Data Processing Addendum

You are the data controller for business data. BookOS acts as a data processor to provide the service.

BookOS processes data to deliver bookkeeping automation, financial reporting, and AI insights. Processing is limited to the services you enable.

We implement access controls, encryption in transit and at rest, security logging, and secure development practices.

We use approved service providers for infrastructure, analytics, and AI. We require equivalent security commitments and contractual protections. A current list is available at Service providers.

We support access, deletion, and export requests when required by law and according to your instructions.

Where required, we rely on standard contractual protections such as Standard Contractual Clauses (SCCs) for cross-border transfers.

We make available security documentation and reports upon request to support your compliance obligations. A signed DPA is available upon request for enterprise customers.