How we protect your invoices and the inbox tokens that let us reach them.
All OAuth tokens are encrypted with XChaCha20-Poly1305 using a key separate from the database. The decryption key never leaves the application server.
We request gmail.readonly and drive.file scopes only — never write or modify access. Disconnect at any time from the Accounts page.
Every OAuth connect, invoice delete, and account-level change is recorded in our audit log, available in your data export.
Google CASA Tier 2 audit in progress (required for production-scale access to gmail.readonly). SOC 2 Type 1 planned for month 12.