> ## Documentation Index
> Fetch the complete documentation index at: https://docs.commenda.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Security FAQ

> Frequently asked questions about data security and privacy.

<script type="application/ld+json">
  {`
    {
    "@context": "https://schema.org",
    "@type": "FAQPage",
    "mainEntity": [
      {
        "@type": "Question",
        "name": "How does Commenda protect my data?",
        "acceptedAnswer": {
          "@type": "Answer",
          "text": "Commenda uses industry-standard security practices including encryption in transit (TLS) and at rest, role-based access control, secure credential storage for sensitive information like tax portal passwords, and regular security audits."
        }
      },
      {
        "@type": "Question",
        "name": "Who can see my company's data?",
        "acceptedAnswer": {
          "@type": "Answer",
          "text": "Only people you've explicitly granted access to can see your data: team members with the roles you've assigned, advisor firms linked to your company (only for assigned entities), agent firms working on your service requests (only for assigned work), and Commenda admins for platform support purposes."
        }
      },
      {
        "@type": "Question",
        "name": "How are credentials stored?",
        "acceptedAnswer": {
          "@type": "Answer",
          "text": "Sensitive credentials (like tax portal usernames and passwords, bank account numbers, and government IDs) are encrypted using strong encryption before storage. They are only decrypted when needed by authorized users."
        }
      },
      {
        "@type": "Question",
        "name": "Is my bank account information safe?",
        "acceptedAnswer": {
          "@type": "Answer",
          "text": "Bank connections are handled through Plaid, a trusted financial data platform used by thousands of financial institutions. Commenda never stores your banking login credentials. The connection uses bank-level encryption."
        }
      },
      {
        "@type": "Question",
        "name": "Can I control who accesses what?",
        "acceptedAnswer": {
          "@type": "Answer",
          "text": "Yes. Commenda provides role-based access control with multiple roles (Admin, User, Accountant, Controller, Employee, Custom). You can restrict team members to specific entities and control what data they can view and edit."
        }
      },
      {
        "@type": "Question",
        "name": "How does document access control work?",
        "acceptedAnswer": {
          "@type": "Answer",
          "text": "Documents can be set as private (specific team members), shared (your team and your advisor), or restricted based on the entity they belong to. File-level access control lists give you fine-grained control over who can view each document."
        }
      },
      {
        "@type": "Question",
        "name": "How is Commenda admin access protected?",
        "acceptedAnswer": {
          "@type": "Answer",
          "text": "Commenda staff who access the internal admin console must complete authenticator-app two-factor authentication (TOTP, RFC 6238) on every sign-in. Time-based one-time codes are generated locally on the staff member's device using apps such as Google Authenticator, 1Password, or Authy — codes are not sent over SMS or email. The shared secret is encrypted at rest, each code can only be used once, and a senior administrator can revoke a staff member's enrollment instantly, which immediately invalidates any active session."
        }
      }
    ]
    }
    `}
</script>

<AccordionGroup>
  <Accordion title="How does Commenda protect my data?">
    Commenda uses industry-standard security practices including:

    * Encryption in transit (TLS) and at rest
    * Role-based access control
    * Secure credential storage for sensitive information like tax portal passwords
    * Regular security audits
  </Accordion>

  <Accordion title="Who can see my company's data?">
    Only people you've explicitly granted access to can see your data:

    * **Team members** with the roles you've assigned
    * **Advisor firms** linked to your company (only for assigned entities)
    * **Agent firms** working on your service requests (only for assigned work)
    * **Commenda admins** for platform support purposes
  </Accordion>

  <Accordion title="How are credentials stored?">
    Sensitive credentials (like tax portal usernames and passwords, bank account numbers, and government IDs) are encrypted using strong encryption before storage. They are only decrypted when needed by authorized users.
  </Accordion>

  <Accordion title="Is my bank account information safe?">
    Bank connections are handled through Plaid, a trusted financial data platform used by thousands of financial institutions. Commenda never stores your banking login credentials. The connection uses bank-level encryption.
  </Accordion>

  <Accordion title="Can I control who accesses what?">
    Yes. Commenda provides role-based access control with multiple roles (Admin, User, Accountant, Controller, Employee, Custom). You can restrict team members to specific entities and control what data they can view and edit. See [User roles](/introduction/user-roles).
  </Accordion>

  <Accordion title="How does document access control work?">
    Documents can be set as private (specific team members), shared (your team and your advisor), or restricted based on the entity they belong to. File-level access control lists give you fine-grained control over who can view each document.
  </Accordion>

  <Accordion title="How is Commenda admin access protected?">
    Commenda staff who access the internal admin console must complete authenticator-app two-factor authentication (TOTP) on every sign-in:

    * Codes follow the RFC 6238 standard and are generated locally on the staff member's device using apps such as Google Authenticator, 1Password, or Authy. Codes are never delivered over SMS or email.
    * Each one-time code is valid for a single use within a short time window. Replays are rejected.
    * The shared secret is encrypted at rest, and only the staff member's authenticator app can produce a valid code.
    * A senior Commenda administrator can revoke a staff member's enrollment at any time. Revocation invalidates the staff member's active session immediately and forces them to re-enroll on their next sign-in.
  </Accordion>
</AccordionGroup>
