Legal ยท Last updated: March 26, 2026

Security

TL;DR

untxt. runs on AWS with encryption, access controls, and regular security reviews. We take data protection seriously.

01

How your files are kept safe

  • Files are uploaded straight into encrypted cloud storage. They're never left sitting on our servers.
  • Everything is encrypted - both while it's stored and while it's moving across the internet.
  • Passwords are hashed using industry-standard methods. We never store them in a readable form.
  • All connections to untxt use HTTPS, the same protocol your bank uses.
02

Who can see what

  • Only people you've explicitly invited can see your books or your clients' books.
  • Practice owners control who joins their team and can remove access at any time.
  • Every action - upload, edit, publish, delete - is tied to the person who did it, with a timestamp.
  • You can see exactly who edited what, and when.
03

Connecting QuickBooks & Xero

  • You connect through QuickBooks' or Xero's official login - we never see or store your password.
  • We only ask for the access we need to do the job: read your chart of accounts, read your contacts, and post bills, payments, and receipts when you publish them.
  • You can disconnect any time. Your work in untxt stays intact whether you're connected or not.
04

How AI fits in

untxt uses AI to read documents and suggest categorisations. We're upfront about how it works:

  • The AI sees your document only long enough to extract the data - it doesn't keep a copy.
  • We don't use your documents to train any AI model, ours or anyone else's.
  • You're always in control: every suggestion is reviewable before it's published to your accounting software.
05

If you delete something

  • Deleting a document in untxt permanently removes the file, the extracted data, and the activity history for that document.
  • Anything you've already published to QuickBooks or Xero stays in your accounting platform - your books don't change because you cleaned up untxt. If you want it removed there, you do it in your accounting platform.
  • You can request a full account deletion at any time and we'll wipe everything we have.
06

Compliance

  • Encryption at rest and in transit
  • Detailed audit logs you can review
  • Automatic session timeouts
  • Right to delete your data on request
  • Built with HIPAA technical safeguards in mind - contact us about a BAA if you need one
07

Payments

We use Stripe, the same company that handles payments for many of the world's largest businesses. We never see or store your card number - it goes straight to Stripe.

08

Found a security issue?

Email security@untxt.ai and we'll respond within 24 hours. Good-faith reports are always welcome.

09

Questions?

Email support@untxt.ai.