Built on a foundation of security
DocGenie was designed around the security posture practices need when handling client banking documents. The principles behind it, and the controls that follow.
Practices that handle client banking documents don’t need security as a feature. They need it as a baseline. DocGenie was built to that baseline from the first commit, and this post covers the principles behind it. For the specific protocols, and how each one maps to a real attack surface, see Bank-level security for client financial documents.
Secure by default, not bolted on
The alternative to building security in is adding it later, once it’s too expensive to retrofit. So DocGenie’s code, infrastructure, and access patterns carry security defaults at every layer. That constrains what ships. It also speeds up what’s safe to ship.
OAuth, not shared credentials
This is the decision that matters most. Clients authorize access through their institution’s own flow, and the bookkeeper never holds or handles the credential. Where the bank supports direct authorization, the password never leaves the client; where it doesn’t, it’s stored encrypted under a key unique to your firm and deleted the moment you revoke. Access is revocable any time, without a call to the practice.
That one choice removes the biggest operational risk in the whole category: client passwords sitting in a shared password manager, an email thread, a sticky note on a monitor.
Delivery into storage you already control
DocGenie doesn’t keep client documents in a data lake of its own. Files land in the cloud storage your firm already runs (Google Drive, OneDrive, Box, Dropbox), under the access controls you already manage. The working copy of a client’s records stays where your governance already applies.
Smaller blast radius. That’s the point. A compromise at any one layer doesn’t unlock the rest of the chain.
SOC 2 aligned
DocGenie is aligned to the SOC 2 framework: documented controls and role-scoped access, designed in from the start rather than retrofitted to pass a review.
Aligned, not certified. The distinction matters, so we’re explicit about it: we follow the framework’s controls, and we have not yet completed a Type II audit. That work is in progress.
The unglamorous layers
Prevention is only part of it. Infrastructure gets scanned for vulnerabilities on a schedule. Engineers get alerted to anomalies. Staff pass background checks. Access gets reviewed quarterly. And a cyber liability policy sits underneath all of it as a backstop, not a substitute: the order is prevent, detect, respond, then recover, and insurance only covers the last step.
Most of this is table stakes for anyone handling client financial data. We spell it out because the industry norm for security disclosure is a check mark on a marketing page, and naming the actual work seems more useful.
The questions that separate serious tools
Security posture is legible mostly after something has already gone wrong. The decisions that determine how a system behaves under stress get made during the build: authorizing access without asking clients to share passwords, delivering into your storage instead of ours, aligning to SOC 2 from the start.
So if you’re weighing DocGenie against other tools, ask each one the same three questions. Where do the client’s banking credentials live? Where do the retrieved documents live? Is the access read-only? The answers sort the operationally serious from the rest.
Frequently asked questions
Where do the client’s banking credentials live?
With the client, not the practice. The client authorizes each connection through their institution’s own flow, and the bookkeeper never holds or handles the password. Where the bank supports direct authorization, DocGenie receives a read-only token and the password never touches DocGenie’s systems. Where it doesn’t, the credential is stored encrypted with AES-256-GCM under a key unique to your firm, and deleted the moment you revoke.
Where do the retrieved documents live?
In the cloud storage your firm already runs: Google Drive, OneDrive, Box, or Dropbox, under the access controls you manage. DocGenie keeps no data lake of its own, so a compromise of one layer never unlocks the rest. Files move over TLS 1.3 in transit and sit encrypted at rest, then land where your governance already applies.
Is the access read-only?
Yes, in both connection modes. Access is scoped to retrieving documents and cannot move money or change account settings. Where the institution supports direct authorization, DocGenie holds only a read-only token; where it stores a credential, that credential is limited to document retrieval. Read-only is the design, not a setting you have to switch on.
For the technical depth on each layer, see Bank-level security for client financial documents.
Stop chasing this month's statements.
Free for 2 connections, 3 credits a month — enough to pull Amazon and Capital One every cycle. No card.