Bank-grade security for the modern Australian practice.
AccountantOS protects your firm with enterprise-grade encryption, strict tenant isolation, and granular role-based access controls. Built from the ground up to exceed Australian Privacy Act and TPB obligations.
Core Security Architecture
Practical, enforced protections built natively into the platform infrastructure — not sold as optional add-ons.
AES-256 Encryption at rest & TLS in transit
Client financial records and tax data are secured using bank-grade AES-256 encryption at rest and TLS protocols in transit, protecting your data end to end.
Multi-Factor Authentication (MFA)
Enforced MFA adds a critical layer of defense against credential compromise, aligning with modern cybersecurity frameworks and TPB recommendations.
Role-Based Access Control (RBAC)
Granular roles and workspace permissions ensure that staff, contractors, and partners only access the client data essential to their specific duties.
Immutable Audit Logging
Every login, document view, and data export is recorded in tamper-evident logs, giving your firm total accountability and audit-readiness.
Zero-Trust & Least-Privilege
Internal system access follows strict zero-trust principles. Highly sensitive actions, like bulk exports or deletions, are protected by additional PIN-gating.
Strict Tenant Isolation
Your firm’s workspace operates in a logically isolated environment. Database-level row security ensures complete data separation across branches and franchisees.
Integrations & Connected Mailboxes
Bring your inbox and calendar into your workspace securely. We utilize minimal data-fetching to ensure your firm's communications stay private.
Opt-in, and yours to revoke
Connecting a mailbox or calendar is strictly optional. You maintain complete control over what integrates with your practice management software.
Encrypted OAuth Credentials
We rely on secure OAuth flows. Access tokens are encrypted as ciphertext and are never stored in plain text or exposed to end users.
Minimal Data Footprint
We sync only the metadata required to operate your workspace. We fetch a message's full content only upon opening—we never bulk-download or mine mailboxes.
Automated Data Purge
Disconnecting an account immediately revokes tokens, halts syncing, and purges the cached messages from our infrastructure to minimize your attack surface.
Access Governance & Compliance
Maintain absolute oversight. Onboard, offboard, and scale your accounting team across offices without compromising client confidentiality.
Organisation & Branch Controls
Manage multiple offices, remote staff, and franchise networks centrally. Maintain head-office visibility while ensuring strict per-branch data siloing.
Team Permissions & Silos
Ensure compliance with Australian Privacy Principles (APPs) by restricting staff access to specific client portfolios or geographic branches.
Rapid Onboarding & Offboarding
Provision new accountants instantly. When staff leave, a single click revokes access system-wide, securing client data before they exit the building.
Capacity & Leave Management
Automatically reroute secure client communications and sensitive documents when team members take leave, preventing bottlenecks and data exposure.
100% Australian Data Sovereignty
AccountantOS infrastructure exclusively utilizes Australian cloud availability zones (Sydney & Melbourne regions). Your client identities, TFNs, and financial histories stay strictly onshore. We neversell, rent, or trade your firm’s data.
Disaster Recovery & Backups
Platform data is encrypted and backed up daily across multi-AZ redundant infrastructure. We ensure business continuity and rapid recovery so your firm is protected against hardware failures and ransomware.
Data Portability & Deletion
You own your data. You can initiate bulk exports of your client records and working papers at any time. Account deletion requests permanently scrub your firm's data in compliance with the Privacy Act.
Vetted Sub-Processors & Infrastructure
AccountantOS runs on established, enterprise-grade cloud providers (AWS/Vercel). We maintain a strictly vetted, minimal list of sub-processors for essential functions like transactional email and payments. Premium integrations (e.g., biometric identity verification or ATO bridging) are only engaged when explicitly enabled by a firm admin.
The Shared Responsibility Model
Cybersecurity is a partnership. AccountantOS secures the software application, databases, and network infrastructure. Your firm is responsible for securing staff devices, managing user access, enabling MFA, and fulfilling professional obligations under the TPB, AUSTRAC, and the Privacy Act 1988 (Cth). Under privacy law, your firm remains the Data Controller, while AccountantOS acts as the Data Processor.
See AccountantOS for your firm
Opening to Australian firms in controlled early-access batches. Get in early and help shape the platform.