Security & Data Protection
Your financial data is the most sensitive information in your business. Here's exactly how we protect it.
OAuth 2.0 Only
No passwords stored
Read-Only Access
Cannot modify QuickBooks
AES-256-GCM
Encryption at rest
TLS 1.2+
Encryption in transit
AWS US-East
Hosted in the USA
How we protect your data
Zero password storage
Finlive never sees, receives, or stores your QuickBooks password. We use OAuth 2.0 exclusively — the same standard used by Google, Apple, and every major platform.
Read-only QuickBooks access
Our OAuth scope is strictly read-only. Finlive can read your financial data to answer questions — it cannot create, modify, or delete anything in your QuickBooks account.
AES-256-GCM encryption
All OAuth tokens and sensitive identifiers are encrypted at rest using AES-256-GCM — the same encryption standard used by financial institutions. Keys are managed via AWS KMS.
Revocable access
You can revoke Finlive's QuickBooks access at any time — from QuickBooks Settings → Connected Apps, or by contacting us. Revocation takes effect immediately.
Secure cloud infrastructure
Finlive is hosted on AWS (US-East). All data transmission uses TLS 1.2+. Data is stored in encrypted databases with access controls limited to authorised services.
Zero data selling
Your financial data is never sold, rented, or shared with third parties for advertising, analytics, or any commercial purpose. Period.
How the QuickBooks connection works
Finlive uses Intuit's official OAuth 2.0 protocol. This is the same mechanism used by banks, payroll providers, and enterprise software to securely connect to QuickBooks. Here is what happens step by step:
You click “Connect QuickBooks”
You are redirected to Intuit's own login page — hosted by Intuit, not Finlive. We never see your credentials.
You log in directly with Intuit
Intuit authenticates you and asks you to authorise Finlive's read-only access scope. You review the exact permissions being granted.
Intuit issues a secure token
If you approve, Intuit gives Finlive a time-limited OAuth token. This token lets us query your data — but cannot modify it, and expires automatically.
Token stored encrypted
The token is encrypted with AES-256-GCM and stored securely. It is never logged, printed, or accessible to any human.
You can revoke at any time
Go to QuickBooks → Settings → Connected Apps → Finlive → Disconnect. Or email us and we will revoke it immediately.
Security questions
Can Finlive make changes to my QuickBooks?
No. Finlive uses read-only OAuth access. We can read data to answer your questions, but we cannot create, edit, void, or delete any transactions, invoices, customers, or other records.
What happens to my data if I disconnect?
When you disconnect Finlive from QuickBooks, your OAuth tokens are immediately revoked and deleted. Your query history is retained for 30 days then permanently deleted, or sooner upon a deletion request.
Who has access to my financial data at Finlive?
Access to customer data is restricted to authorised systems only. No human employee can access your individual financial data without a formal support request from you and a documented access log.
Is Finlive SOC 2 certified?
Finlive is working toward SOC 2 Type II certification. In the meantime, we implement the technical controls that SOC 2 requires: encryption at rest and in transit, access control, audit logging, and incident response procedures.
How is my WhatsApp number protected?
Your WhatsApp number is stored encrypted and used solely to route responses back to you. It is never shared with third parties and is deleted upon a data deletion request.
What data does Finlive actually read from QuickBooks?
Finlive queries only the financial data necessary to answer your specific question — for example, bank account balances, invoice records, P&L line items, or AR aging data. We do not bulk-export or store your entire QuickBooks dataset.
Found a security issue?
We take security disclosures seriously. If you discover a vulnerability, please report it to our security team and we will respond within 24 hours.