§The Trust Issue

Books you can
actually trust.

Honest, practical security for church finances. Every change recorded in an audit log, sensitive credentials AES-256 encrypted at rest, daily backups, and HTTPS in transit. No SOC 2 badge — just the practices a careful treasurer would actually want.

No credit card required · 7-day free trial · Cancel anytime

Audit Log
Every change tracked
Today
24
This Month
612
Last 90d
1.8k
Recent activity
Treasurer edited transaction Office Depot — supplies
amount: $87.50 → $97.50
2 min ago
Treasurer reconciled May 2026 · Operating
42 transactions matched
18 min ago
Pastor J. logged in
IP 198.51.100.x · Chrome
1 hour ago
Treasurer deleted recurring Old internet provider
kept in audit log
3 hours ago
Admin invited auditor@cpa-firm.com
role: Auditor (read-only)
Yesterday
Backup completed
Daily snapshot · 3:00 AM ET
§ I.Audit Log

Every change, on the record.

Edits, deletions, logins, role changes, reconciliations — anything that touches the books is recorded with the user, action, and timestamp. Searchable, filterable, exportable.

  • Who did what, when
    Every entry pins a real user to an action — no shared accounts, no anonymous changes.
  • Before & after
    For edits, the log records what changed — old value, new value, on which field.
  • Exportable
    Download the full log as CSV for auditors. Filterable by user, date, action type.
  • Append-only
    Audit entries can't be edited or deleted — even by an admin. The log is the source of truth.
Audit entry #1,284
Transaction edited
2 min ago
User
Treasurer
treasurer@grace.org
Timestamp
May 4, 2026 · 14:32 ET
IP 198.51.100.42
Changes
amount
-$87.50
-$97.50
category
Office Supplies
Office Supplies
note
Adjusted per receipt
Append-only · cannot be editedLinked txn: #tx_8442
Data Backup
Daily automatic · on-demand export
Export now
Live
Daily Backup
Last: May 4 · 3:00 AM ET
Next: May 5 · 3:00 AM ET
24.2 MB
Export ready
Transactions, donors, funds
JSON + CSV
Last 5 backups
May 4 · 03:0024.2 MBOK
May 3 · 03:0024.1 MBOK
May 2 · 03:0024.0 MBOK
May 1 · 03:0023.9 MBOK
Apr 30 · 03:0023.7 MBOK
§ II.Backups & Export

Your data, always yours.

Daily automatic backups protect against data loss. On-demand export lets you pull a copy of everything — donors, transactions, funds — as JSON or CSV anytime.

  • Daily automatic backups
    Production database snapshot every day, retained on Neon's point-in-time recovery.
  • On-demand export
    Trigger a full data export anytime. Get a downloadable file with every record.
  • Cancel and walk away
    No data hostage situation. Cancel your subscription, export your data — it's yours.
§ III.Encryption

Said plainly. No bank-level theater.

Here's exactly what protects your church's data. No marketing superlatives — just the practices.

In transit: HTTPS / TLS

Every request between your browser and our servers travels over HTTPS with strong TLS. Certificates auto-renew via Let's Encrypt.

  • HSTS enabled
  • TLS 1.2 minimum
  • No mixed content
At rest: AES-256

Sensitive credentials — Stripe API keys, OAuth tokens, integration secrets — are encrypted with AES-256-GCM before being written to the database.

  • AES-256-GCM
  • Key rotation supported
  • No plaintext secrets
Passwords: never seen

We use Better Auth with industry-standard password hashing. Your password is hashed and verified — never logged, never visible to us.

  • Argon2 / bcrypt hashing
  • Salted per user
  • No plaintext storage
Payments: Stripe

Card numbers and bank details never touch our servers. Stripe (PCI DSS Level 1) handles all card data. We store only tokens that reference Stripe customers.

  • PCI Level 1 (Stripe)
  • Tokenized customer IDs
  • Webhook signatures verified

No SOC 2 badge. No HIPAA claim. Just the practices an attentive treasurer would want — and a willingness to say so.

§ IV.Auditor Portal

A door for outside reviewers.

Year-end audit doesn't need to be a PDF scramble. Invite your CPA or outside auditor with a scoped, read-only account — they review ledgers and reports directly, with no risk of edits.

  • Read-only access
    Auditors can view everything — but cannot edit, delete, or move money.
  • Time-bound
    Grant access for the audit window. Revoke the moment the review is done.
  • Audit log included
    Auditors see the full audit log alongside the books — they can verify edits at the source.
Auditor access
2 active reviewers
Invite auditor
SC
Smith & Co. CPA
audit@smithcpa.com
Read-only
FY 2025 audit·Expires Jun 15
MK
Internal Review · Mary K.
mary@grace.org
Read-only
Q1 spot check·Expires May 31
JL
Previous · Jones LLP
auditor@joneslp.com
Revoked
FY 2024 audit·Revoked Feb 14
Auditor actions are logged separately

What we actually do, said plainly.

No SOC 2, no HIPAA

We have not pursued either certification. We tell you that up front because the alternative — vague badges — is the opposite of trust.

Payments by Stripe

Card numbers and bank details never touch our servers. Stripe (PCI DSS Level 1) handles all card data.

Append-only audit log

The log records every change. Even admins can't edit or delete entries — the log is the source of truth.

Questions

What boards ask first.

HTTPS/TLS in transit. AES-256-GCM at rest for sensitive credentials. Payments handled by Stripe (PCI DSS Level 1) — card numbers never reach our servers. Daily database backups.

Books your board can verify.

Every change recorded. Every dollar accounted for. Try every feature for seven days. No credit card.

7-day free trial · Cancel anytime · No credit card required