Breadwinner Security
Many people have questions about Breadwinner and its security. This is most understandable, as we process sensitive financial data. We have designed this FAQ to answer many common questions around our security, our architecture, and our data handling.
Is Breadwinner Secure?
Like all apps on the Salesforce AppExchange, we have undergone the rigorous security review required by Salesforce. As Breadwinner has been listed on the Salesforce AppExchange since 2014, we have gone through this review upon our initial submission, as well as security re-reviews every year.
As well as Salesforce’s own security review, we have also passed security reviews from accounting apps, such as Intuit’s security review.
Can you sign an NDA?
While most businesses do not require an NDA to evaluate or use Breadwinner, we are happy to send you our standard NDA for e-signing.
How long have you been in business?
Breadwinner was incorporated in 2013, and we have had apps on the Salesforce AppExchange since 2013.
Our first finance integration app, Breadwinner for Xero, has been on the AppExchange since 2014. We have hundreds of customers, and our apps have, in aggregate, over a hundred 5-star reviews on the AppExchange.
Who works at Breadwinner
Breadwinner is made up of a team in the US and the UK, which handles sales and operations. Additionally, our engineering team is located in India.
All staff and contractors sign NDA agreements.
How will Breadwinner impact my Company Security?
Breadwinner has historically improved company security. This is because Breadwinner allows companies to tightly limit access to their finance system, while exposing specific Accounts Receivable (and optionally Accounts Payable) data to flow between the Sales and Finance systems.
What is allowed in Breadwinner has been carefully thought out, and our model has been used by hundreds of companies and over thousands of users. For instance, while Breadwinner will allow read-only access to Credit Memos, users cannot create Credit Memos using Breadwinner’s guided wizards; they must instead be created by someone with accounting access or programmatically through the API.
What data do you store?
We do not store any of your data. Your Salesforce data is stored in Salesforce, and your accounting data is stored in your accounting system.
The only data we store is on the users of our software, in order to provide authentication, support, and billing.
What data do you process?
Due to the architecture of Xero, QuickBooks, and NetSuite, middleware servers are required between Salesforce and the respective accounting system. Our custom middleware servers allow the processing of data between the cloud platforms, but these middleware servers only process, but do not store, any data. These servers exist, for example, to convert XML to JSON so that the various systems’ limitations and requirements can be transparently handled.