Security is central to the work we do at ZipBooks.

Here’s a note on how we handle the data we’re entrusted with. Please don’t hesitate to reach out to us with any questions.

Data in transit

ZipBooks uses 256-bit TLS encryption so that as you share data back and forth with ZipBooks, your transmissions are secure — this is the same level of encryption used by banks and all other processors of highly-sensitive data.

Data at rest

All ZipBooks data is stored using several layers of encryption. Stored data is split into chunks, with each chunk encrypted by a unique data encryption key. These keys are stored with the data, wrapped by further encryption keys which are stored in specific and highly secured-service which is redundant and globally distributed. All ZipBooks data is encrypted using either AES256 or AES128.


ZipBooks never touches sensitive credit-card data, either for our paying customers or for our invoice payment features. Though ZipBooks presents forms for credit card entry seamlessly using partners, all credit card information is handled entirely by the service you choose — Stripe, Square, PayPal, etc. — which maintain the highest level of PCI-DSS compliance.

Security testing

We regularly test for vulnerabilities using both internal and external resources. Any potential security vulnerabilities we find are escalated for immediate investigation and take priority over all other engineering tasks.

Optional two-factor authentication

For those users who want to utilize two-factor authentication for an extra level of account protection, we can help you enable that. Simply get in touch at (or use our support chat icon in the lower right corner) and we’ll make sure you can get set up.

Physical data center security

The data centers used by ZipBooks feature a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. The data center floor features laser beam intrusion detection.

The data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders. Access logs, activity records, and camera footage are reviewed in case an incident occurs. Data centers are also routinely patrolled by experienced security guards who have undergone rigorous background checks and training.

Data loss prevention

We keep regular backups of our data. Though we’ve never suffered a data loss event, backups are kept on a rolling basis and destroyed at a later time according to our data retention policy.

User access control

You determine who has access to your data by setting permissions for your team members. Find out more information on adding and setting team member permissions, please see our Help article.




Privacy Preference Center