Logins & Security

Transcript:

I wanted to first start by thanking you for trusting Keystone with your business. We're excited to work with you and we're ready to start the onboarding process.

Before we begin the onboarding, I wanted to let you know what we're going to be asking for and why, as well as the measures that we take to safeguard your information. So, what are we going to be asking for in this checklist?

We're going to be asking for things like your Stripe admin access. We're going to be asking for your Airbnb login, your VRBO login, your Booking.com login.

If you use Hospitable, the PMS login, and then throughout the process, we'll need bank access (read only if possible), however, some banks don't have that ability.

So, why do we need this? The main reason is VR Platform. This is the system that we use to connect Airbnb and Stripe and the PMS to QuickBooks and to make owner reports happen.

VR Platform needs to connect to all these applications, and those connections need certain access for us to make those connections happen.

So, for instance, Stripe, we need admin access in order to connect that. Airbnb needs the main account, it can't be a sub-user, it can't be a co-host account, because all the payment data is actually flowing through that main account.

And if you have multiple accounts, we need all the logins for those. For VRBO, there's no way to add additional users, unfortunately. Booking.com, same thing. Potentially, you can add us as a user, and if you could do that, great. Although, a lot of people, for whatever reason, Booking.com doesn't allow it, because, honestly, that software is not very good. And Hospitable, we need to connect via the main login to VR Platform.

So, not only do we need to make these initial connections, but oftentimes, we'll need to reconnect these - connections break, passwords get changed, software just doesn't work sometimes, so, in order for us to be able to deliver owner statements and financials to you on time, we need to be able to access this, we need to be able to log in to research things, and we need to be able to reconnect when our team is working. 

Next thing is security measures, which is something we absolutely take very seriously. You're going to be uploading everything through the Karbon Portal, which has industry standard protection and security, and I'll link, a little FAQ on the Karbon Portal below.

https://help.karbonhq.com/en/articles/6464974-security-of-karbon-s-client-portal

All of our team members undergo background checks when joining and then all of our employees log in to PracticeProtect (I'll link that below as well) this is our password manager designed specifically for accounting firms.

Think like LastPass or 1Password, just on steroids. So every employee has to log in to Practice Protect when they sign in for the day, and then through platform that they can access these applications.

Only employees working on your account will be able to log in to these applications. They won't see the password, it's a one-click login with an autofill  and oftentimes with a two-factor authentication that goes to a different system. 

Employees have to log in to Practice Protect to start their day and to do their work, and it's geo-locked to their home country, so no one can log in from outside the home country.

Additionally, all logins are stored securely in Practice Protect so that no one else can access it besides our admin team. We  monitor employees' logins and lastly, we can easily remove a terminated employee from all systems with a one-click login.

We're happy to answer any other security questions or concerns about password access. But, I wanted to let you know what we're going to be asking for and why we're asking for that as you start your onboarding journey with Keystone.

Thank you.