- Protected secrets: the technical credentials of your connections stay server-side — you never handle them and they are never displayed.
- Authentication: sign in by email / password or via Google / GitHub, with signed tokens verified server-side.
- Two-factor authentication (2FA): two-step verification (TOTP) is available to protect your account.
- Retention: electronic invoices are kept for 10 years, with an audit trail.
- GDPR: data limited to what is needed, controlled durations, right of access and erasure.
In short: your secrets stay server-side, and every operation is logged.