Your money stays put.
Your data stays private.
Ando Forecast connects to your bank and QuickBooks to read your numbers. That is all it does. It cannot move a dollar, pay a bill, or touch anything. Here is exactly how it works.
The short version: Ando Forecast connects to your bank the same way Mint, Wave, or QuickBooks Cash does. It uses Plaid to pull in read-only transaction data. Your bank login never touches our servers. QuickBooks uses the same model through Intuit's own OAuth system. Everything we store on our end is encrypted at the database level. And because access is read-only, even in a worst-case scenario, no money can be moved.
How your bank connection works
Your bank credentials go to Plaid, not to us.
When you connect a bank account, you enter your username and password directly inside a Plaid-hosted interface. Ando Forecast never sees those credentials at any point. Plaid is the same financial data infrastructure used by Intuit, Robinhood, Betterment, and thousands of other financial apps. They hold SOC 2 Type II certification and are regulated as a financial data aggregator.
What Ando receives from Plaid: transaction history, account balances, and account names. That is the full list. Plaid does not give us the ability to initiate transfers, pay bills, or take any action on your accounts.
QuickBooks uses Intuit's own login system.
If you connect QuickBooks, the login happens entirely on Intuit's servers through standard OAuth. Your Intuit password never leaves Intuit. Ando receives a limited-scope access token that allows it to pull your P&L, balance sheet, and A/R aging data in read-only mode.
The access scope is set by Intuit and cannot be expanded without your explicit re-authorization. You can revoke access at any time from your QuickBooks settings or from Ando's Settings page.
How your data is stored and protected
Access tokens encrypted at rest
The short-lived tokens that allow Ando to pull your data are stored using AES-256-GCM encryption, the same standard used by banks. The encryption key is held separately in a secure environment variable, not in the database. Accessing the database alone gets an attacker nothing usable.
Encrypted in transit, always
All data between your browser, Ando's servers, Plaid, and QuickBooks travels over TLS (HTTPS) with modern cipher suites. This is enforced automatically by Vercel, which hosts the application. There is no plain-text path for your data.
Your data is yours, isolated
Each customer's data is isolated using Row-Level Security at the database layer. One Ando user cannot access another user's data, even in the event of an application bug. Access control is enforced at the database, not just the application.
No data selling, ever
Your financial data is used for one purpose: generating your own insights. We do not sell it, share it with advertisers, or pass it to third parties beyond Plaid and Intuit (which you connected). We make money from your subscription, not from your data.
Common questions
Can Ando Forecast move money or make payments on my behalf?
No. Read-only access means exactly that. Plaid's connection to your bank has no ability to initiate transactions, and Ando does not request that permission. QuickBooks access is also read-only. Nothing in the system can touch your money.
Does Ando store my bank username and password?
No. You enter bank credentials directly in Plaid's interface. They never pass through Ando's servers. What Ando stores is an encrypted access token from Plaid, which represents read-only permission to pull your transaction data.
What happens if I disconnect my bank or cancel my account?
You can disconnect your bank at any time from the Settings page, which immediately revokes Ando's access token. Canceling your account deletes your data from our systems. You can also revoke Plaid's access independently through my.plaid.com.
Who can see my financial data?
You, and Ando's system when generating your insights. Frank Andolina (founder) has admin access and may review data to help troubleshoot or improve the product. We will never share your data with other businesses, competitors, or third parties outside of Plaid and Intuit.
Is this safer than giving my bookkeeper access to QuickBooks?
In most cases, yes. A bookkeeper typically has full read-write access to your QuickBooks. Ando Forecast has read-only access to specific reports. A bookkeeper can create, edit, or delete records. Ando cannot.
What if I have more questions or a security concern?
Email [email protected] directly. Security concerns get a same-day response.
Ready to see your real numbers?
Connect your bank or QuickBooks in under 5 minutes. Read-only, no risk, cancel anytime.