How Secure Is DocuClipper?, Docs

DocuClipper handles financial documents from accountants, lenders, and bookkeepers every day. Security controls are built into the platform end-to-end.

Encryption

In transit: all connections use TLS 1.2+. No unencrypted endpoints are exposed.
At rest: documents and extracted data are stored encrypted (AES-256) in SOC 2 compliant cloud infrastructure.
Backups are also encrypted and follow the same retention policy as live data.

Compliance and reviews

SOC 2 Type II: DocuClipper undergoes annual independent audit.
Intuit security review: DocuClipper's QuickBooks integration is reviewed yearly by Intuit as part of the App Store certification process.
GDPR: EU data subject requests (access, deletion, export) are supported. Contact support with your account email.
Enterprise security questionnaires and NDAs: available on request for Business and Enterprise plans.

Access controls

Role-based access (Read / Write / Admin) at the folder level.
SSO available on Enterprise plans.
Password reset flows use signed, time-limited tokens.
No DocuClipper employee has routine access to customer data; access for support is audit-logged and requires customer consent.

Data retention and deletion

Job data is retained according to your plan (30 days on Starter, 2 years on Professional, 5 years on Business/Enterprise). See Jobs are missing.
You can delete a job manually at any time. Click Delete from the job's actions menu. Deletion is permanent.
Deleted data is purged from backups within 30 days.

What DocuClipper does NOT do

We do not sell or share customer data with third parties.
We do not use customer financial documents to train AI models.
We do not retain documents longer than your plan's retention window unless you explicitly keep them.

Policies

For additional documentation (SOC 2 report, security questionnaire), email security@docuclipper.com.