Built to protect your books.

A summary of how we protect your data.

Isolation per customer

Each company gets an isolated server and database. Customer data stays separated by workspace.

Encryption

All traffic is served over TLS 1.2+ using Cloudflare Origin Certificates with Full (Strict) mode. Database credentials are generated per-workspace and rotated during rebuilds.

Authentication

Signup requires email verification. Passwords are hashed with bcrypt. Admin sessions are JWT-based with short expirations. Rate limiting is applied to signup, login, and password-reset endpoints.

Backups

Nightly encrypted snapshots of every workspace database. You can trigger a manual backup and download a full export from the in-app Settings page.

Payments

All payment processing is handled by Stripe, which is PCI DSS Level 1 compliant. Card numbers never reach our servers.

Reporting vulnerabilities

Found something? Please email [email protected] with a subject prefix of [SECURITY]. We’ll acknowledge within one business day.