Accel Books treats your books like a payment processor treats card data: encrypted, isolated, audit-logged, and continuously monitored. Here’s how — and how we’ll prove it.
Foundations
TLS 1.3 in transit. AES-256 at rest for the database, file storage, and backups. Per-tenant logical isolation enforced by row-level security on every table.
Primary region eu-west (Ireland) with backups in a second EU region. Customer data does not leave the EU/EEA without an explicit cross-border processing agreement.
Email + password with HaveIBeenPwned leak checks, Google SSO, and SAML 2.0 SSO for enterprise plans. Optional 2FA via TOTP. Session tokens are rotated on every refresh.
Owner, admin, accountant, member and view-only roles. Approval gates for outbound payments. Every privileged action records who, what and when in an immutable ledger.
Financial events and AI agent actions are hash-chained — each entry includes the SHA-256 of the previous one, so tampering is detectable and forensic replay is possible.
Anomaly detection on token usage and spend, automated dependency scans, and weekly authenticated penetration tests against the staging environment.
Compliance
Independent attestations and reports are available under NDA. Email security@accelbooks.io with your procurement contact and we’ll share the latest package.
Controls in depth
Primary processing in Dublin (Ireland). Disaster-recovery replica in Frankfurt (Germany). Sub-processors are listed in our public registry.
Responsible disclosure
We operate a coordinated-disclosure programme. Send a detailed write-up to security@accelbooks.io (PGP key on request). We acknowledge within one business day, triage within three, and credit researchers on our hall-of-fame once a fix has shipped. Please don’t test against other customers’ tenants — use a free account for your research.