Security

Encryption

• Data is encrypted in transit using HTTPS (TLS).
• Data is stored with encryption at rest provided by our infrastructure providers.

Access Controls

• Access to production systems is restricted to authorized personnel.
• We apply least-privilege access and role-based controls where supported.
• We keep audit logs for sensitive actions within the platform.

QuickBooks Online Connections

Connections to QuickBooks Online are established using Intuit OAuth. We store the tokens required to maintain the connection and use them only to provide the Service (for example, creating draft bills, attaching documents, and posting approved items).

Invoice Documents and Email Ingestion

If you use invoice ingestion (for example, forwarding invoices to a secure inbox), we process message metadata and attached documents to extract invoice fields and create draft records for review. Forward only business documents intended for bookkeeping and avoid sending highly sensitive personal information unless required for legitimate accounting purposes.

Data Minimization

We collect and process only the data needed to provide invoice-to-bill workflows, approvals, audit logging, and platform operation. We do not sell customer data.

Incident Response

If we become aware of a security incident affecting customer data, we take reasonable steps to investigate and contain the incident. Where required, we will notify impacted customers in line with applicable requirements.

Contact

Security questions can be sent to:
support@plaincount.com