the Shopify App Store install flow.

2. How we use it

  • To operate the application and provide its features to authorized users in your subscription.
  • To generate compliance reports (TTB 5120.17, CDTFA excise tax return, grape crush report, additions and losses logs).
  • To produce draft journal entries you review and approve before any are posted to QuickBooks. Nothing is written to QuickBooks automatically.
  • To diagnose errors, secure the application, and improve reliability.

3. Who we share it with

We share only with the following service providers, strictly to operate the application:

  • Clerk — authentication (name, email).
  • Stripe — subscription billing. Card data is collected and stored by Stripe; we never see it.
  • Neon — database hosting (application data, encrypted in transit and at rest). Located in the United States.
  • Vercel — application hosting.
  • Cloudflare R2 — storage for source documents you upload (weigh tags, packing slips, BOL PDFs, contract scans). Encrypted at rest.
  • Intuit QuickBooks — when you explicitly connect QuickBooks and only with the API scopes you grant (Accounting, read + write). OAuth tokens are encrypted at rest with AES-256-GCM.
  • Shopify — when you explicitly connect a Shopify store. We read product, inventory, and order data and write inventory updates back when you bottle, transfer, or count.
  • Anthropic — for AI-assisted data entry (weigh tag extraction, packing-slip parsing, contract reading, Quick command routing). We send only the document text or image for the specific action you initiate. Anthropic does not train on inputs submitted via their API.
  • Axiom / Logtail — application logs for debugging. Logs never include OAuth tokens or PII beyond user IDs.

We do not sell personal information. We do not share personal information for advertising. We do not use your production records to train machine-learning models.

4. Multi-tenant isolation

Good Job is multi-tenant: every winery's records carry an entity scope and queries are filtered to that scope by default. A Prisma client extension enforces the scope on every read and write so a user in one tenant cannot see or modify data in another. See also our internal architecture decision record on entity isolation (ADR-21 / ADR-23).

5. Security

  • All traffic is served over HTTPS.
  • Third-party OAuth tokens (QuickBooks, Shopify) are stored encrypted at rest using AES-256-GCM with application-level keys kept in Vercel's secret store.
  • Database is hosted at Neon in the United States with managed backups and encryption at rest.
  • Source documents in R2 are stored under random keys, with access gated by short-lived presigned URLs (5-minute TTL).
  • Production access is limited to a small number of named operators at Municipal Winemakers, LLC.

6. Retention

Production records are retained for as long as required by TTB and California ABC recordkeeping rules (minimum three years from the date of the record) and as long as you remain a subscriber. Authentication records are retained for the life of the user's account plus one year. On subscription termination, you have a 30-day window to export your data before it is deleted (see the Terms).

7. Your rights

If you have an account, you can request a copy of the personal information we hold about you, ask us to correct inaccuracies, or request deletion of your account. Subscription owners can also request a full export of their winery's production records. Send requests to dave@municipalwinemakers.com.

8. Disconnecting integrations

You may revoke access to a connected service at any time from the provider (for example, QuickBooks → Apps → Connected apps, or Shopify admin → Apps), or from the integration page inside Good Job. On revocation, Good Job stops all reads and writes to the revoked service. Records already stored in Good Job are kept unless you request deletion.

9. International users

Good Job is operated from the United States. If you access it from outside the U.S., your information will be transferred to and processed in the U.S.

10. Changes to this policy

We may update this policy from time to time. The “Last updated” date above reflects the most recent revision. Material changes will be communicated to subscribers via the email on file.

11. Contact

Questions about this policy? Email dave@municipalwinemakers.com.

Municipal Winemakers, LLC · 406 E Haley St #1, Santa Barbara, CA 93101