Security

Your financial data deserves serious protection

CashSheet handles sensitive financial information for businesses of all sizes. Security is not a feature we bolt on — it is foundational to how the platform is designed, built, and operated.

Tenant isolation

Every organization on CashSheet operates within its own PostgreSQL schema. This is not row-level filtering with a tenant_id column — it is genuine database-level isolation. Your data physically cannot be accessed by queries from another tenant. When you delete your organization, the entire schema is dropped.

Encryption

In transit: All connections use TLS 1.2 or higher. HTTP requests are automatically redirected to HTTPS.
At rest: Database storage is encrypted using AES-256. Backups are encrypted with separate keys.
Secrets: API keys, tokens, and credentials are stored using environment-level encryption and are never committed to source control.

Authentication and access control

Two-factor authentication (2FA): Available for all accounts via authenticator apps
OTP email verification: 6-digit codes for account creation and sensitive actions
Session management: Automatic session expiry and secure cookie handling
Inactive account cleanup: Unverified accounts are automatically removed after 7 days
Audit logging: All authentication events — logins, failed attempts, password changes — are logged with timestamps and IP addresses

Infrastructure

Application and database servers run in isolated environments
Automated backups with point-in-time recovery
DDoS protection and rate limiting on all public endpoints
Dependency scanning and automated security updates

Payment security

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. CashSheet never stores, processes, or has access to your full credit card number. Payment tokens are managed entirely by Stripe.

Responsible disclosure

If you discover a security vulnerability in CashSheet, we ask that you report it responsibly. Please email [email protected] with details of the issue. Do not publicly disclose the vulnerability until we have had a chance to investigate and address it.

We take all reports seriously, will acknowledge receipt within 24 hours, and will keep you informed of our progress.

Frequently Asked Questions

What is CashSheet?

CashSheet is a professional accounting platform built for modern businesses. It provides double-entry bookkeeping, invoicing, bills, financial reports, subscription management, POS, and inventory — all in one place, designed to scale with your business.

Is CashSheet really free to get started?

Yes. You can sign up and start using CashSheet with no credit card required. Our Starter plan gives you access to core accounting features right away. You can upgrade to a paid plan at any time as your business grows.

Which accounting standards does CashSheet support?

CashSheet is built on a full double-entry accounting engine. It supports standard chart of accounts, journal entries, ledgers, balance sheets, income statements, and cash flow statements — compatible with GAAP and IFRS reporting principles.

Do you provide customer support?

Yes. All plans include access to our help centre and documentation. Professional and Premium plans include priority email support. Our team is available to help you get set up, troubleshoot issues, and make the most of the platform.

Can I import data from QuickBooks or other software?

Yes. CashSheet supports OFX and QFX file imports for bank reconciliation, and includes a QuickBooks Online integration for syncing customers, vendors, invoices, and bills. You can also import data via CSV for most entities.

Is it easy to cancel after I subscribe?

Absolutely. You can cancel your subscription at any time from your account settings. There are no long-term contracts or cancellation fees. Your data remains accessible until the end of your billing period.