Your bills, your bank statements, the numbers you'll be signing off. Here's how they're kept — in plain terms, no badges, no wall of logos. Everything on this page is built and running today. Where we haven't got something, we've said so rather than left you to assume.
If you're doing the books for a dozen companies, this is the one that keeps you awake. Every document here belongs to exactly one business — and there's no path from one to another.
Nothing sits in a shared pile. Someone who works on one client only ever sees that one — not a filtered view of everything, but genuinely only that one.
Your suppliers, your numbers, the corrections you made last Tuesday. None of it makes its way into another customer's account, and none of it is shared out.
If someone goes looking for another client's paperwork, they're told there's nothing there — not that they're not allowed it. “You can't have that” would confirm it exists. So we don't say it.
Not a note in a policy that everyone agrees to and nobody reads. A person who's been given a look at the books simply cannot do the other things — the buttons aren't there and the door isn't there either.
Not won't. Can't. It isn't kept in a form anyone can read — and that includes us, and it includes anyone who ever gets hold of the database.
Documents arrive by email, which means the address itself is a way in. So it's built like a door, not a letterbox.
You get your own address for documents. Mail to an address that doesn't exist here quietly stops.
We work out whether a message genuinely came from the supplier on it, rather than someone with a convincing signature block.
Name the senders you'll accept documents from, and that's the list. Everything else is somebody else's problem.
The thread through all of it: when in doubt, do nothing rather than something wrong. It's the same instinct that makes a rule stop rather than guess.
Every serious leak you've read about was the same story underneath: one door somebody forgot to lock. Not a clever attack — a forgotten door.
So we stopped relying on remembering. Every time we go to release an update, our own system walks through every single door in the software and checks each one is locked. If one isn't, the release stops.
There are exactly four ways into the system that don't need a login, and they're on a list. Add a fifth by accident on a Friday afternoon and the release fails on the spot. Nobody has to notice. Nobody has to be having a good day.
It isn't a promise, and it isn't a policy document. It's a machine that refuses.
Four ways in without a login. On a list. Counted every time.
Two questions that get asked eventually: “who did this, and when?” and “is that actually deleted?” Both have straight answers.
Every login, every change, every document that moved — with a name and a time against it. And it's kept in a way that survives even when something goes wrong mid-way, which is precisely the moment you'll want to read it.
Delete a document and the original PDF is genuinely destroyed, and the numbers read off it are wiped. Not hidden from a list. Gone.
What stays behind is the note that a document was here and what it cost you. Deliberately — so your billing adds up and your audit trail doesn't develop holes exactly where someone tidied up.
Turn processing off and documents still arrive and sit safely, costing nothing, until you say go. Useful when you're not sure yet, or when a batch turns up that you'd rather look at first.
Nothing here starts reading your paperwork because it was left switched on by default.
Turn it on whenever. The pile is still there.
You've seen the page we're not showing you — the row of logos, the seals, the acronyms in neat grey boxes. We haven't got those. What we've got is everything above, which is the actual list, written out, in words you can hold us to.
We'd rather tell you exactly what's true than show you a logo. If there's something on this page you want to poke at, ask — we'd honestly rather you did. And if there's something you need that isn't here, we'll tell you it isn't here.
Bring the list your IT person gave you, or just the one thing that's been bothering you. We'll go through it, and where the answer is “no, we don't do that”, you'll get that too.