Security, in plain terms
Last updated: July 2026
No passwords
Flishbook doesn't use passwords. You sign in with a one-time code sent to your e-mail: you enter it, your session opens, and the code expires right away.
The result: there's no password to steal, reuse or forget. A password leak on another site doesn't expose you here, because there isn't one.
Your sessions stay under your control. At any time you can revoke access across all your devices: open sessions are invalidated and a fresh sign-in by code is required again.
You don't move money here
Flishbook is a ledger, not a payment service. The app works out who owes what to whom; it doesn't move any funds and doesn't stand in for a bank.
In practice, no financial flow passes through Flishbook. So we store no card number, no IBAN, no bank details: there's simply nothing of that kind to protect.
When it's time to settle up, you do it through your usual means, then record the payment in the app. Balances update; the money stays with you.
Every action is logged
Anything that touches the accounts is written to a dated audit log: an expense added, a payment confirmed, a correction, a contribution called, a project closed.
The log shows who did what and when. Corrections don't rewrite the past: the original entry stays visible, and a counter-entry corrects it.
For a group, a shared flat or an association, this traceability is the best cure for misunderstandings: the ledger is the record, with no grey areas.
Your data, your rules
Your data belongs to you. You can export all of your entries as CSV, to archive them or open them in a spreadsheet.
Deleting your account anonymises your identity while preserving the group's accounting balance: the other members' balances stay correct, but your name disappears from the entries.
For any access, correction or deletion request, write to us at hello@flishbook.com. We handle these requests in line with applicable law.
No ads, no tracking
Flishbook shows no ads and embeds no advertising trackers. Your financial activity is not a product we resell.
We don't resell your data and don't share it for commercial purposes. Our model rests on the pay-what-you-want flish+ subscription, not on mining your privacy.
The data we handle is limited to what makes the service work: your declared identity, your e-mail, your expenses and your balances.
Hosting & backups
Flishbook is built in Switzerland by Humanee Sàrl, in Vevey. The service relies on established cloud providers, including Supabase for the database, Stripe for subscription payments and Resend for sending e-mails.
Your data is backed up regularly so it can withstand a technical incident and be restored.
No system is unbreakable, and we'll never claim otherwise. Our commitment is concrete: shrink the attack surface (no passwords, no bank details), log actions, and stay honest about what we do with your data.