CashFlowIQ
Get started

Security

How we protect your workspace and financial data.

Tenant isolation

Every tenant-owned record is scoped by tenant_id. Service-layer and API filters prevent cross-tenant access. AI agents only read the active tenant's data.

Authentication

JWT access tokens, refresh-token rotation, bcrypt-hashed passwords, and role-based capability checks across the API.

Rate limiting

Auth and AI endpoints are rate-limited to mitigate brute-force and abuse.

Audit logs

Sensitive actions (auth, invites, AI runs, imports, deletions, billing changes) are written to a tamper-evident audit log.

Webhooks

Stripe webhooks are verified using the configured signing secret before changing subscription state.

No demo data

CashFlowIQ never seeds tenants with simulated invoices, expenses, or clients. Every forecast and recommendation comes from your real records.