Skip to content
CovelBooksby Highpixel
Security

Built to protect your financial data

CovelBooks holds sensitive ledger data, so security is part of how the product is built — not an add-on. Here is how we handle, protect and recover your data, in plain terms.

Data handling
We collect the financial data you import and the account details you enter — and nothing you have not asked us to store.
  • Imported statements and ledger entries are stored only to power your reports and reconciliation.
  • Each organization's data is scoped to that organization; access is denied across tenant boundaries by default.
  • You can export your full ledger to CSV at any time — there is no lock-in.
Encryption in transit and at rest
Your data is protected on the wire and on disk using widely adopted, standard cryptography.
  • All traffic to CovelBooks is served over HTTPS (TLS); plaintext connections are not accepted.
  • Data stored in our database and backups is encrypted at rest.
  • Passwords are never stored in plain text — they are salted and hashed.
Access control and roles
People should only see the entities and actions their role allows.
  • Role-based access governs what each member can view and change within an organization.
  • Administrative actions are separated from everyday bookkeeping so day-to-day use carries the least privilege needed.
  • We follow industry-standard practices for authentication and session management; we apply security updates promptly.
Backups and recovery
Your books should survive an incident — so we plan for one.
  • Databases are backed up on a regular schedule, and backups are encrypted.
  • Recovery procedures are documented and rehearsed so data can be restored when it matters.
  • Because every transfer is double-entry, integrity checks can confirm the ledger still balances after a restore.
Payments handled by Stripe
We do not want your card number, so we never touch it.
  • All subscription billing is processed by Stripe, a PCI-DSS Level 1 certified payment provider.
  • Card details are entered directly with Stripe — CovelBooks never sees or stores your full card number.
  • We keep only the billing metadata needed to manage your subscription, such as plan and renewal status.
Responsible disclosure

Found a vulnerability? Tell us

We welcome reports from security researchers and treat them as a priority.

If you believe you have found a security issue in CovelBooks, please email us with the details and steps to reproduce. Give us a reasonable window to investigate and ship a fix before any public disclosure, and avoid accessing or modifying data that is not yours while testing.

Send reports to hello@example.com. We will acknowledge your report and keep you updated as we work through it.

For details on what data we collect and how we use it, see our Privacy policy.

This page describes our current security practices and is not a contractual guarantee or a claim of any specific certification.

Keep your books safe and in sync

Start free and import your first statements over an encrypted connection.

Start freeAsk about security