Data Security

Data Security

Keep your workspace and client data protected while you work.

Account and access controls

  • Role‑based permissions restrict what each user can see and do.
  • Client Portal access is scoped to viewer accounts linked to specific clients.

Application security

  • Forms are protected against cross‑site request forgery (CSRF).
  • App integrations (e.g., time tracker) use token‑based authentication.

Provider connections

  • Email and Calendar connect via OAuth (Google, Microsoft) without sharing your password.
  • Payments are completed on provider‑hosted pages (Stripe / PassimPay).

Files and documents

  • Files shared in tasks, expenses, and the Client Portal are available to signed‑in users with access.

Tip: Use viewer roles for external stakeholders and keep provider connections active only for needed accounts.