Security Overview

Security

You upload bank statements and financial documents. Here is how we treat that responsibility.

Data protection

  • Encryption in transit — all connections to the Services use TLS.
  • Access-controlled storage — uploaded documents live in isolated, access-controlled infrastructure, separated per account.
  • Role-based access — accountants control which team members can see which clients.
  • No card storage — payments are processed by Stripe; full card numbers never touch our servers.

Account integrity

  • Authenticated sessions with secure credential handling
  • Third-party integrations (such as QuickBooks Online) authorized through the provider’s official consent flow — we never ask for your QuickBooks password
  • Audit trail of processing and sync activity

Our practices

  • Least-privilege access internally — production data access is restricted and logged
  • Continuous monitoring of the platform and its dependencies
  • Documented incident response: if an issue affects your data, you hear it from us first

Responsible disclosure

Found a vulnerability? Email [email protected] with the details. We take reports seriously and respond quickly.

Questions about security?

Ask before you upload — we’re happy to walk through our practices.

Contact Us