Security at Backoffice

Backoffice connects to your bank accounts and accounting records to keep your books, so protecting that data is foundational, not an afterthought. This page describes the safeguards in place today.

Encryption

• In transit. All connections to and within the Service use TLS.
• At rest. Your data is encrypted at rest. The application database (Amazon Aurora PostgreSQL) and the database that powers AI features are each encrypted with dedicated AWS KMS keys with automatic key rotation. Uploaded receipts and documents in Amazon S3 are encrypted with AWS KMS. Our cache layer is encrypted at rest, with in-transit encryption enabled.
• Connected-account tokens. The access tokens we hold to sync your bank and accounting data are encrypted.

Your bank credentials and card details never touch our servers

• Banking. You enter your bank credentials directly into Plaid’s secure interface. Backoffice never sees or stores your online-banking username or password — we receive only the account data Plaid returns (balances, transactions, and institution details).
• Payments. Subscription billing runs through Stripe-hosted checkout. We never store full card numbers or CVV codes.
• Secrets. Application secrets and credentials are stored in AWS Secrets Manager and rotated automatically.

Access control and tenant isolation

• Authentication. Sign-in is handled by Auth0 and supports multi-factor authentication.
• Isolation. Your data is strictly scoped to your business, and access within your account is governed by role-based permissions.
• Your bookkeeper, kept separate. Backoffice bookkeeping staff authenticate through a separate identity system and can reach only the specific businesses they are assigned to. Every action is recorded, so our audit trail distinguishes what you did from what staff did on your behalf.

Infrastructure

• Hosting. The Service runs entirely on Amazon Web Services in U.S. regions, on managed, isolated compute (Amazon ECS Fargate).
• Network isolation. Resources run inside a private network. Databases, caches, and message brokers sit in isolated private subnets and are not publicly accessible — only the load balancer is reachable from the internet.
• Monitoring. Production runs continuous threat detection (Amazon GuardDuty), audit logging (AWS CloudTrail), and network flow logging.
• Backups. Databases are backed up with 30–35 days of retention and point-in-time recovery, and are protected against accidental deletion.

AI and your data

• AI-assisted categorization runs on Amazon Bedrock. The underlying foundation models do not train on your data.
• We do not send transaction descriptions, merchant names, or other content to our product-analytics tools — only operational metadata such as model name, token counts, and latency.

Logging discipline

• We keep sensitive data out of our logs and error-monitoring tools. Authentication tokens, cookies, and personal or financial identifiers are scrubbed before anything is recorded.

Your data is yours

• You own your data. You can export your transaction data at any time and request deletion. See our Terms and Privacy Policy for details.

Sub-processors

• We rely on a small set of vetted third-party providers to operate the Service. You can review them on our sub-processors page.

Reporting a security issue

• If you believe you’ve found a vulnerability or have a security concern, email us at security@backoffice.co.

Last updated: 2026-06-12.