We take the security of your information and its privacy very seriously. Our software is designed with a number of safeguards to protect all of your information.
THE INFORMATION YOU GIVE US
There are five types of information that you give us.
The first is the Registration Information you give us so that we can open up your account. Your Registration Information is kept strictly confidential by us, and is not released or disclosed to anyone other than employees of ours that need this information for maintenance of your account or to communicate with you.
The second type of information you give us is Payment Information, such as your Mastercard/Visa debit/credit account information or your American Express card information so that we can get paid our fees for your subscription. This information is passed along to our third party payment provider, Authorize.Net who retains it securely and then it is deleted from our database; except for the last four numbers and the payment type so that we can identify your accounts to you. To the extent we retain this limited billing information it is kept strictly confidential by us, and is not released or disclosed to anyone other than employees of ours that need this information for purposes of billing and accounts receivable.
The third type of information that you give us is your Financial Information.
Your Financial Information includes all of the data from these credit cards, debit cards and banks that is processed by our software to be used by you.
The fourth type of information you give us is your Bank Login Information. This is comprised of passwords and account numbers or access ID’s for all of the credit card, debit card and bank account information that you want us to access in order for you to use our software. This information is passed along to our data provider(s) who retain it securely. We do not store this information in our database.
The fifth type of information you give us is your login identities at Google, Facebook, and LinkedIn. This is comprised of login email addresses, identity information stored by these services, and in the case of Google access to their Drive feature. We store this information but not the passwords in our database.
SECURE TRANSFER AND STORAGE
Your Bank Login Information is encrypted prior to transmission to our data provider (ie., Intuit). This information is then sent by our data provider to its primary source (ie., your credit/debit card company or bank). The primary source information (ie., you credit/debit card statements, bank statements etc.) is then sent through an encrypted tunnel to our server provider (ie., Heroku). Your data is then maintained and stored with our server provider and accessed by us in order for you to use our software.
Heroku’s servers are located in secure data centers and are protected with security cameras inside and outsider the building, gated access, 24 by 7 on-site security as well as technical staff.
HOW CHEQBOOK USES YOUR CREDIT/DEBIT CARD AND BANK INFORMATION
Cheqbook uses all of your credit/debit card and bank information stored on our server providers to create your account information in your Books.
HOW CHEQBOOK USES YOUR FINANCIAL INFORMATION
Cheqbook uses certain information of yours to improve the automatic categorization of transactions for other users. We may use your entity type and zip code from your company information, as well as your mapping of bank descriptions to default categories for particular payees. We do not use the payee information and the limited information we do use is aggregated and anonymized.
Additionally Cheqbook uses your financial information to calculate a score for your books, which both you and us can use to assess your progress and allow us to provide guidance on improving how you work with Cheqbook.
HOW CHEQBOOK USES YOUR GOOGLE, FACEBOOK AND LINKED-IN INFORMATION
For all three services Cheqbook uses the identity information they provide to offer faster confirmed setup and login services. These services allow us to fill in the necessary contact information for you when you setup your account without you having to do so, and also allow us to offer one click login services that more efficiently allow you to access your secure information. Additionally in the case of Google we also have access to your Google Drive account in order to allow you to attach documents from and download reports from our service your drive.
WHAT USERS YOU INVITE TO THE SYSTEM CAN SEE
When you invite others to access your books you grant them a right to see your confidential information as follows:
- No access to your Registration Information other than your email account.
- No access to your Payment Information.
- Full access to your Financial Information, including the ability to view, print, change or delete this information, your score, and the connection status of your Linked Bank Accounts.
- No access to your Bank Login Information, although full users have the ability to re-authenticate existing Linked Bank Accounts and add new Linked bank accounts if you have provided them with your Bank Login Information directly (such as for trusted party like your spouse).
- Primary users do not have the ability to see Bank Login Information either, other than the financial institution and the last four digits of the account as Cheqbook does not retain this information as noted above. This is helpful where the primary user is a service provider like an accountant and they’ve invited you as a full user to link your bank accounts so they can provide you with bookkeeping services.
We use independent, third-party consultants to review the safety and security of our transfer and storage procedures and protocols. These consultants conduct period reviews and checks to ensure that all potential vulnerabilities to our procedures are intercepted and immediately removed.