Data Security

Keep your workspace and client data protected while you work.

Account and access controls #

• Role‑based permissions restrict what each user can see and do.
• Client Portal access is scoped to viewer accounts linked to specific clients.

Application security #

• Forms are protected against cross‑site request forgery (CSRF).
• App integrations (e.g., time tracker) use token‑based authentication.

Provider connections #

• Email and Calendar connect via OAuth (Google, Microsoft) without sharing your password.
• Payments are completed on provider‑hosted pages (Stripe / PassimPay).

Files and documents #

• Files shared in tasks, expenses, and the Client Portal are available to signed‑in users with access.

Tip: Use viewer roles for external stakeholders and keep provider connections active only for needed accounts.