Security
We know that our customers’ data is highly sensitive, so protecting it securely is always our number one priority
LiveFlow has achieved a SOC 2 Type I and Type II attestation from a certified auditor with no exceptions in the final report.
We work with an AICPA certified audit firm to evaluate our information Security program and controls on an annual basis and continuously monitor those controls using the Drata platform.
LiveFlow has been reviewed and approved for security by Synopsys, working on behalf of Intuit
01
Infrastructure
All of our infrastructure is managed following the latest best practices in security
Our databases all employ industry-standard AES-256 encryption-at-rest for the entire dataset, and sensitive data is additionally protected by AES-256 application-level encryption
When communicating between systems, LiveFlow always uses TLS encryption, a cryptographic protocol designed for privacy and data security
The abilities to access or modify our systems are granted on the principle of least privilege, and are always protected by multi-factor authentication
02
Application
In order to import reports from your preferred accounting software provider, we need to store tokens that allow us to perform API operations on the user’s behalf
We always store the access tokens with the highest-level of protection, including both at-rest and application-level encryption
The access these tokens provided can easily be revoked by the user with just one click inside our application, or via your accounting software provider’s interface (e.g. QuickBooks Online)
Application data
LiveFlow does not act as a source of truth for your financial data. Any data stored by us is purely to provide a richer and smoother user experience or specific functionality
Types of data and storage mechanisms:
Report data in Google Spreadsheets and Excel Workbooks is owned and controlled by you and the spreadsheet platform provider. LiveFlow can no longer read any data in spreadsheets owned by you once our access to it has been revoked.
Report and transaction data may be stored for performance (e.g. consolidation) or functional reasons (e.g. dashboard snapshots)
This data is protected by 3 layers of encryption: it is first encrypted with customer or tenant specific keys which are themselves encrypted using envelope encryption using AWS KMS. It is then securely stored with encryption at rest in an AWS datacenter located in North America
Supporting data may be stored securely in LiveFlow’s database for performance reasons. This may include: data to identify financial accounts (e.g. name, number) , classes, departments, vendors, etc.
Support access
In order to debug issues that may arise, our support staff may need to inspect the structure of the reports that LiveFlow has generated.
Google Sheets or Microsoft Excel:
We may request from you temporary access to a specific Spreadsheet or Workbook in order to debug an issue. By default, and unless you have explicitly granted us access:
We will not be able to see any of the sensitive information inside those sheets
We will be able to identify the positions of the various rows and columns, but we will not be able to see any names or numbers in the sheet, or in the report data received from your accounting software provider
Reports used on our web platform (e.g. Dashboards):
In order to provide you with support, we may ask you to either explicitly grant us temporary access to your workspace or alternatively share your screen on a call with our technical support.
LiveFlow only ever reads data from the QuickBooks and Xero APIs. We will never make changes to your data in QuickBooks or Xero unless there is an explicit action or request from you to do so.
03
Google Sheets Permissions
In order for LiveFlow to help automate your workflows in Google Sheets, we need you to authorize our application to perform various operations on your behalf. When you first install LiveFlow, you’ll be presented with a screen like the one shown below.
In order for LiveFlow to help automate your workflows in Google Sheets, we need you to authorize our application to perform various operations on your behalf. When you first install LiveFlow, you’ll be presented with a screen like the one shown below.
Some of these permissions might sound a little bit scary at first glance, but let us outline here why exactly we need each of them.
See, edit, create and delete all your Google Sheets spreadsheets
First and foremost, our application needs to be able to edit your spreadsheets in order to create and refresh all the reports you create. In order for us to perform all the operations necessary to complete those actions efficiently, we need to use the Google Sheets API. Without this permission, we simply can’t do all the nice things we want to do for you.
We will only ever use this access in spreadsheets where you have explicitly activated LiveFlow. Within each spreadsheet where LiveFlow is activated, we will only ever make changes in sheets created by LiveFlow. Even within each sheet, LiveFlow will only ever make changes to rows and columns created by LiveFlow – if you add your own rows and columns to the sheet, we won’t touch them! We will never delete any of your spreadsheets, sheets, rows, or columns.
Connect to an external service
This permission allows us to communicate with systems and services outside of Google Sheets. We need this permission to communicate with:
Our own backend APIs: required to authorize access and coordinate integrations
Segment: to track usage of important features
Datadog: to track usage of important features and report errors
Intercom: to provide you with support
Allow this application to run when you are not present
LiveFlow provides a simple way to import reports from QuickBooks into Google Sheets, but some of the best value we provide comes from automatically refreshing those reports. You can choose to refresh your reports whenever you open your spreadsheet, or to automatically refresh every hour. In either case, we need permission to do our work without you having to actively open our add-on every time.
Display and run third-party web content in prompts and sidebars inside Google applications
This one’s pretty simple! In order to allow you to interact with LiveFlow inside Google Sheets, we need this permission to show you our user interface. That user interface allows you to connect QuickBooks or Xero accounts, to create and manage your reports, and even to drill down into your numbers without leaving the sheet – without this permission, we couldn’t do any of that.
04
Microsoft Excel Permissions
In order for LiveFlow to automate workflows in your Excel workbooks, we need you to authorize our application to perform various operations on your behalf.
ReadWriteDocument
This gives us the permissions needed to read the contents and metadata of the workbooks in order to create new sheets, write and update reports generated by LiveFlow and ensure changes are synced. LiveFlow can only perform operations when you open a workbook where LiveFlow has been installed and authorized.
05
Single Sign On
LiveFlow integrates with the SSO providers listed below using OAuth 2.0. We do not process or store any user passwords, all user credentials are handled and secured by your preferred SSO provider.
Google OAuth
Google OAuth is a registration and authentication service provided by Google LLC or by Google Ireland Limited, depending on the location LiveFlow is accessed from, and is connected to the Google network.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.
Microsoft Sign-in
LiveFlow also offers registration and authentication services through Microsoft Sign-In. By registering or authenticating via Microsoft Sign-In, users authorize LiveFlow to identify them and grant access to specific services. In such cases, third-party services may facilitate registration and authentication processes. LiveFlow may access certain data stored by these third-party services for registration or identification purposes.
Microsoft Sign-In, as a registration and authentication service, may collect and process personal data for the mentioned purposes. The data processed may include, but is not limited to, the following:
Email address
First name
Last name
Other data as specified in the privacy policy of the Microsoft Sign-In service
Place of processing: United States - Privacy Policy
Intuit SSO
LiveFlow also offers registration and authentication services through Intuit SSO. By registering or authenticating via Intuit SSO.
Intuit SSO, as a registration and authentication service, may collect and process personal data for the mentioned purposes. The data processed may include, but is not limited to, the following:
Email address
First name
Last name
Phone
Other data as specified in the privacy policy of the Intuit service
Place of process: Dependant on your account’s region – Privacy Policy
Xero SSO
LiveFlow also offers registration and authentication services through Xero SSO. By registering or authenticating via Xero SSO.
Xero SSO, as a registration and authentication service, may collect and process personal data for the mentioned purposes. The data processed may include, but is not limited to, the following:
Email address
First name
Last name
Phone
Other data as specified in the privacy policy of the Xero service
Place of process: Dependant on your account’s region – Privacy Policy
06
Third parties
LiveFlow never sells customer information to third parties.
LiveFlow uses Stripe as a payment provider to accept monthly subscription fees. Stripe does not retain, share, store, use or sell End User Personal Data with third parties.