Security at Poof
Your financial data is sensitive. Poof uses industry-standard security practices including encryption, two-factor authentication, audit logging, and secure bank connections.
Two-Factor Authentication (TOTP)
Protect your account with time-based one-time passwords. Works with authenticator apps like Google Authenticator and Authy.
Role-Based Access Control (RBAC)
5 roles (Owner, Admin, Accountant, Bookkeeper, Viewer) with 26 granular permissions across financial, invoicing, customer management, and admin categories.
Audit Logs
Every action in Poof is logged with timestamps and user attribution. Maintain a complete audit trail for accountability and transparency.
Encrypted Bank Connections
All data is encrypted in transit via HTTPS/TLS. Poof connects via Plaid, the same infrastructure used by major fintech companies. We never store your banking credentials.
Read-Only Bank Access
Poof only reads your transaction data. It cannot move money, make payments, or modify your bank accounts in any way.
Session Management
Active sessions are monitored and can be revoked. Automatic session expiry protects unattended accounts.
Email Verification
Secure account activation and email change confirmation. Verified emails ensure only authorized users access your financial data.
GDPR/CCPA Account Deletion
Full data removal on request for privacy compliance. Delete your account and all associated data at any time.
Bank Connections Powered by Plaid
Poof uses Plaid to connect to your bank accounts. Plaid is the same infrastructure trusted by Venmo, Robinhood, and thousands of other financial applications. Your bank credentials are never stored by Poof — they are handled entirely by Plaid.
Additional Security Measures
Questions About Security?
We take data protection seriously. Reach out if you have questions about how we handle your data.