BetterFinanceView
Sign inStart free

Security at BetterFinanceView

We handle sensitive financial data. Here's exactly how we protect it — no vague promises, just specifics.

We never write to your QuickBooks.

Our QuickBooks authorization is strictly read-only, enforced by Intuit's API. BetterFinanceView cannot create transactions, modify accounts, or touch your data. Ever.

Read-only by design

BetterFinanceView requests only read access to your QuickBooks Online company data via Intuit's OAuth 2.0. We cannot create, modify, or delete transactions, accounts, or any other data in your QuickBooks. This is enforced at the API level by Intuit — not just a policy on our end.

Bank-level encryption

The credentials that let us connect to QuickBooks on your behalf are encrypted using AES-256-GCM — the same standard used by financial institutions — before being stored. The encryption key is kept separately from the data. Your QuickBooks username and password are never stored or transmitted to us at any point.

Your data is completely isolated

Every query to our database runs through access controls that are enforced at the database layer itself — not just in application code. This means it is technically impossible for one firm's account to access another firm's data, even if there were a bug in the application.

Role-based access control

Team members are assigned roles: Owner, Admin, Reviewer, or Read-only. Each role has explicitly defined permissions. Reviewers can act on issues but cannot modify firm settings or billing. Read-only members can view but not change anything.

Infrastructure

Our application and database run on established, security-audited cloud infrastructure hosted in the United States. All data traveling between your browser and our servers is encrypted in transit. We do not operate our own physical servers.

Authentication

Passwords are never stored in plain text — they are run through a one-way hashing process before storage, so even we cannot read them. Accounts require email verification, and password resets are sent to your verified email address only.

Automatic connection health monitoring

The QuickBooks connection credentials we hold are short-lived and automatically renewed in the background. If a renewal fails for any reason, we flag the connection and alert you — we never silently retry or leave you with a stale connection you don't know about.

What we don't do

  • We do not sell your data or your clients' financial data to any third party.
  • We do not use your financial data to train AI models.
  • We do not store raw transaction data beyond what is needed to run audits and display results.
  • We do not access payroll data, customer payment information, or data outside the general ledger.
  • We do not share data with advertisers.

A note on AI

For issues involving miscategorization or uncategorized accounts, we send transaction descriptions (e.g., "Amazon - $142.50") to Anthropic's Claude API to suggest a corrected account category. We do not send client names, account numbers, or personally identifiable information. Anthropic's API processes this data under their Privacy Policy. You can disable AI enrichment by contacting support.

Found a security issue? Please disclose it responsibly to support@betterfinanceview.com. We take all reports seriously and will respond promptly.