Security

SellerBooks holds bookkeeping and financial information for businesses that depend on its accuracy and confidentiality. We treat that responsibility seriously. This page summarizes our approach. SellerBooks is operated by JPS Alliance Inc.

Where Your Data Lives

Customer data is hosted with a major cloud provider in Canada. Some operational data is processed transiently outside Canada by our service providers in the course of delivering the Services.

Encryption

All traffic between your browser, our application, and our service providers is encrypted in transit using TLS. Customer data, document files, and integration credentials are encrypted at rest using industry-standard methods.

Access Control

Production access is restricted to authorized personnel under least-privilege controls and protected by multi-factor authentication. Customer data is partitioned by business and isolated at the data-access layer. Administrative actions are logged.

Compliance

Payment-card data is processed and tokenized directly by Stripe (a PCI DSS Level 1 service provider); SellerBooks never stores raw card numbers. We operate consistent with PIPEDA, Quebec Law 25, the GDPR (where applicable), and the CCPA (where applicable). Our hosting provider holds independent SOC 2, ISO 27001, and PCI DSS attestations that apply to the underlying infrastructure layer.

Breach Notification

If we confirm a security incident affecting customer data, we will notify affected customers and the relevant supervisory authorities without undue delay and, in any event, within 72 hours of confirmation, consistent with applicable law.

Customer Responsibilities

Security is a shared responsibility. Please use a unique, strong password; enable multi-factor authentication; keep the email account you use to recover access secure; review and disconnect connected services you no longer use; and report suspected account compromise to security@sellerbooks.ca immediately.

Reporting a Security Issue

If you believe you have identified a security vulnerability in SellerBooks, please report it to security@sellerbooks.ca. We ask that you act responsibly: do not access data that is not yours, do not disrupt the Services for other customers, and do not perform destructive testing. We will not pursue legal action against researchers who follow this guidance.

Contact

Security questions and vulnerability reports: security@sellerbooks.ca. Privacy and data-rights questions: privacy@sellerbooks.ca. General legal questions: legal@sellerbooks.ca.