Security Model
Keep authentication, organization scoping, provider keys, and parser access explicit.
Better Accountant treats accounting state and source evidence as sensitive workspace data.
Security controls belong in the backend, not only in the interface.
Core controls
| Control | Enforcement point |
|---|---|
| Authentication | Better Auth with Convex-backed user resolution. |
| Organization scope | Convex queries, mutations, and actions. |
| Provider secrets | Encrypted before storage and only used server-side. |
| Parser access | Shared-secret protected service endpoints. |
| File source allowlist | Parser downloads only from allowed storage hosts. |
| Runtime validation | Convex validators and domain checks before state changes. |
AI permissions
AI-assisted tools should be evaluated before they mutate accounting state. High-impact or amount-bearing actions require approval boundaries appropriate to the user role and risk.