ComplianceLive

Security & Access (2FA, RBAC, API keys)

Enterprise-grade security for a startup-grade subscription.

Two-factor authentication (TOTP), role-based access control, API keys with rotation, audit log per access, MFA enforcement, session management, secure password reset, encrypted at rest, RLS at the database.

In short

AccountsOS security includes: two-factor authentication (TOTP), role-based access control per trading entity, API keys with rotation and revocation, full audit log per access, MFA enforcement option, session management, encrypted-at-rest data, and database-level row-level security (RLS) so cross-entity data leakage is impossible.

2FA
TOTP
RLS
DB-level
API key
Rotation
Try Security & Access (2FA, RBAC, API keys) Free

Free during Early Access β€” no credit card required

Everything Security & Access (2FA, RBAC, API keys) can do

Authentication

  • Two-factor (TOTP) toggle
  • MFA enforcement option
  • Strong password policy
  • Secure password reset
  • Session management

Authorisation

  • Role-based access per trading entity
  • Team member invites with scoped roles
  • Audit log per access
  • Authorised email forwarder allowlist

API & MCP

  • API keys with rotation
  • Per-key audit log
  • Read-only MCP mode option
  • Rate limits per key

Data protection

  • Encrypted at rest
  • RLS at the database (no cross-entity leakage)
  • HMRC-compliant 6+ year retention
  • Account deletion with proper cascade

Capabilities at a glance

Two-factor authentication (TOTP)

MFA enforcement option

Role-based access control

API key rotation + per-key audit

Read-only MCP mode

Authorised forwarder allowlist

Encrypted at rest

Row-level security per trading entity

Account deletion cascade (true delete)

How It Works

1

Enable 2FA

Settings β†’ Security β†’ Enable 2FA. Scan a QR with your authenticator.

2

Invite team

Per-entity invites with scoped roles.

3

Manage API keys

Settings β†’ API Keys β†’ create, rotate, revoke.

4

Audit

Settings β†’ Audit Log β€” every access and change.

Real-world Use Cases

Multi-director security

Both directors require 2FA. Roles scoped per entity.

Read-only MCP for Claude Desktop

Generate a read-only API key for AI assistants β€” they can read but never write.

Departing team member

Revoke their access in one click. Audit log shows what they did before leaving.

Why founders pick this over the spreadsheet

Enterprise security defaults

RLS means accidents can't leak between entities

API keys are scoped + revocable

Audit log makes review trivial

Frequently Asked Questions

Can I enforce 2FA for my team?

Yes β€” MFA enforcement option in Security settings makes 2FA mandatory for every member.

How does row-level security work?

At the database (Postgres RLS) β€” every query is scoped to the active trading entity. A user cannot read another entity's data even by SQL injection or accidental query.

Are API keys scoped?

Yes β€” per-user, per-purpose, with rotation and revocation. Read-only mode available for AI/MCP keys.

Encrypted at rest?

Yes β€” managed Postgres with encryption-at-rest by the provider, plus encrypted backups.

What happens when I delete my account?

True cascade delete β€” all your trading entities, transactions, documents, settings and team invites are removed. We retain only what HMRC retention requires.

Explore more of AccountsOS

Audit Trail

Every change. Every actor. Every time.

Multiple Trading Entities

Run multiple businesses without paying for multiple accounting subscriptions.

Claude Desktop & MCP

Your books inside the AI assistant you already use.

Email Forwarding & Team Allowlist

Forward to documents@accounts-os.com β€” receipts, invoices, statements all flow in.

Ready to try Security & Access (2FA, RBAC, API keys)?

Get started with AI-powered accounting for your UK limited company.

Get Started Free

Free during Early Access β€” no credit card β€” cancel anytime