Security & data

  • Protected secrets: the technical credentials of your connections stay server-side — you never handle them and they are never displayed.
  • Authentication: sign in by email / password or via Google / GitHub, with signed tokens verified server-side.
  • Two-factor authentication (2FA): two-step verification (TOTP) is available to protect your account.
  • Retention: electronic invoices are kept for 10 years, with an audit trail.
  • GDPR: data limited to what is needed, controlled durations, right of access and erasure.

In short: your secrets stay server-side, and every operation is logged.