DocuClipper logo
Docs/Help Center
Security & Compliance

How Secure Is DocuClipper?

Encryption in transit and at rest, SOC 2 Type II, Intuit security review, and data retention: what DocuClipper does to protect financial data.

Last updated

DocuClipper protects customer data with TLS 1.2+ in transit, AES-256 encryption at rest, annual SOC 2 Type II audits, and an annual Intuit App Store security review of the QuickBooks integration; customer documents are never used to train AI models or sold to third parties.

Role-based access controls (Read / Write / Admin) apply at the folder level, SSO is available on Enterprise, and data retention follows your plan (30 days on Starter, 2 years on Professional, 5 years on Business/Enterprise) with deletions purged from backups within 30 days.

What encryption does DocuClipper use?

  • In transit: all connections use TLS 1.2+. No unencrypted endpoints are exposed.
  • At rest: documents and extracted data are stored encrypted (AES-256) in SOC 2 compliant cloud infrastructure.
  • Backups are also encrypted and follow the same retention policy as live data.

Compliance and reviews

  • SOC 2 Type II: DocuClipper undergoes annual independent audit.
  • Intuit security review: DocuClipper's QuickBooks integration is reviewed yearly by Intuit as part of the App Store certification process.
  • GDPR: EU data subject requests (access, deletion, export) are supported. Contact support with your account email.
  • Enterprise security questionnaires and NDAs: available on request for Business and Enterprise plans.

Access controls

  • Role-based access (Read / Write / Admin) at the folder level.
  • SSO available on Enterprise plans.
  • Password reset flows use signed, time-limited tokens.
  • No DocuClipper employee has routine access to customer data; access for support is audit-logged and requires customer consent.

Data retention and deletion

  • Job data is retained according to your plan (30 days on Starter, 2 years on Professional, 5 years on Business/Enterprise). See Jobs are missing.
  • You can delete a job manually at any time. Click Delete from the job's actions menu. Deletion is permanent.
  • Deleted data is purged from backups within 30 days.

What DocuClipper does NOT do

  • We do not sell or share customer data with third parties.
  • We do not use customer financial documents to train AI models.
  • We do not retain documents longer than your plan's retention window unless you explicitly keep them.

Policies

For additional documentation (SOC 2 report, security questionnaire), email security@docuclipper.com.

FAQs

Is DocuClipper SOC 2 compliant?

Yes. DocuClipper undergoes annual independent SOC 2 Type II audits, and the QuickBooks integration is reviewed yearly by Intuit as part of the App Store certification process.

How is my data encrypted?

All connections use TLS 1.2 or higher in transit, and documents and extracted data are stored with AES-256 encryption at rest on SOC 2 compliant infrastructure. Backups are encrypted under the same policy.

Does DocuClipper use my documents to train AI models?

No. DocuClipper does not use customer financial documents to train AI models and does not sell or share customer data with third parties.

How long does DocuClipper keep my data?

Retention depends on the plan: 30 days on Starter, 2 years on Professional, and 5 years on Business and Enterprise. You can delete a job manually at any time, and deletions are purged from backups within 30 days.

Can DocuClipper employees see my documents?

No employee has routine access to customer data. Support access requires customer consent and every access event is audit-logged.

Is DocuClipper GDPR compliant?

Yes. EU data subject requests for access, deletion, and export are supported. Contact support from your account email to file a request.

Related