Security

We take privacy and data security seriously. That’s why we’re committed to protecting your information using the highest standards of security available. Working with Bench gives you peace of mind.

Customer Data Protection

As a SOC 2 compliant business, Bench's security systems ensure protection, availability, processing integrity, confidentiality, and privacy of all our customer data.

Employee background checks

Every Bench employee goes through a rigorous screening process, including multiple interviews and a criminal record check.

Expert help

Each customer’s main point of contact is a dedicated professionally-trained bookkeeper, based in North America.

Meeting or exceeding industry standards

Bench undergoes annual SOC 2 and SOC 3 examinations of our security controls against the AICPA defined standards.

Auditing is conducted by a third party audit firm to assure security of our platform and its supporting infrastructure. Fill out this form to download our most recent SOC 3 report.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Bench and Plaid: The safest way to share your financial information and automate the exchange of information

Connect your accounts with peace of mind We use Plaid, which lets you securely connect your financial accounts to Bench in seconds. This feature saves you the time and effort of manually uploading documents.

Feel secure about your financials Both Bench and Plaid are SOC-2 compliant with security practices that meet or exceed industry standards. Plaid keeps your data safe and private with best-in-class encryption protocols like the Advanced Encryption Standard (AES 256) and Transport Layer Security (TLS).

Always maintaining the safety and integrity of your financial data

Bench upholds appropriate security safeguards designed to protect your information from loss, misuse, and unauthorized access or disclosure, and to ensure its confidentiality, integrity and availability. Our security program accounts for both the sensitivity of the information we process and the current state of technology.

Close and Open IconA graphic of a plus and minus icon that represents the action to close and open.
Service Provider Relationships

All third-party services that could potentially impact the security of our information or customer data are reviewed by our platform team. Bench requires all service providers to agree not to retain, use or disclose personal information for any purpose other than for the specific purpose of performing the services specified in their agreement with Bench.

Close and Open IconA graphic of a plus and minus icon that represents the action to close and open.
Product Security & Privacy by Design

New features, functionality and design changes at Bench go through a security and privacy review process by our teams. Code is tested and is manually peer-reviewed prior to being deployed to production.

Close and Open IconA graphic of a plus and minus icon that represents the action to close and open.
Logging and Monitoring

Our production environment implements a centralized logging and monitoring system to track information pertaining to security, monitoring, availability, access and other metrics about our services.

Close and Open IconA graphic of a plus and minus icon that represents the action to close and open.
System Availability & Network Protection

Our infrastructure systems are fault tolerant and our operations team works continuously to make Bench’s platform a highly available service you can rely on.

We protect the security of our network through the use of software and tools, such as firewalls and load balancers, and we implement multi-factor authentication for all servers across our various environments, including production.

Close and Open IconA graphic of a plus and minus icon that represents the action to close and open.
Data Encryption

All customer data processed by Bench infrastructure is encrypted in transit (with TLS 1.2) and at rest (with AES-256 encryption) using the latest cypher suites and protocols. In addition, we enforce full disk encryption on all corporate devices.

Close and Open IconA graphic of a plus and minus icon that represents the action to close and open.
Confidentiality and Access Controls

Bench employees are subject to written confidentiality obligations and are prohibited from accessing customer data unless absolutely necessary. Our security policies include limiting access to systems only where individual roles require it (least privileged).

Close and Open IconA graphic of a plus and minus icon that represents the action to close and open.
Personnel Practices

Bench conducts background checks on employees appropriate for their responsibilities (with more extensive background checks required for key employees that have elevated privileges), provides ongoing privacy and security training to its staff, and requires employees to read and sign confidentiality and non-disclosure agreements as conditions of their employment.

Close and Open IconA graphic of a plus and minus icon that represents the action to close and open.
Written Information Security Program

Bench maintains an information security program for security, availability, processing integrity, confidentiality and privacy.

Close and Open IconA graphic of a plus and minus icon that represents the action to close and open.
Compliance Certifications

Bench undergoes a SOC 2 Type 2 examination of our security controls against the AICPA defined standards on an annual basis with a third party audit firm to assure security of our platform and its supporting infrastructure. The environment that hosts our services maintains multiple certifications for its data centers, including ISO 27001 compliance, FedRAMP authorization, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and AWS Compliance website.

PCI: Our platform has been deliberately architected to limit the handling of payment card information. We rely on PCI-compliant service providers (Stripe, for example) to process credit card information securely.

View our privacy policy for more in-depth information about how we handle our clients' data

View privacy policy