Security Protocols

At Botkeeper, your security is our highest priority

Badge AICPA SOC -02

Botkeeper Maintains SOC 2 Type 2 Accreditation.

Botkeeper’s automated bookkeeping solution takes security seriously, with industry-standard SOC 2 Type 2 accreditation, two-factor authentication, and 256-bit encryption for data at rest and data in transit.

SOC 2 Type 2 accreditation means:

  • Botkeeper has the required data security controls in place to protect customer data against unauthorized access.

  • Botkeeper can detect anomalies and security incidents across its entire ecosystem.

  • In addition to preventing risk situations, Botkeeper can quickly repair damage and restore functionality in the event of infrastructure or system failures.

  • Botkeeper’s security controls are both correctly designed AND function as intended.

Botkeeper’s SOC 2 Type 2 accreditation is granted by an industry best, reputable independent third party, and Botkeeper renews the report annually with continuous testings. That means any information shared with Botkeeper is protected to the highest current standards, and you can rest easy knowing your data is in good hands.



We follow best up-to-date security practices

Security at Botkeeper is never set-and-forget

Our security team does far more than lay out and implement a security policy; they monitor trends and threats in the digital world, continuously adapting our flexible and robust security protocols to provide maximum protection. Our systems and staff experience ongoing testing and checking to ensure security compliance and best practices. Our staff is regularly trained and re-trained on appropriate security protocols, and we employ penetration testing to confirm the efficacy of our solutions.

Our security platforms, policies, and processes

Dedicated to comprehensive security

Our data protocols include 256-bit encryption as well as several other best-in-class security protocols, including background checks, biometrics, and extensive permissions. All of our systems and databases are located in AWS data centers within the US, plus we own our IP. Our policies and procedures are regulated by US law. Botkeeper maintains SOC 2 Type 2 attestation and renews it annually. 

Personal information should stay that way

We take every precaution to protect you

We do not collect any personal information about you unless you voluntarily provide it to us, and we do not sell, rent, or lease your personal information to third parties without your consent. We secure your personal information from unauthorized access, use, or disclosure, using the following methods for this purpose: SSL Protocol; Two Factor Authentication; and Database Encryption.

Vulnerability management

Our Vulnerability Disclosure Program keeps everyone safer

At Botkeeper, we value the role that security researchers play in maintaining and improving the security of our platform. Recognizing the importance of collaborative security efforts, we engage with a global community of ethical hackers and security researchers through our Vulnerability Disclosure Program (VDP). Our VDP is designed to encourage responsible disclosure, providing a safe channel for reporting vulnerabilities directly to our security team.  If you think you’ve found a vulnerability in the Botkeeper platform, reach out to us via our VDP program page. 

security protocols botkeeper

Continuous monitoring

These are the controls we continuously monitor.