Theme Color
Loading...
Streamline your business finances with powerful accounting automation, bank feeds, and intelligent reporting designed for modern businesses.
Product Features
Resources
Copyright © 2026 CashBooks. All Rights Reserved.
Theme Color
Streamline your business finances with powerful accounting automation, bank feeds, and intelligent reporting designed for modern businesses.
Copyright © 2026 CashBooks. All Rights Reserved.
Trust and Security are our Fundamental Commitments. At CashBooks, trust and security form the very foundation of our practices. We take pride in surpassing industry norms by employing advanced security safeguards meticulously designed to preserve the confidentiality, accessibility, and integrity of your data and our products.
Last updated: October 3, 2025
Security takes center stage in our people, processes, and product. Every change and new feature undergoes a meticulous change management policy to ensure proper authorization before implementation. Our Software Development Life Cycle (SDLC) is committed to secure coding guidelines, employing code analyzer tools, vulnerability scanners, and manual reviews following OWASP standards.
AWS Hosted
ISO & SOC Certified
256-bit AES Encryption
Real-time security metrics and performance indicators
100%
All data encrypted at rest and in transit
100%
24/7 automated threat detection
100%
Role-based access control implementation
100%
Automated daily backups with 99% success rate
Comprehensive security measures protecting your data
All data is encrypted using AES-256 encryption standards Active
Additional security layer with 2FA and SSO support
Data stored in SOC 2 compliant data centers
Continuous monitoring for threats and anomalies
Advanced encryption protecting your data in all states
Customer data transmitted to our servers over public networks is safeguarded by strong encryption protocols. We mandate the use of Transport Layer Security (TLS 1.2/1.3) encryption with robust ciphers for all connections, ensuring secure web access, API, and IMAP/POP/SMTP email client access. Opportunistic TLS is leveraged by default for email services, encrypting and delivering emails securely.
Sensitive customer data at rest is encrypted using 256-bit Advanced Encryption Standard (AES). Our in-house Key Management Service (KMS) manages encryption keys, providing additional layers of security by encrypting data encryption keys using master keys. Master keys and data encryption keys are physically separated and stored in different servers with limited access.
Our application is securely hosted on Amazon Web Services (AWS), a platform certified under ISO and SOC compliance standards. All customer data is housed in US-based data centers, ensuring the highest levels of security and regulatory compliance.
Comprehensive monitoring, vulnerability management, and threat protection
Logging and monitoring play a pivotal role in our operations. We systematically monitor and analyze information gathered from services, internal network traffic, and device usage. Event logs, audit logs, fault logs, administrator logs, and operator logs are automatically monitored and analyzed to identify anomalies promptly. These logs are securely stored on a server isolated from full system access.
Our dedicated vulnerability management process utilizes certified third-party scanning tools, in-house tools, automated and manual penetration testing. Our security team actively reviews security reports and monitors public sources to identify and address security incidents promptly. Identified vulnerabilities are logged, prioritized based on severity, assigned to an owner, and tracked until closure.
We employ an automated scanning system to scan all user files, preventing the spread of malware. Regular updates from external threat intelligence sources enhance our custom anti-malware engine, ensuring robust protection against malicious patterns.
Application data is stored on resilient storage replicated across multiple AWS regions. In case of primary AZ failure, the secondary AZ seamlessly takes over operations with minimal or no loss of time. Physical measures include power backup, temperature control, and fire-prevention systems.
Comprehensive physical security measures for our facilities and infrastructure
Access to our resources, including buildings, infrastructure, and facilities, is meticulously controlled through a biometric system. Different access cards are provided to employees, contractors, vendors, and visitors, restricting access based on the specific purpose of entrance. Access logs are maintained to identify and address anomalies promptly.
Entry and exit movements throughout our premises are monitored via CCTV cameras deployed in compliance with local regulations. Backup footage is available for a specified period, ensuring compliance with location-specific requirements.
On-site personnel
Multi-factor authentication
Advanced systems
Redundant systems
Our Privacy Principles and Data Management Standards
CashBooks shares its internal privacy and security policies with our customers for full transparency over how we protect and secure our customers' data. When you choose CashBooks, you entrust us with your information, and we take that responsibility seriously.
You retain complete ownership and control of your financial data. We never sell, share, or use your data for purposes other than providing our accounting services.
Complete transparency in our data handling practices with easy data export and deletion capabilities available to all users at any time.
Our systems are built with privacy as a core principle, incorporating data minimization, purpose limitation, and privacy-enhancing technologies.
Full compliance with GDPR, CCPA, SOX, and other relevant financial and privacy regulations across all jurisdictions where we operate.
Certified
Compliant
Compliant
Active
Ready
Level 1
How we detect, respond to, and recover from security incidents
Automated monitoring and threat detection systems
Immediate containment and mitigation procedures
System restoration and service continuity
Security improvements and lessons learned
Critical incidents: 15 minutes response
High priority: 1 hour response
Medium priority: 4 hours response
Immediate customer notification
Transparent incident reporting
Post-incident analysis and improvements
Our commitment to continuous security education and privacy excellence
Employees undergo training in information security, privacy, and compliance upon induction. Regular evaluations and continuous education in our internal community ensure ongoing awareness and understanding of security practices. Specific security aspects are continually addressed through targeted training sessions and internal events, fostering awareness and driving innovation in security and privacy.
Our dedicated security and privacy teams implement and manage robust security and privacy programs. They provide domain-specific consulting services, guidance to engineering teams, and ensure the constant monitoring of networks. The security and privacy teams are instrumental in maintaining our defense systems, developing review processes, and ensuring the security of our infrastructure.
All workstations issued to our employees run up-to-date OS versions and are configured with anti-virus software. They comply with our security standards, ensuring proper configuration, patching, tracking, and monitoring through endpoint management solutions. Workstations are secured by default, configured to encrypt data at rest, have strong passwords, and automatically lock when idle.
We continuously invest in our security team, tools, and developers to deliver features that instill resilience, confidence, and trust in our platform. Security is not just a feature, it's the foundation of everything we build.
How to reach our security team for any concerns or questions
We welcome responsible disclosure of security vulnerabilities and maintain a comprehensive security response program. Contact our security team for information about our responsible disclosure process and security research collaboration opportunities.
Security Commitment: CashBooks will never ask for your login credentials via email or phone. Report any suspicious communications immediately to our security team.