Security Policy

BookOS enforces role-based access, least-privilege principles, and multi-factor authentication for sensitive operations.

Data is encrypted in transit using TLS and at rest using industry-standard mechanisms.

We monitor for anomalous access patterns, failed authentication attempts, and suspicious transactions.

We maintain incident response procedures and notify customers of material incidents according to applicable law and contracts.

We follow secure coding practices, conduct code reviews, and perform regular dependency and vulnerability monitoring.

We maintain backup and recovery procedures to protect availability and ensure data can be restored if needed.

We welcome responsible disclosure of security issues. Please contact support with details so we can investigate. We do not operate a public bug bounty program at this time.