FP&A PlatformCustom SoftwareFree ToolsNewsPricing
GuidesCustomer StoriesWhat's New
Sign InGet Started Free

Security

Your Financial Data, Protected.

We handle sensitive financial information. We take that responsibility seriously. Here’s how we protect your data.

SOC 2 Readiness

We conduct quarterly internal SOC 2 audits aligned with the Trust Services Criteria — covering security, availability, processing integrity, confidentiality, and privacy. We have completed two internal audits to date and are actively working toward formal third-party certification.

Encryption in Transit & at Rest

All data transmitted between your browser and our servers is encrypted with TLS 1.3. Data stored in our database is encrypted at rest using AES-256 encryption. Your financial data is never accessible in plaintext outside of authenticated sessions.

Multi-Factor Authentication

Every James Analytics account is protected by multi-factor authentication (MFA) using time-based one-time passwords (TOTP). MFA is set up during registration — not optional, not afterthought. Backup codes are provided in case of device loss.

OAuth-Based Integrations

When you connect QuickBooks, Xero, or Puzzle.io, James uses OAuth 2.0 authentication. We never store your accounting platform login credentials. You authorize access through the provider's own secure flow, and you can revoke access at any time.

Session Security

Sessions are protected with JWT tokens and automatic 30-minute inactivity timeouts. If you walk away from your desk, your session locks automatically. Tokens are short-lived and cannot be reused after expiration.

Infrastructure Security

James Analytics is hosted on enterprise-grade cloud infrastructure with automated backups, monitoring, and incident response. Our database runs on Supabase (built on PostgreSQL) with row-level security policies enforcing data isolation between accounts.

Our Security Commitments

What we commit to every customer, every day.

  • Quarterly internal SOC 2 audits aligned with Trust Services Criteria
  • No selling or sharing of customer financial data — ever
  • Data deletion available on request with full account removal
  • Minimal data collection — we only store what's needed to provide the service
  • Regular dependency updates and security patching
  • Incident response procedures with customer notification protocols
  • Access controls with role-based permissions for team accounts
  • Audit logging for sensitive operations and data access

AI & Your Data

How Ask James AI Uses Your Data

What happens when you ask a question

When you use Ask James AI, your question and relevant financial context are sent to Anthropic’s Claude API for processing. The AI analyzes your data to generate an answer, then the response is returned to you. Your financial data is used only to answer your specific question — it is not stored by the AI provider, used for model training, or accessible to other users.

What we don’t do

  • We do not sell your data to third parties
  • We do not use your financial data to train AI models
  • We do not share your data with other customers
  • We do not retain AI conversation data beyond your session

Questions About Security?

We’re happy to discuss our security practices in detail. Reach out and we’ll connect you with our team.

Contact UsPrivacy Policy