Security
Security overview
Last updated · May 14, 2026
Security is foundational at Playbook. We handle bank-level financial data, and we treat it that way. Here is an overview of our security practices.
Your financial data is secure
We have read-only access to your financial data. In other words, we cannot debit, credit, or transfer money to and from your accounts. Playbook does not store or have access to your banking credentials. We use a trusted partner, Plaid, as our data aggregator to provide financial data securely. Stripe and QuickBooks are connected with read-only OAuth scopes, so we can see what's there but cannot change it.
Your data is protected
Sensitive and private information stored in our database is encrypted and only accessible with a secret key. If someone obtained access to the database, they would not be able to read any private data. The database is also encrypted at rest, so any backups are encrypted and only accessible to designated administrators. Whenever your data is in transit between you and us, everything is encrypted and sent over HTTPS.
Your data is yours
We never sell or trade your data. We don't show targeted ads. Your information stays with Playbook, full stop.
No passwords to leak
Playbook uses passwordless sign-in. We send you a one-time magic link by email instead of asking you to create a password. There is no password for us to lose, and nothing for an attacker to phish or reuse from another breach.
Our AI doesn't learn from you
The Playbook assistant uses Anthropic under API terms that prohibit training on customer data. Your prompts, your books, and the answers the assistant gives you are not used to train any model.
Our subprocessors
Playbook uses the following third-party services to run our applications:
- Plaid. Bank account data.
- Stripe. Customer and subscription data, and payments for Playbook.
- Intuit. QuickBooks Online accounting data.
- Slack. Alert delivery for customers who connect Slack.
- Anthropic. AI assistant.
- Hetzner. Application hosting.
- PlanetScale. Managed database.
- Sentry. Error monitoring.
- Cloudflare. DNS and edge network.
Reporting a vulnerability
If you believe you have discovered a vulnerability, please email support@onplaybook.com with a description of the issue, steps to reproduce, and any logs or screenshots that helped you find it. We'll acknowledge your report as quickly as we can and work with you on a fix.
Contact
If you have any questions about security at Playbook, please reach out at support@onplaybook.com.
Questions? Email support@onplaybook.com.