Your data, taken seriously.
We hold your books. That comes with a duty to be careful β here's how we are.
Encrypted in transit and at rest
Every request to MyAccountsOn is served over TLS 1.2+. The Postgres database storing your data uses AWS-managed at-rest encryption (AES-256).
Hosted on AWS in eu-north-1
Application servers run on Vercel; your data lives in an AWS RDS Postgres instance in eu-north-1 (Stockholm). We do not move data outside that region.
Daily backups, point-in-time recovery
Automated daily backups retained for 7 days and point-in-time recovery up to 7 days back. Restore drills are run periodically.
Per-tenant isolation
Every row in our database is tagged with a tenant_id. The product enforces tenant boundaries on every query β there is no shared "all tenants" path.
Audit trail on every action
Create, post, void, payment, and delete actions are logged with the user and timestamp. Auditors can export the activity log per tenant.
Disclose vulnerabilities responsibly
Found a security issue? Email security@myaccountson.com. We respond within one business day and do not pursue good-faith research.
POPIA
We're built with the Protection of Personal Information Act (POPIA) in mind: data is hosted in eu-north-1 (Stockholm) with appropriate protections, you can export and delete your data on request, and we never share your information with third parties for marketing.
For users outside South Africa, we operate as a data processor under the relevant jurisdiction's rules. If your business needs a Data Processing Addendum, email privacy@myaccountson.com.
Questions about security?
Our co-founder is happy to walk you through the architecture on a call.