Trusting someone with your books means trusting them with your access. Here is exactly what access we ask for, what we can and cannot do with it, and how you keep control of it from the first invite to the last.
What access you actually give us
You give us accountant-role access to your QuickBooks Online file — a limited role you invite and can revoke yourself — never your primary-admin login, and never your bank or credit-card passwords.
Security starts with asking for less, not more. Rather than sharing a password or making us an owner, you invite us into the accountant role QuickBooks Online was built to offer outside firms: scoped, logged, and entirely under your control. That least-privilege posture is not a policy we bolt on at the end — it is the same discipline our whole methodology runs on, where read-only wherever the work allows and your approval before any change are the defaults, not the exceptions. If a task only needs to read your books, we do not ask to change them.
How QuickBooks Online accountant access works
QuickBooks Online has a dedicated accountant role that you grant by sending an invite from your own account; you remain the master admin, we work inside that scoped role, and you can remove us from the same screen at any time.
The accountant-access model
The mechanics matter because they are what make the promise verifiable rather than a matter of trust. The invite is issued from your account, so the record of who has access lives on your side, not ours. Nothing about the accountant role changes who owns the company file — you stay the master admin the entire time. And because the role is granted this way, taking it back is not a request you file with us; it is a setting you change yourself, and it takes effect the moment you save it.
What we can and cannot see and do
Inside the accountant role we can see and correct your bookkeeping — transactions, the chart of accounts, reconciliations, and reports — while your ownership of the account, and the decision to approve any change, stays with you.
The role exists so an outside specialist can do real bookkeeping without becoming the owner of your business's QuickBooks. In practice that means we can read the file to find what is wrong and, once you approve a written plan, make the corrections a QuickBooks cleanup or catch-up needs. What the role does not do is hand us the keys to the company: we do not become the master admin, we do not manage your users or subscription, and nothing in your file is changed on our judgment alone. Wherever a task only needs to look rather than touch, we keep the access read-only — least privilege is the setting, not a favor.
How we handle your credentials: we store none
We store none of your credentials — there is no password for us to keep, because QuickBooks Online access runs through its own invite system rather than a shared login.
This is the part people worry about most, so it is worth being plain: we do not keep a file of your usernames and passwords anywhere, because the way we connect does not create one. Accountant access is tied to our own login accepting your invite, not to us holding yours. And we never ask for your online-banking credentials at all — not your bank website password, not a second login, nothing. A reconciliation is done from the bank feed and the statement PDFs already sitting inside QuickBooks; the raw keys to your bank account are neither needed nor wanted. If anyone claiming to work on your books ever asks you to hand over a banking password, that is a reason to stop.
The small, US-hours team behind your file
Your file is handled by a small team that overlaps with US business hours, so you can reach a real person during your own workday and always know who has touched the books.
We keep the team small on purpose. Fewer hands on a file means clearer accountability — you are not one ticket in a queue of thousands, and the person who made a change can tell you why. Working in overlap with US business hours means questions get answered inside your day, not returned overnight, and it means the written change log you receive traces back to real, reachable people rather than an anonymous back office. The same posture holds no matter which state you run your business from; how we work does not change from one place we serve to the next, because the work lives inside your QuickBooks file rather than at any one desk.
What we never do
We never ask for your primary-admin login, never store your passwords, never request online-banking credentials, and never change your file without your written approval.
It is easy to say what we do; a security posture is clearer when it also states what is off the table. We will not ask you to transfer ownership of your QuickBooks account, because the accountant role makes that unnecessary. We will not keep your credentials, because our access does not depend on holding them. We will not touch your online-banking logins, because reconciliation does not need them. And we will not make a single correction you have not seen and approved first — the approval step is a security control as much as a quality one, since it means nothing moves in your file without your sign-off on the record.
Where your data goes
Your data stays inside QuickBooks and the limited records an engagement produces — findings, a change log, and the reports we snapshot — and how those are handled is set out in our privacy notice.
The bookkeeping itself happens in your QuickBooks Online file, not in some separate system we copy it into. What we generate alongside it is the paper trail of the work: the written findings from your review, the change log listing every correction, and the before-and-after report snapshots that prove the numbers still tie. Those exist so the work is auditable by you, your CPA, or a lender — and what we collect, why, and how it is handled is documented in our privacy policy. If access, credentials, and the data trail all point the same way, it is by design: you can see it, you can check it, and you can end it whenever you choose.