Read-only QuickBooks access
We request exactly one OAuth scope — com.intuit.quickbooks.accounting — which grants read access to your chart of accounts, GL, budget, vendors, and payroll. We have no ability to write back to your QuickBooks, even accidentally.
OAuth 2.0, never your password
Connection happens through Intuit's hosted authorization flow. You enter your QuickBooks password on Intuit's domain; we never see it. You can revoke access at any time from BetterWayIQ or from Intuit's Connected apps page.
Encryption at rest
OAuth refresh tokens are encrypted with AES-256-GCM before they touch the database. The encryption key lives in our secret store, rotated regularly, and is never committed to source control.
Row-level tenant isolation
Every table in our database enforces row-level security — a query for your organization's data literally cannot return another organization's rows, even if application code had a bug. Audited every time we add a table.
Transport security
TLS 1.2+ for every connection — browser → web app → database, and web app → QuickBooks API. HSTS headers + Secure cookies. No plain-HTTP fallback.
Audit logging
Security events (sign-in, OAuth connect/disconnect, role changes) are logged in an append-only audit_log table at the database level — your CPA can reconstruct who did what and when. Per-mapping change history (who recategorized which account) is on the post-launch roadmap.