Your business data, handled with care.
Still holds some of the most sensitive parts of your business — your numbers, your documents, your channel connections. Here is exactly how they are protected, in plain English.
Your accounts connect through tokens you control — never your passwords
Amazon, Shopify, Etsy, Square and more connect over their own official OAuth sign-in; others through scoped API tokens you generate. Either way, Still holds a credential you can revoke from the provider at any time, and your store and bank passwords never touch Still.
Sensitive data is encrypted at rest
Channel credentials and your most sensitive files — W-9s, SSNs, receipts, partner documents — are encrypted with AES-256-GCM before they are stored, and decrypted only in the moment you open them.
Your business is isolated from every other
Every record is scoped to your business with per-tenant, default-deny row-level security in the database. A build-time guard blocks any query that isn't tenant-scoped from ever shipping — isolation is enforced by the system, not left to discipline.
Payments are handled by Stripe
All billing runs through Stripe. Your card details go straight to Stripe and are never seen or stored by Still.
You can leave at any time
Disconnect a channel, export your full books to your accountant's format, or request deletion whenever you want. Month-to-month, no contract, and a 30-day money-back guarantee.
What we don't claim
Still is early. We don't have a SOC 2 report or a completed third-party penetration test yet, so we don't display badges for them. When we've earned those, they'll appear here — not before. Until then, the founder answers your security questions personally.
Still is operated by House of Troy Enterprises LLC. See our Privacy Policy and Terms.