Security

Enterprise security, built in from day one

Database-per-tenant isolation, field-level encryption, tamper-evident audit logs, and granular access controls — built into the foundation.

Admin activity — audit trail and tenant events in TripleBooks

Every action lands on a timestamped, hash-chained audit trail

Data isolation

Database-per-tenant

Every organization gets its own isolated Postgres database in TripleBooks Cloud. Your data never shares a database with another tenant.

Network isolation

On TripleBooks Cloud, tenant databases run in isolated compute with no cross-tenant network access.

Self-hosted deployment

Run compiled container images on your Postgres and network. Encryption, tenant isolation, and audit controls apply in cloud and self-hosted deployments. Self-hosting overview

Data residency

Choose where your data lives. Multi-jurisdiction deployment is available for enterprise and regulated deployments — contact sales.

Encryption

Field-level encryption

Sensitive fields encrypted with AES-256-GCM. Encryption keys are rotated automatically.

Encryption at rest

All data encrypted at rest using provider-managed keys with AES-256.

Encryption in transit

All connections use TLS 1.3. No unencrypted data leaves the platform.

Audit trail

Tamper-evident logging

Every create, update, and delete is recorded with timestamp, user, and before/after values, and each entry is hash-chained to the one before it — any alteration breaks the chain and surfaces on verification.

No silent edits

Journal entries, transactions, and account balances cannot be silently backdated, restated, or deleted. Every change is tracked.

Exportable audit history

Full audit log exportable for external review. Auditors can verify the complete history of any record.

Access controls

Role-based permissions

Granular roles at the entity, book, and account level. Admin, Controller, Accountant, Viewer, and custom roles.

Viewing keys with expiry

Grant auditors or investors scoped, read-only access to specific periods, entities, or account ranges. Keys expire automatically.

SSO / SAML

Enterprise single sign-on with SAML 2.0 and OIDC for enterprise deployments — contact sales.

TripleBooks Cloud

Tenant databases

Dedicated Postgres for every organization on TripleBooks Cloud. Automatic scaling, point-in-time recovery, and isolated branches for development.

Application hosting

Web and API services run on TripleBooks Cloud's global edge network with automatic failover and DDoS protection.

Verification layer

Where enabled, verification records can be anchored for independent attestation. Details vary by deployment and configuration.

Compliance

GDPR

Data export, erasure, and consent-rights request flows are supported through our privacy process. Implementation requirements can vary by jurisdiction and use case.

Patent pending

Provisional patent filed for triple-entry accounting with automated proof generation and permanent verification anchoring.

Open API

Full REST API with OpenAPI specification. Build integrations, automate workflows, and audit programmatically.

Questions about security?

We're happy to discuss our security architecture, provide documentation for your vendor review, or schedule a technical deep-dive.

For platform role, Treasury partner disclosures, and verification details, see our Compliance Disclosures page.