Security
You upload bank statements and financial documents. Here is how we treat that responsibility.
Data protection
- Encryption in transit — all connections to the Services use TLS.
- Access-controlled storage — uploaded documents live in isolated, access-controlled infrastructure, separated per account.
- Role-based access — accountants control which team members can see which clients.
- No card storage — payments are processed by Stripe; full card numbers never touch our servers.
Account integrity
- Authenticated sessions with secure credential handling
- Third-party integrations (such as QuickBooks Online) authorized through the provider’s official consent flow — we never ask for your QuickBooks password
- Audit trail of processing and sync activity
Our practices
- Least-privilege access internally — production data access is restricted and logged
- Continuous monitoring of the platform and its dependencies
- Documented incident response: if an issue affects your data, you hear it from us first
Responsible disclosure
Found a vulnerability? Email [email protected] with the details. We take reports seriously and respond quickly.
Questions about security?
Ask before you upload — we’re happy to walk through our practices.