INT Services takes the protection of client financial information seriously. This page summarizes the practices we follow when handling, storing, and processing client data, and what to expect from us in the event of a security incident.
Data Handling
- Data in transit is protected with industry-standard TLS encryption. Data at rest is protected by encryption provided by the underlying accounting, email, and file storage platforms we use.
- Access to client files is limited to the assigned bookkeeper(s) on your engagement, following the principle of least privilege.
- Sensitive documents are exchanged through secure file sharing tools. We avoid sending sensitive financial documents as plain email attachments whenever possible.
- Multi-factor authentication (MFA) is enforced on internal email accounts, accounting platform logins, and file storage tools.
- A mutual non-disclosure agreement (NDA) is available on request prior to sharing sensitive information.
Data Retention
- Client financial records are retained for the duration of the engagement so we can support ongoing bookkeeping work.
- After an engagement ends, records are typically retained in line with standard accounting recordkeeping practices (commonly up to seven years), unless the client requests earlier deletion.
- Clients may request a full export of their data at any time during or after the engagement.
- Clients may request deletion of their data after engagement ends, subject to any legal, regulatory, or contractual hold periods that require continued retention.
- Backups maintained by underlying platforms generally roll off within 30–90 days, depending on the vendor.
Sub-processors
To deliver remote bookkeeping and accounting support, INT Services may rely on the following categories of third-party tools that can process client data:
- Accounting platforms — QuickBooks, Xero, Zoho Books, FreshBooks, Wave, and Sage (used to maintain client books).
- Email & productivity — Google Workspace and/or Microsoft 365 (used for client communication and documents).
- Secure file sharing — Google Drive, Dropbox, or equivalent (used to exchange documents).
This list may change over time as our tooling evolves. Material changes affecting an active engagement will be communicated to the client. INT Services is not affiliated with, sponsored by, or a reseller of any of these platforms. All product names and trademarks are the property of their respective owners.
Breach Response
- Upon detection of a suspected security incident, we begin investigation promptly to determine scope and impact.
- Affected clients are notified without undue delay, with a target of notification within 72 hours of confirming an incident that may have affected their data.
- Notifications include the nature of the incident, the categories of data potentially affected, the steps we are taking, and recommended actions for the client.
- Where applicable, we cooperate with regulators and law enforcement.
- Following remediation, we provide affected clients with a summary of root cause and corrective measures.
Reporting a Security Concern
If you believe you have discovered a security issue affecting INT Services or your data with us, please contact us immediately using the details below so we can investigate. Please avoid sharing sensitive details of the issue over public channels.
Scope & Limitations
INT Services is a remote bookkeeping and accounting support provider. We do not sell, license, resell, or develop accounting software, and we do not provide licensed public accounting, audit, attest, or tax filing services. The practices described above reflect operational measures we follow and are not a representation of any specific certification or regulatory accreditation.