Security

How your firm’s data is protected.

Billswarm processes the most sensitive document a CPA firm produces in a month, its billing PDF. We design every part of the product around keeping that document private, intact, and traceable, and this page is the commitment we hold ourselves to.

What this site is, and isn’t

This is billswarm.com, the marketing site. It processes no customer data; it has no database, no PII, no analytics. The Billswarm application lives at app.billswarm.com, runs in an isolated AWS environment, and is governed by the customer agreement signed with your firm. The controls below apply to the application.

Encryption

At rest: AES-256 on all customer artifacts: uploaded PDFs, derived per-client packets, generated XLSX, audit records, and database backups.
In transit: TLS 1.2+ enforced end-to-end. HSTS on the application domain.
Key management: AWS KMS, customer-managed keys with rotation per AWS guidance.

Tenant isolation

Row-level security: Every CPA firm is a separate tenant. Isolation enforced at the database layer (PostgreSQL RLS), not at the application layer. A query missing a tenant predicate returns zero rows.
Storage: Per-tenant object prefixes; signed URLs scoped to the requesting tenant.

Audit log

Capture: Every action is recorded with actor, timestamp, and rationale: upload, line edit, flag triage, approval, write-off, and export.
Integrity: Append-only. Audit records are not deletable or editable from the application surface.
Retention: Held for the life of the contract plus the period your firm’s document-retention policy requires.

Least-privilege access

Default posture: Engineering access to production is read-only by default. No casual access to customer data.
Elevated access: Short-lived, scoped to incident response, every session logged.
Background checks: Planned for all personnel with production access as the team grows.

Subprocessors

Posture: Short and deliberate. Current list provided to customers in the order form; updated when it changes; customer notification on material additions.
Client-data sub-processors: AWS (us-west-2) hosts the application — RDS (Postgres), S3, and KMS. Model inference runs through Amazon Bedrock (the default in-AWS path) and Anthropic. Customer data is not used to train shared models.

Vulnerability reporting

Channel: security@billswarm.com. We acknowledge within two business days; status update within five.
Safe harbor: Good-faith research conducted within the scope below is welcome; we will not pursue legal action against researchers who act in good faith.

Questions about how any of this applies to your firm? Email austin@billswarm.com. For security disclosure specifically, security@billswarm.com.