Security & trust

Built to hold money and trust.

Acculio handles billable time, client payments, and trust funds. Correctness and confidentiality are not features here. They are the foundation the product is built on.

Acculio security overview · 07 sections

  1. 01

    Tenant isolation by default

    Every row carries its tenant. Postgres row-level security, not application code, keeps one firm’s data invisible to another. The runtime database role cannot bypass it.

  2. 02

    Record-level privacy

    Rates and amounts are redacted in the API for anyone without billing access. A timekeeper physically cannot receive another person’s billing data.

  3. 03

    Immutable financial records

    Trust, ledger, and audit trails are append-only, enforced at the database-privilege level. A purge only ever removes soft-deleted, aged, hold-free records with no financial footprint.

  4. 04

    Modern authentication

    Passkeys (WebAuthn), TOTP two-factor, and SAML / OIDC single sign-on. Refresh tokens live in httpOnly cookies; the access token never touches local storage.

  5. 05

    You own your data

    Export your time, invoices, and ledger whenever you want. Legal holds and retention windows are yours to set. We never quietly delete regulated records.

  6. 06

    Auditable administration

    SSO, SCIM provisioning, service clients, and webhooks. Every administrative change is logged server-side with the actor and the time.

  7. 07

    Compliance posture

    Acculio is built to a SOC 2 control set, with encryption in transit and at rest, least-privilege database roles, and a full audit trail. We will walk your security team through the architecture and data handling during evaluation.

    Start free Read the docs