Security

We take the security of your business data seriously and build the platform with these practices.

Data protection

• Data is encrypted in transit (TLS) and at rest.
• Payments run through our PCI-compliant payment provider — we never store full card or bank credentials.
• Connected integrations (QuickBooks, Stripe, Google, supplier catalogs, etc.) are authorized on each provider's secure page; their access tokens are stored encrypted on our servers, never in the browser, and we don't store your provider login credentials.

Access & reliability

Access to production systems is restricted and logged. We take regular backups and monitor the platform for availability and abuse.

Reporting an issue

Found a vulnerability? Email [email protected] and we'll respond promptly. Please give us a reasonable window to remediate before any disclosure.