Wesley Trust CenterReviewed April 2026

Security evidence for accounting data.

Review how Wesley protects client books, financial connections, uploaded documents, and AI-assisted bookkeeping workflows. The packet is built for buyer security reviews, partner diligence, and client-facing answers.

Request security packetView controls

Security review workspace

Evidence packet, access notes, and readiness status

Security overviewPublished
AI data handlingPublished
SOC 2 evidence inventoryPreparing

Security packet

Available

Core review documents for buyers and customer teams

AI data handling

Documented

How client records are used in assisted workflows

SOC 2

Readiness path

No attestation badge shown until audit completion

Documents

The review packet buyers ask for first.

Security review works best when the core documents are easy to find, current, and honest about what is complete versus still in progress.

Security overview

Program summary for application, infrastructure, access, auditability, and recovery controls.

Public

AI data handling

Use of customer data in extraction, categorization, review, and model-provider workflows.

Public

Access control summary

Firm roles, client isolation, support access expectations, and staff permission boundaries.

Public

Subprocessor list

Infrastructure, authentication, storage, analytics, payments, banking, accounting, and AI vendors.

Public

Incident response policy

Severity levels, owners, escalation path, customer communication, and post-incident review.

Under NDA

DPA and retention details

Data processing terms, deletion workflow, backup-aware retention, and export expectations.

Under NDA

Controls

Mapped to the concerns that slow a deal.

Each control area names what the buyer is trying to verify and the evidence Wesley can provide during review.

Encryption and transport

Application traffic is served over HTTPS. Managed storage and database services provide infrastructure-level protections for records and files.

Evidence: Security overview, infrastructure inventory

Access control

Firm roles, client-level scoping, staff permissions, and support access boundaries keep sensitive work limited to approved users.

Evidence: Role matrix, access-control summary, audit logs

Audit trail

Sensitive bookkeeping actions can be reviewed with actor, entity, request, before and after values, and timestamp context.

Evidence: Audit-log schema, product screenshots

Human review

AI-assisted extraction and categorization are designed around visible suggestions, evidence, review decisions, and traceable outputs.

Evidence: AI data policy, reviewer workflow

Backup and recovery

Managed database and file infrastructure support recovery needs for long-lived accounting records and customer workspaces.

Evidence: Infrastructure summary, retention statement

Security operations

The program defines incident ownership, severity review, customer notification paths, and corrective-action tracking.

Evidence: Incident response policy, readiness checklist

Data Flow

Follow the record from source to reviewed output.

Security review gets concrete when it shows where data enters, who can access it, what AI can assist with, and where the final accounting output is recorded.

Source data

QuickBooks, Plaid, Stripe, PDFs, CSVs, client portal uploads

Connection scope, file access, source provenance

Workspace boundary

Firm roles, client workspaces, staff permissions

Least-privilege access and client-level isolation

AI-assisted review

Extraction, classification, matching, exception review

Visible suggestions and human approval before sensitive outputs

Accounting outputs

Journals, reports, exports, requests, close work

Audit records, reviewer decision history, export trail

Subprocessors

Grouped by the work each provider supports.

The list is intentionally organized by buyer impact, not vendor trivia. Customers can request the latest subprocessor details during review.

Authentication

Clerk

Sign-in, identity, organization membership, session handling

Infrastructure

Vercel, Supabase, Upstash

Application hosting, database, file storage, cache and queue support

Financial connections

Plaid, Intuit QuickBooks, Stripe

Banking, accounting, and payment integration flows

AI providers

OpenAI, Google AI services

Document extraction, classification, reconciliation, and review assistance

Communications

Email and notification providers

Client requests, product alerts, onboarding, and support communication

Attestation

Clear status without borrowed credibility.

Wesley does not display AICPA, SOC 2, or auditor marks until an audit is complete and the mark can be used correctly. Today, the security signal is a documented program and a clear readiness path.

Security packet

Published

Available for buyer and client security review.

Evidence inventory

Preparing

Control owners, evidence sources, and review artifacts are being organized.

SOC 2 Type I audit

Next

Begins after the readiness review is complete.

SOC 2 Type II observation

Later

Follows once the relevant controls are operating over time.

Current SOC 2 status: evidence inventory is in progress. No attestation badge is shown yet.

Security review

Request the security packet.

For buyer diligence, partner review, or client-facing security questions.

Request packetPrivacy policy