Skip to main content
AccounTech
Back to Home
Security

How We Protect Your Data

Your financial data is among the most sensitive information your business has. We treat it that way — with bank-grade security controls, strict access policies, and a culture of security-first thinking.

Security controls

Encryption Everywhere

  • All data in transit is encrypted with TLS 1.3
  • Financial documents stored with AES-256 encryption at rest
  • Database backups are encrypted before leaving our infrastructure
  • Internal API communications use mutual TLS

Access Controls

  • Role-based access — staff only see client data relevant to their work
  • Multi-factor authentication required for all internal systems
  • Principle of least privilege enforced across all tools
  • Access logs retained for 12 months and reviewed monthly

Infrastructure

  • Hosted on AWS with SOC 2 Type II certified data centers
  • Data residency in the United States
  • Automated daily backups with 30-day retention
  • Infrastructure-as-code with version-controlled configuration

Credential Management

  • Third-party credentials (bank logins, QuickBooks) stored in a dedicated secrets vault
  • No passwords stored in plain text or source code
  • Accounting software connected via OAuth where available
  • Credential rotation policy enforced annually

Incident Response

  • Documented incident response plan reviewed annually
  • Clients notified within 72 hours of any confirmed breach
  • Security events logged to a SIEM for real-time alerting
  • Annual penetration test by an independent third party

Employee Training

  • All staff complete security awareness training upon hire
  • Annual phishing simulation and security refresher
  • Background checks performed on all team members with client data access
  • Strict clean-desk and screen-lock policy for remote work
Responsible Disclosure

Found a security issue?

If you discover a security vulnerability on our website or in our systems, please report it to us before disclosing publicly. We will acknowledge receipt within 24 hours and keep you updated as we investigate.

security@accountech.com

We do not pursue legal action against researchers who follow responsible disclosure practices.

Security questions before you sign up?

We are happy to walk through our controls in detail. Schedule a free call with our team.

Schedule Free ConsultationView Pricing