Security
Your first question, answered without badges.
Data security, for a practice handling other firms' client books, is the set of habits that keep confidential information inside the systems it belongs in and away from everywhere else. It is a working discipline, not a wall of logos.
Every buyer asks about it first, and rightly so. Here is how we actually handle your data, and what we deliberately choose not to do.
How we handle data
The practices, plainly.
Least-privilege access
We take the smallest access that gets the job done, and no more. A bookkeeper who needs your ledger does not get your payroll admin. Access is granted per person and per system, not handed over as a blanket login.
Your systems, not ours
We work inside systems you own, as an invited user, on QuickBooks Online, Xero, Caseware, or your portal. Your file stays the single source of truth. We do not stand up a shadow copy of your data on our own infrastructure.
No local copies
We keep no local copies of your data. Work happens in your cloud systems, not on downloaded exports sitting on a laptop. When source documents must move, they move through your channels, not personal email.
Two-factor everywhere
Every login into a client system is protected with two-factor authentication. Accounts are individual and named, so there is always a record of who did what.
NDAs and engagement letters
Every engagement begins with a signed engagement letter and a non-disclosure agreement. Confidentiality is a contractual obligation, not an assumed courtesy, and it survives the end of the engagement.
Access revoked on rotation
When someone rotates off your work, or an engagement ends, their access is revoked the same day. Offboarding is a checklist item, not an afterthought discovered at your next review.
The access model
An invited guest, not a new home for your data.
Your systems
The single source of truth
QuickBooks Online, Xero, Caseware, or your portal. Your file never leaves the systems you already own.
Named Sahana staff
The same people each period
Access granted per person and per system, and revoked the same day someone rotates off your work.
No local copies on a laptop. No bulk export to our servers. No shadow database of your books running on our own infrastructure.

Subprocessors
Who else touches the work.
The systems your work runs through are the ones you already chose: your QuickBooks Online or Xero file, your Caseware installation, your document portal. We operate inside them as an invited user rather than routing your data through a stack of our own vendors.
Where a tool of ours is genuinely required for an engagement, we tell you what it is and why before it is used. We would rather ask than surprise you at a security review. If your firm keeps a subprocessor list, we will complete it honestly.
Deliberately not
What we don't do.
An honest security page is as much about the lines we hold as the controls we run.
We don't claim badges we don't hold
We do not hold SOC 2 or ISO 27001 certification, and we do not imply that we do. If that is a hard requirement for your firm, we will tell you plainly rather than dress up practices as certificates. What we describe here is what we actually do.
We don't move data out of your systems
No bulk exports to our own servers, no data lake, no analytics pipeline running over your clients' books in the background. Your data stays where you keep it.
We don't sign what isn't ours to sign
We prepare; your firm reviews and signs. We do not release work to your clients or file anything on your behalf. The authority, and the accountability, stay with you.
Have a security review to run?
Send us your questionnaire. We will answer it as it stands, mark what we do not do, and not pretend otherwise.