Security at scount.my

Your books are guarded like the vault.

Financial data is the most sensitive thing a business owns. Here's exactly how we keep yours safe — engineering, processes, and the people who break things on purpose.

Encryption everywhere

TLS 1.3 in transit, AES-256 at rest. Even our own engineers can't read your invoices in the database.

Continuous backups

Point-in-time recovery to any second within the last 30 days. Geo-redundant copies tested weekly.

Access controls

Workspace-level permissions, optional 2FA, session timeouts. We log every privileged action.

Full audit trail

Every login, every change, every export — recorded with who, what, when. Forensics-ready.

Defence in depth

The full picture, layer by layer.

Network

Hardened perimeter

· DDoS protection on every endpoint
· WAF in front of public services
· Private subnets for databases — no public IPs
· IP allowlists available for enterprise

Application

Built secure-by-default

· Per-workspace tenant isolation
· Argon2id password hashing
· OWASP Top 10 mitigations baked in
· Automated dependency scanning
· Code review required on every change

People & process

Smallest possible blast radius

· Least-privilege access for the team
· 2FA required for every staff account
· Background checks on all engineers
· Quarterly access reviews
· Documented incident response playbook