Security

Our approach

TrueBooks handles financial data, and we take that responsibility seriously. Security is built into the platform from the ground up — not added on afterwards.

Your account

• Passwords — your password is stored using a strong one-way hashing algorithm. We cannot see your password, and neither can anyone else.
• Two-factor authentication — we support TOTP-based two-factor authentication. We strongly recommend enabling it in your account settings.
• Session security — login sessions are secured and can be revoked. If you sign out, your session is immediately invalidated.
• Password reset — password reset links expire after 15 minutes and can only be used once.

Your data

• Credentials are encrypted — your Amazon and Xero credentials are encrypted at rest. They are never visible to TrueBooks staff.
• Data isolation — your data is completely isolated from other TrueBooks accounts. It is not possible for another user to access your information.
• Secure connections — all connections to TrueBooks use HTTPS. Data in transit is always encrypted.
• UK-based infrastructure — all data is stored on servers located in the United Kingdom.

Access controls

Access to production systems is restricted to authorised personnel only. We do not access customer data unless required to resolve a support issue, and only with your knowledge. All access is logged.

Reporting a vulnerability

If you discover a security issue, please report it to us responsibly before disclosing it publicly. Email us at support@truebooks.co.uk with "Security" in the subject line. We will acknowledge your report within two business days and keep you informed as we investigate.

We will not take legal action against researchers who report vulnerabilities in good faith and do not access or modify data belonging to other users during their research.

Questions

For security-related questions, contact support@truebooks.co.uk.