Every number Rocovit produces is traceable to its source. Every action is logged. Every file is protected.
All data transmitted to and from Rocovit is encrypted using AES-256 encryption - the same standard used by global financial institutions. Data at rest is encrypted before it is written to disk. No unencrypted data ever leaves our infrastructure.
AES-256-GCM - TLS 1.3 in transit - Encrypted at rest
Every accounting firm on Rocovit operates in a completely isolated environment. Your client data is never commingled with another firm's data. Database-level isolation means one firm cannot access, query, or affect another firm's records under any circumstance.
Tenant-level database isolation - No shared data stores
Every allocation, journal adjustment, disclosure change, and export is logged with a timestamp, user identity, and before-and-after record. This is not just a security feature - it is your professional protection. If a financial statement is ever challenged, Rocovit gives you the complete documentation trail to defend every number.
Immutable logs - Timestamped - User-attributed - Exportable
Financial records are retained for seven years in line with regulatory requirements across our operating markets. You can access any prior year engagement at any time. When you need to delete data, submit a deletion request and it will be processed within 30 days.
7-year default retention - 30-day deletion processing - WORM-compliant storage
When you sign off on a client's financial statements, your professional licence is on the line. Rocovit's immutable audit trail gives you the documentation to defend every number - the source transaction, the allocation decision, the schedule it mapped to, and the accountant who reviewed it. Every step. Every time.
"What used to take our team the better part of two weeks now takes a single morning. More importantly, we can now show exactly how every number was derived - something we could never do before."
AUDIT FIRM - LAGOS, NIGERIA
Rocovit is built to meet data protection requirements across every market we serve.
Rocovit complies with the NDPR administered by the Nigeria Data Protection Commission. All personal data of Nigerian data subjects is processed lawfully, stored securely, and never transferred outside approved jurisdictions without adequate safeguards.
Rocovit meets POPIA requirements for any South African data subjects whose information is processed through the platform. We maintain the eight conditions for lawful processing and have appointed an Information Officer as required.
Rocovit complies with GDPR requirements for any EU-based data subjects. We maintain a lawful basis for all processing, honour data subject rights including access and deletion, and implement privacy by design across the platform.
Rocovit is currently undergoing SOC 2 Type II certification - the gold standard for SaaS data security trusted by enterprise accounting firms worldwide. Certification is expected in Q3 2026. Current security controls meet SOC 2 requirements in practice.
Rocovit collects the financial data you upload or connect - bank statements, ledger exports, and prior year statements. We also collect account information for login and billing. We do not collect data beyond what is necessary to deliver the service.
We never sell your data or your clients' data to any third party. We never use your client financial data to train AI models. We never share engagement data between firms. Your data is yours.
You can request a full export of your data at any time. You can request deletion of your data and it will be processed within 30 days. You can request details of what data we hold about you. Contact privacy@rocovit.com for any data request.
See what Rocovit does in under 3 hours.