Nummbas
Get Started

Security

Nummbas takes the security of your financial data seriously. Here is how we protect your information.

Data Encryption

  • All data is encrypted in transit and at rest
  • Connections to third-party platforms use secure protocols

Authentication

  • OAuth connections - most integrations use OAuth, which means Nummbas never sees or stores your platform passwords. You authorize access directly through each platform.
  • API keys - for integrations that use API keys (Stripe, ShipStation, Recharge), keys are stored securely and encrypted at rest. We recommend using restricted or read-only keys.
  • Two-factor authentication - enabled by default for all accounts using email verification codes. Users can switch to an authenticator app (such as Google Authenticator or Authy) in Settings for stronger security. Backup codes are provided when MFA is set up.

Access Control

  • Role-based access - team members have different levels of access based on their role. Owners control billing and account deletion. Admins manage integrations, team, and settings. Members have read-only dashboard access. See Team Members for the full permissions table.
  • Password confirmation - destructive actions like flushing data, deleting accounts, and transferring ownership require password re-entry
  • Session management - secure, token-based authentication with automatic expiration

Data Sharing

  • Your data is never shared with third parties
  • The Data Sharing feature creates time-limited, optionally password-protected links that you control
  • Share links can be revoked at any time
  • Recipients get read-only access only

Integration Security

  • Nummbas only requests read access to your platforms - it will never create, modify, or delete data on your connected services
  • OAuth tokens are refreshed automatically and can be revoked at any time by disconnecting the integration
  • Each integration can be individually disconnected or flushed

Data Retention

  • Your data is retained as long as your account is active
  • If you delete your account, data is retained for a limited period before permanent deletion
  • You can flush all data and re-sync at any time from Settings

Questions

If you have security questions or concerns, contact us at support@nummbas.com.