Your data is in safe hands

EazyWaiver uses industry-standard encryption at every layer. Your QuickBooks OAuth tokens are encrypted at rest using AES-256 symmetric encryption (Fernet). Passwords are hashed with bcrypt and are never stored in plain text or recoverable form.

• OAuth tokens encrypted with AES-256 (Fernet) before database storage
• Passwords hashed with bcrypt (cost factor 12) — never reversible
• All communication between your browser and EazyWaiver is over TLS 1.2+
• Generated waiver files stored as encrypted binary content in our database
• Database backups encrypted and retained per our data retention policy

Our QuickBooks Online integration is built on Intuit's official OAuth 2.0 flow — the same standard used by major financial applications. We never see, store, or transmit your QuickBooks username or password.

• OAuth 2.0 authorization — your QBO credentials stay with Intuit
• Minimal scope requested: read access to bill payments, bills, and vendors only
• Webhook signatures verified on every incoming event (HMAC-SHA256)
• Access tokens automatically refreshed and re-encrypted on each use
• You can revoke our access at any time from your QuickBooks connected apps page

EazyWaiver runs on enterprise-grade cloud infrastructure with redundant PostgreSQL databases, automated backups, and continuous uptime monitoring.

• Hosted on Replit's managed cloud platform with automatic scaling
• PostgreSQL database with automated daily backups
• All generated waiver documents stored as binary content in the database — no dependency on ephemeral file systems
• HTTPS enforced across all endpoints; HTTP connections are rejected
• Cache-Control headers prevent sensitive pages from being cached by browsers or proxies

Every meaningful action on your data — waiver generation, sending, signing, deletion, team changes — is recorded in a tamper-evident audit log. You can view your full activity history at any time from your dashboard.

• Per-organization audit log covering all waiver lifecycle events
• Team actions (invitations, removals) are logged and reviewable
• Sync history shows exactly when and how many QBO records were imported
• Signature audit trail for every e-signed waiver (IP, timestamp, method)
• Admins can review activity for their entire organization

Access your audit log from Dashboard → Activity Log or the avatar menu.

You own your data. EazyWaiver respects your right to access, export, and delete your information at any time, in accordance with applicable privacy laws.

To exercise these rights, log in and visit your Profile page, or contact us at privacy@eazywaiver.net.

We take security vulnerabilities seriously. If you discover a security issue in EazyWaiver, please report it responsibly before public disclosure so we can address it promptly.

Send vulnerability reports to security@eazywaiver.net. Please include a clear description, reproduction steps, and the potential impact. We aim to acknowledge all reports within 48 hours and will keep you informed as we work on a fix.

We do not pursue legal action against security researchers who act in good faith and follow responsible disclosure practices.