How Ando protects your financial data
Your bank and accounting data is the most sensitive information in your business. Here's exactly how Ando keeps it safe — mapped to the cybersecurity guidelines the NPMA publishes for pest control operators in its “Protecting Your Business” guidance.
Every control below is in place today. We list only what we actually do — no aspirational security theater.
Read-only by design
Ando connects to your bank through Plaid in read-only mode. We can see transactions to analyze them — we can never initiate a transfer or move your money. Ando never sees or stores your bank login.
Your financial data
- ✓Row-level security (RLS) is enabled on every data table — bank items, business profiles, subscriptions, and push subscriptions — so each row is readable only by the user who owns it.
- ✓Data is encrypted in transit (HTTPS/TLS is enforced on every request) and encrypted at rest by default in our database provider.
- ✓Bank connections via Plaid are read-only: Ando can see transactions but can never move money.
- ✓QuickBooks connections via Intuit OAuth are read-only: Ando reads your P&L, A/R, and balances but can never edit your books.
Authentication
- ✓Authentication is handled by Supabase Auth — a dedicated identity provider — rather than rolled by hand.
- ✓Sign-in supports email/password and magic-link invites, with a standard password-reset flow.
- ✓Every protected page and API route requires a valid authenticated session before any of your data is returned.
Scoped, per-user access
- ✓Access is scoped to the individual user: queries are filtered by your user ID, so one account can never read or overwrite another account’s data.
- ✓Administrative actions are gated behind an admin-only role and a separate redirect guard.
- ✓The database service-role key is used only on the server and is never shipped to the browser.
Verified, monitored integrations
- ✓Inbound webhooks are signature-verified before we act on them: Plaid webhooks are checked with ES256 JWT verification, and Stripe webhooks are verified with the official signing-secret check.
- ✓Sensitive actions are rate-limited (for example, insight generation and report emails) to limit abuse and surface anomalies.
- ✓Connection errors from the bank (such as a required re-authentication) trigger an alert so issues are caught and acted on quickly.
Built so you don’t have to be the expert
- ✓Ando is designed for owners who do their own finances — the secure defaults are ours to maintain, not yours to configure.
- ✓Sensitive credentials (bank tokens, service keys, push keys) live server-side only; nothing security-critical is exposed in the browser.
- ✓Bank connections go through Plaid’s own consent flow — the same technology behind Venmo and Robinhood — and Ando never sees or stores your bank login. QuickBooks connections use Intuit’s OAuth; Ando never sees or stores your Intuit credentials.
Hardened hosting & a single guarded entry point
- ✓Ando runs on managed, HTTPS-only hosting that enforces TLS on every connection.
- ✓A single proxy entry point guards authenticated routes, so unauthenticated requests never reach protected pages.
- ✓Third-party data processors (Plaid for banking, Intuit for QuickBooks data access, Stripe for payments) are industry-standard providers that carry their own security and compliance programs.
We never invent your numbers
Security isn't only about who can access your data — it's about whether you can trust what you're shown. Every figure on your Ando dashboard traces back to your actual QuickBooks or bank records. The AI interprets and explains those numbers; it never fabricates them.
That's the same discipline we apply to security: only claim what's real.
See it on your own books
Connect QuickBooks or your bank in a couple of minutes — read-only, encrypted, yours.