Security
Built for secure, reliable finance operations
An overview of how we protect data across infrastructure, identity, and day-to-day controls.
Last updated: December 8, 2025
Data encryption
- TLS 1.2+ for all traffic between clients, services, and databases.
- Data encrypted at rest with managed keys and strict access controls.
- Secrets stored outside of code and rotated regularly.
Password hygiene
- Passwords hashed with modern algorithms and per-user salts.
- Optional magic links and SSO pathways to reduce credential reuse.
- Session controls with automatic expiry and device-level revocation.
Supabase + Vercel environment
- Isolated Supabase projects for data, with row-level security where applicable.
- Vercel for frontend delivery with minimal attack surface and automatic patches.
- Principle-of-least-privilege service roles between application services.
Role-based access
- Workspace roles for Owners, Accountants, and Staff with granular permissions.
- Audit trails on sensitive actions such as journal postings and exports.
- IP and device monitoring to detect unusual access patterns.
Backups & uptime
- Automated backups with tested restore procedures.
- Regional redundancy to minimize downtime during provider incidents.
- 24/7 monitoring with paging for availability and performance thresholds.