Security & Privacy

Your financial data is sensitive. Here's how Ekue protects it at every level.

Encryption

Ekue protects your data both in transit and at rest using industry-standard encryption protocols.

  • In transit: All connections use TLS 1.2+ encryption. Every request between your browser and our servers is encrypted end to end.
  • At rest: Sensitive data (SMTP credentials, API keys, integration tokens) is encrypted using AES-256 with per-tenant encryption keys derived from a master key.
  • Password storage: User passwords are hashed with bcrypt — they are never stored in plain text and cannot be reversed.

Access Controls

Ekue uses a layered authorization model to ensure users only access what they're permitted to.

  • Role-based permissions: Assign granular permissions per user (e.g., invoices.read, customers.edit). Control access at the company level.
  • Multi-tenant isolation: Each tenant's data is logically isolated. Database queries always filter by tenant ID — cross-tenant data access is not possible.
  • JWT authentication: Short-lived access tokens (15 minutes) with secure HTTP-only refresh tokens (30 days). Tokens are validated against audience claims for each request.
  • SSO support: Google and Microsoft single sign-on available on the Business plan for centralized identity management.

Audit Logs

Every significant action in Ekue is logged with an immutable audit trail.

  • Records who did what, when, and to which entity
  • Covers creates, updates, deletes, and status changes
  • Tamper-resistant — audit logs cannot be edited or deleted by any user
  • Searchable and filterable for compliance reviews and investigations
  • Helps with tax audits, regulatory compliance, and internal accountability

Backups & Disaster Recovery

We take multiple precautions to ensure your data is never lost.

  • Automated daily backups: Full database backups are performed daily and retained per our backup policy.
  • Point-in-time recovery: PostgreSQL write-ahead logging enables recovery to any point in time.
  • Redundant storage: Backups are stored in geographically separate locations from the primary database.
  • Data export: You can export your data at any time in standard formats. Your data belongs to you.

Infrastructure

  • Cloud hosting: Ekue runs on hardened cloud infrastructure with DDoS protection via Cloudflare.
  • Rate limiting: API rate limiting protects against abuse and brute-force attacks.
  • Security headers: Strict Content Security Policy, HSTS, X-Frame-Options, and other headers are enforced on every response.
  • Dependency management: Dependencies are regularly audited and updated to address known vulnerabilities.

For details on how we collect, use, and protect your personal information, read our Privacy Policy. If you have security concerns, contact us at support@ekue.com.

Ready to switch from QuickBooks?

Ekue is a modern, affordable QuickBooks alternative built for small businesses that want multi-company accounting, clear pricing, and no hidden fees.

View Pricing Compare to QuickBooks

Looking for a simpler alternative to QuickBooks?

See How Ekue Compares