Encryption and isolation
- Data in transit protected with TLS 1.2+; data at rest encrypted using cloud provider-managed keys.
- Per-customer logical isolation; least-privilege service principals for QuickBooks API access.
- Secrets stored in Key Vault equivalents; access is audited and tightly scoped.
Identity, access, and sessions
- Single sign-on via Intuit; email verification enforced before access.
- Session management with short-lived cookies and revocation on sign-out or disconnect.
- Role-based access for operations; no shared admin accounts.
Backups, restores, and integrity
- Backups run through official QuickBooks APIs on the cadence defined in your plan.
- Restore operations require re-authentication where needed and audit logging of who restored what and when.
- Object coverage, retention, and cadence documented in-product; RPO/RTO are targets, not guarantees.
Platform security
- Hardened build pipelines, artifact integrity checks, and dependency scanning.
- Environment segregation for dev/test/prod; infrastructure-as-code with principle of least privilege.
- Network-layer controls, firewalls, and rate limiting on sensitive endpoints.
Monitoring, logging, and incident response
- Centralized logging and alerting on auth events, backup anomalies, and restore activity.
- On-call rotation with runbooks for incident triage and customer notification.
- Regular tabletop exercises and post-incident reviews to improve controls.
Data retention and deletion
- Retention follows your Subscription Plan and the Data Retention Schedule provided in-product or by support.
- On cancelation or expiration, backups are deleted per schedule; we may retain limited logs to meet legal obligations.
Vendor and payment security
- Stripe handles payment data; Akika never stores raw card details.
- Critical vendors reviewed for security posture and contractually bound to confidentiality and data protection.
Vulnerability reporting
If you believe you've found a security issue, email security@akikalabs.com with details and steps to reproduce. We appreciate good-faith reports and will respond as quickly as we can.
Questions
Security questions? Contact security@akikalabs.com or your Akika account team.