Legal
Security
Last updated June 2026
Bookify handles sensitive financial data, and protecting it is core to how we build. This page summarises the measures we take to keep your accounts and information safe.
We never store your bank credentials
Account connections are handled through Mono, a licensed open-banking provider. Your online-banking login is entered into Mono’s secure flow — never into Bookify. We receive read-only access to the account data you authorise, and nothing more.
Encryption
- In transit — all traffic is encrypted with TLS.
- At rest — financial data is encrypted in our database.
Access controls
- Workspace data is isolated per tenant, and every request is scoped to a verified membership.
- Role-based permissions limit who can change workspace settings, manage banks, or approve expenses.
- Two-factor authentication is available to add a second layer to sign-in.
Read-only by design
Bookify can read your transactions to build your ledger, but it cannot move money. We never initiate transfers, payments, or trades on your behalf.
You stay in control
You can disconnect any linked account at any time, which immediately revokes our access. Deleting a workspace removes its financial records and connections.
Reporting a vulnerability
If you believe you’ve found a security issue, please email security@getbookify.com. We appreciate responsible disclosure and will respond promptly.