Security overview

BookOS is built using security-focused infrastructure and vendors that may maintain independent security certifications such as SOC 2. BookOS itself does not claim such certifications unless it has completed an independent audit and published it.

Data is encrypted in transit using TLS and at rest using industry-standard mechanisms supplied by our hosting and database providers.

We enforce role-based access and least-privilege principles inside BookOS. Multi-factor authentication is available for sensitive actions; we recommend enabling it on every account.

User and AI actions are logged so changes are reviewable. Workspace-level activity logs surface in the product.

We review vendors for security posture before onboarding and contractually require appropriate confidentiality and security terms. The current list is on our Service providers page.

BookOS does not store bank login credentials. Where bank connections exist, they are handled by external aggregator providers you authorize directly. BookOS does not hold customer funds.

Payment-method details for BookOS subscription billing are handled by our PCI-compliant payment processor. BookOS does not store full card numbers. See our subprocessor list for the current processor.

We monitor for anomalous access patterns, failed authentication, and abuse. We maintain an incident response process and will notify affected customers of material incidents as required by law and contract.

We follow secure-coding practices, code review, and dependency and vulnerability monitoring.

We maintain backup and recovery procedures to protect availability and ensure data can be restored.

You can request data deletion from your workspace settings or by contacting support, subject to legal retention obligations.

We welcome responsible disclosure of security issues. Contact support with details so we can investigate. We do not currently operate a public bug bounty program.