Trust
Security & integrity
An accounting system's first duty is that nobody — including its operator — can quietly rewrite the past. Everything on this page is a behavior enforced in the product's code, described plainly. No badges, no vague assurances.
append-only
The accounting guarantees
The ledger is append-only, and that is enforced in the data layer itself: the database client refuses updates and deletes on journal entries outright, for every code path. A wrong entry is corrected by a reversal — a new transaction with mirrored lines that posts alongside the original, linked to it in both directions, so the history stays complete.
The audit trail
Every transaction carries a createdBy stamp — the user who posted it, or the named token when a machine did. Reversals are labeled as such, record who posted them, and the original keeps pointing at its reversal. What happened, who did it, and how it was corrected are always answerable from the books themselves.
Double-entry, verified twice
A transaction whose debits don't equal its credits cannot be posted — the invariant is checked on every write. And a per-business integrity check re-verifies the whole ledger on demand: total debits equal total credits across every line, and the inventory subledger ties to the ledger balance. The result is a plain Balanced — or a plain warning that it isn't.
owner · accountant
Access is small and explicit
There are exactly two roles. An accountant does the daily work — entries, reports, closing the month. An owner additionally holds the governance actions: reopening a closed month, creating and revoking API tokens, resetting a teammate's password, and creating new businesses. Roles are assigned per business, so being an owner in one venture grants nothing in another.
Per-business isolation
Every account, transaction, journal line, lock, and token belongs to exactly one business, and every query is scoped to the business you are acting in. Ledgers never mix; reports never leak across ventures.
bcrypt · httpOnly
Sessions & credentials
Passwords are stored only as bcrypt hashes — never in plain text, and never recoverable. Signing in sets a single signed, httpOnly session cookie; there are no third-party identity providers involved.
Brute force is throttled
Five failed attempts for an email lock sign-in from that address for fifteen minutes. Changing a password requires the current one and is throttled the same way.
Revocation is instant
Every request re-checks the session against the database, so changing your password — or an owner resetting it for you — signs that user out everywhere, immediately. There is no self-service "forgot password" to be phished: the owner resets a teammate's password directly, which also revokes their sessions.
sha256 · revocable
Machine access answers to the same rules
Systems that post on your behalf authenticate with named API tokens: 32 bytes of cryptographic randomness, shown exactly once at creation. Only a SHA-256 hash is ever stored, so a database copy alone cannot reproduce a working token.
Scoped, logged, revocable
The business a token can post into is fixed by the token itself — never by the request body. Every authenticated attempt lands in a per-run activity log with its outcome and message, and revoking a token cuts off whatever used it immediately. Machine posts go through the same balance checks, period locks, and duplicate guards as a person's.
your database
The operational model, honestly
AktaBook is self-hosted and single-tenant per operator: your deployment serves your businesses and nobody else's. Your financial data lives in the operator's own database — not in a shared cloud service — and can be exported in full, as CSV, at any time.
No trackers, no badges
There are no third-party analytics, trackers, or external scripts on any page — including this one — and your browser is instructed to enforce that: a strict Content-Security-Policy refuses scripts from anywhere but the product itself. And we make no certification claims: what you just read is what the code enforces, which you can hold us to.
Books you can hand to an auditor
Ask us anything about how the ledger protects itself, or sign in to your own.