Public security page
Security, confidentiality, and operating controls.
A plain-English summary of how Ticket Recon handles customer data, account security, connected services, and the commitments we make around trust, protection, and transparency.
At a glance
Your data stays yours. We help you reconcile it securely.
Your data is encrypted in transit and at rest, your credentials get an extra encryption layer on top of that, we never sell your information, our team can't browse your files, and you can export or delete everything anytime.
It's your data - we just help you reconcile it.
- Encrypted in transit and at rest
- Extra encryption for credentials and secrets
- No data sales or marketing sharing
- No admin browsing of customer files
- Export and deletion rights stay with you
Export anytime
Customer workflow data can be exported in standard formats, with a 30-day exit window after termination.
No data sale
Ticket Recon does not sell customer information or share it for advertising or marketing purposes.
Server-side secrets
QuickBooks tokens, marketplace secrets, and saved credentials stay server-side and are not sent back to the browser.
US-hosted
Ticket Recon runs on Google Firebase and Google Cloud infrastructure located in the United States.
Security commitments
The commitments below are the public-facing trust promises the Security page is built around.
01
Ownership
Your data stays yours
- You own everything you put into Ticket Recon. We never claim ownership of your data - your files, your reconciliations, your records. It's yours, period.
- You can export your data anytime in standard formats like CSV and Excel. If you ever leave, you get a 30-day window to take everything with you. There's no lock-in.
02
Privacy
We don't sell your data
- We do not sell your information. Not to advertisers, not to data brokers, not to anyone. We don't share it for marketing purposes either.
- We don't use tracking cookies or advertising pixels. The only technologies running are what's needed to keep the app working and secure.
03
Encryption
Your financial data is encrypted and protected
- Everything you send to Ticket Recon travels over encrypted connections (TLS 1.2+) - the same standard your bank uses.
- Your data is encrypted when it's stored, too. Google Cloud encrypts everything at rest with AES-256, which is military-grade encryption.
- Marketplace credentials and API secrets get an extra layer - we encrypt them again at the application level (AES-256-GCM) before storing them. Even if someone somehow accessed the database, those values are unreadable without the server-side keys.
- Your saved secrets are never sent back to the browser. Once stored, they stay locked on the server.
04
Passwords
We can't see your passwords
- Passwords are hashed by Firebase before storage. Ticket Recon staff never see your password in plain text. Ever.
- Multi-factor authentication (MFA) is available for an extra layer of account protection.
05
Admin access
Our team doesn't browse your data
- Our admin tools are designed for account management (resetting passwords, revoking sessions, etc.) - not for browsing your reconciliations, saved runs, or uploaded files.
- Internal access to customer data is restricted to legitimate needs like support requests you initiate, security incidents, or legal requirements.
- There is no "log in as user" or impersonation feature in the product.
06
QuickBooks
QuickBooks connection is minimal and controlled
- We only pull what's needed to run the reconciliation workflows you request. We don't mirror your entire QuickBooks company file.
- OAuth tokens for QuickBooks are stored server-side and never exposed to the browser.
- You control the connection - disconnect anytime and the credentials are removed.
07
Integrations
You control what's connected
- Slack, Discord, and marketplace integrations only activate when you set them up. Nothing connects automatically.
- Webhook URLs and integration settings are only stored while you're actively using them. Remove the integration and the data goes with it.
08
Incidents
If something goes wrong, we tell you
- If there's ever a security breach that affects your data, we're committed to notifying you and any required authorities within the timeframes the law requires.
- We have an incident response process: investigate, contain, notify, document, and fix.
09
Data rights
You have rights over your data
- You can request access to, correction of, or deletion of your personal information at any time by emailing support@ticketrecon.com.
- Deletion requests are processed within 30 days.
- California residents have additional rights under CCPA/CPRA, and we honor those.
10
Infrastructure
Built on Google's infrastructure
- Ticket Recon runs on Google Firebase and Google Cloud - the same infrastructure trusted by millions of businesses worldwide.
- Your data is stored in the United States on Google's servers, which carry SOC 2, ISO 27001, and other industry certifications.
11
Policy updates
No surprises in our policies
- If we make material changes to our terms or privacy policy, you get 30 days' notice before they take effect - by email or in the app.
- We review our security and data policies at least once a year.