Skip to content
A MyAIAccountant
Start free trial

Security

Built for accounting data. Designed for the post-Bench era.

MyAIAccountant holds financial information for businesses with multi-LLC complexity. We treat your data like a bank should.

Multi-LLC architecture isolates each entity.

Each LLC has its own ledger, its own user permissions, its own audit log. Cross-entity views require explicit permission. CPAs invited by client A do not see client B. Your data is segregated at the database row level.

Bank connections via Plaid (read-only).

MyAIAccountant uses Plaid for bank-data ingestion. Plaid is SOC 2 Type II certified, used by every major US bank, Mint, Chime, Robinhood, Venmo. MyAIAccountant never sees or stores your bank credentials. We only get a read-only token to fetch transactions.

Encryption at rest + in transit.

AES-256 at rest. TLS 1.3 in transit. Each customer's data encrypted with a per-tenant key. Database backups encrypted. Offsite encrypted backups daily.

Multi-factor authentication mandatory for any production access.

Your MyAIAccountant account supports MFA (recommended). Internal MyAIAccountant staff access to production systems requires hardware-key MFA. No password-only access exists.

GLBA / FTC Safeguards Rule aligned.

MyAIAccountant is a "financial institution" under the Gramm-Leach-Bliley Act. We maintain a written information security program, designated qualified individual responsible for infosec, written risk assessment, encryption controls, MFA, annual penetration testing, biannual vulnerability assessment, service-provider oversight, incident response plan, and 30-day FTC breach notification capability.

SOC 2 Type II — in progress.

MyAIAccountant's security program is modeled on the AICPA SOC 2 Trust Services Criteria. SOC 2 Type II audit is in progress. Report will be available to enterprise customers under NDA upon completion. Until then we publish our security overview here.

Your books leave with you. Always.

You can export every byte of your data at any time in machine-readable format: CSV, JSON, OFX, or QuickBooks Online migration package. No charge. No "30-day notice." No locked-in formats. (We learned the lesson the rest of the industry didn't when Bench shut down December 2024.)

Business continuity & escrow.

In the event MyAIAccountant ceases operations, we commit in our Terms to: (i) at least 60 days advance written notice, (ii) export functionality maintained for at least 90 days post-notice, (iii) refund of any prepaid amounts for service periods not yet rendered.

What we are NOT

Honest disclosure on security claims.

We do not claim "bank-grade security" without naming the standard. (FTC false-advertising risk.) We use Plaid for bank data, encrypt with AES-256 at rest and TLS 1.3 in transit, and align our program with GLBA Safeguards Rule and SOC 2 Type II Trust Services Criteria. The SOC 2 Type II report is in progress and will be available to enterprise customers under NDA when complete.

We do not claim to "guarantee accuracy" or "100% IRS compliance." AI categorization may produce errors. You are responsible for reviewing all output before relying on it for tax filing, financial reporting, or any other use.

We are not a CPA firm. We do not provide tax, legal, accounting, or investment advice. Communications between you and MyAIAccountant are not protected as privileged communications.

Disclosure: Bank-data connections use Plaid, a SOC 2 Type II certified financial-data network used by major banks and Mint, Chime, Robinhood. MyAIAccountant never sees your bank credentials. Read-only token access only.

Have a specific security question?

Email security@myaiaccountant.xyz. Enterprise prospects can request our security overview document under NDA.

Email security team Contact form

14-day free trial · No credit card · Cancel any time, one click