Built to survive an audit.
Your finance system is the single most sensitive application your company runs. We engineer Buckeroo Books under that assumption — isolation, auditability, and recoverability are design constraints, not bolt-ons.
Eight commitments we make to your data
Tenant isolation at the database
Every row in every table carries a tenant_id. Our tenant-context middleware attaches that scope to every query — a missing context throws rather than leaks. Cross-tenant reads aren't just unlikely; they're structurally impossible.
SOX-grade audit trail
Every posted journal entry is immutable. Reversals create new entries rather than editing old ones. Source identity, IP, and session are captured on every state-changing operation and retained per your policy.
Encryption everywhere
TLS 1.3 in transit. AES-256 at rest via AWS KMS, with tenant-specific keys available for enterprise plans. Secrets live in AWS Secrets Manager — never in code or environment files.
Identity and access
SSO via SAML or OIDC. MFA enforced for privileged roles. Fine-grained RBAC with configurable segregation-of-duties checks — approve and post permissions can never belong to the same user.
GDPR tenant erasure
A runbook-driven erasure workflow removes personally identifiable data while preserving the ledger record required for statutory retention. Erasure requests complete within 30 days.
AWS-native posture
We run on Lambda, API Gateway, Aurora Postgres, and S3. Controls inherit from AWS SOC 2 / ISO 27001 boundaries. Infrastructure is Terraform-managed and peer-reviewed.
Access logging
Every administrative action — user invites, role changes, permission grants — is logged with who, when, and from where. Logs are immutable and queryable for audit.
Tested restoration
Backups are taken continuously. Recovery is drilled quarterly against a production-sized dataset. The runbook and results are available to enterprise customers under NDA.
Evidence you can hand to your auditor
We're pursuing SOC 2 Type II — target completion 2026. In the meantime, under NDA we share our control documentation, penetration test summaries, and disaster recovery drill results with enterprise prospects.