News? Support?
Just the bookkeeping solution i needed

I've been needing to keep up with my personal finances, but i never got around to it until trying fl...



Depreciable Assets Report now available

Depreciable Assets report now available to flowlog.net members. Please see the full post for further...



*




flowlog Features

 

flowlog is double-entry bookkeeping and accounting, member supported Free Software, primarily geared towards beginners and/or smaller organizations.


Bookkeeping/accounting features currently include; a Books Dashboard that provides a quick, pie graph overview of your books, including account & account category balances, with account percent-of-category. Beginner friendly book, account & entry creation and management. Convenience features to help reduce tedium and complexity, as well as a Trial Balance, Balance Sheet, Income Statement, Cash Flow Statement and Owner's Equity Statement. Additional features, like financial ratios, more reports, payroll, timesheets and employer related taxes are possible, depending on adoption of the current offering.

What other features make flowlog special? Well, flowlog...

books dashboard

Respects your freedom

flowlog source code is released to annually supporting members with full rights under the AGPLv3.

+ details

The four essential freedoms

  • The freedom to run the program as you wish, for any purpose (freedom 0).
  • The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
  • The freedom to redistribute copies so you can help others (freedom 2).
  • The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

Why they matter

Even if you have no intention of setting up your own web server software stack and self-hosting flowlog, thoroughly inspecting the source code, or helping to develop flowlog, by supporting Free Software and flowlog as a member, you help to ensure all it's users' freedoms and the freedoms of future generations of users. This is not just theoretical or ideological. These seemingly esoteric freedoms have concrete, practical implications. We're purposely trying to focus on the positive here, but to be clear, software being closed-source is what allows companies and other entities to subjugate users and keep future generations from being able to learn and break free. With Free Software, if someone doesn't like the direction an application or it's parent organization is taking, they can fork the source code, and do things their own way. This incentivizes the project/parent org to act in the interests of it's users. Assuming adequate adoption, flowlog will also be donating a certain portion of contributions back to the Free Software community at-large, focusing on Free Software (or other F/LOSS advocate orgs) that flowlog and flowlog.net depends on. Thanks for taking a stand for freedom!


agplv3

Respects your privacy

flowlog & flowlog.net have been built, from the begininning, with the members' privacy in mind.

+ details

How flowlog facilitates members' privacy

flowlog/flowlog.net only requires an email address, passsword and public username from members. The email address is used for login/authentication, sending the Email One Time Passcode, password reset and other application notifications. flowlog.net doesn't use it for anything else. Feel free to use the most anonymous email address you can. flowlog.net has no interest in associating your member account with your real identity. That's not what we do here. The public username is used to represent your user account on the public parts of flowlog.net, like in the forum and issues tracker. flowlog.net doesn't have any tracking/analytics scripts. flowlog uses encrypted cookies, served over an A+ grade tls encrypted transport, encrypted session files, as well as other security measuers, to protect your session from snooping. flowlog also offers an Autonomous Account Encryption feature that encrypts your data in the database and only has the decrypt key while you're logged in and have provided it. Please see the Autonomous Account Encryption documentation for further details. Also, we encourage members to use a trustworthy VPN if they don't want their real ip address being logged by any flowlog.net software (nginx). Please see flowlog.net's full Privacy Policy for full privacy details.


no spying

Respects your time

One of flowlog's foundational design goals is to make keeping one's own books as quick and painless as possible.

+ details

How flowlog helps members get their work done.

One of the primary goals that inspired this project is ease-of-use. The whole point of flowlog is that any small business owner/other can learn a few key bookkeeping/accounting concepts and can start keeping their books without having everything memorized like an experienced bookkeeper/accountant might. For instance, flowlog has built-in help text throughout the application. Anywhere you see yellow text, you can hover over it and you will get an explanation. flowlog also makes entering entries easier by "translating Dr/Cr". By this, we mean that flowlog asks if you want to "increase or decrease" an account instead of whether you want to "Debit or Credit" the account. It also still shows the user what an increase/decrease would result in, namely a Dr or Cr. This way, novice users can learn this concept at their own pace without it interfering with the more experienced users' ability to enter a "Debit or Credit" for the given entry item. It can be made even more novice-friendly, if desired, if a bookkeeper or accountant creates the chart of accounts for a user. As long as the user understands how to use said accounts, flowlog can help with the rest. Other ease-of-use features include Automated Book Closing and Automated Book Depreciation. Please see the documentation for details on those features.

This brings us to another important element in respecting the members' time: support resources. flowlog is self-support (no official support staff) by design, as it's intended to be self sustaining, but that doesn't mean members are on their own. There are screencasts, dedicated documentation, an issues (bug and feature requests) tracker and a members' support forum in the support section of flowlog.net. If you are performing a preliminary evaluation of flowlog, please see the How to Get Started page.

One final thing that shouldn't be overlooked or understated is the speed and performance of the application itself. It doesn't matter how nice an application looks or how many features it has, if everytime you try to do something, it takes forever to do it. flowlog goes to great lengths to be as fast and responsive as humanly possible. flowlog utilizes a custom database query/data object caching implementation, php opcode caching, ram cache for compiled views, as well as tls session caching, among other techniques. These optimizations help flowlog.net scale to serve many more members while maintaining excellent performance. Furthermore, you can rest assured, that as flowlog.net grows in membership, we will continue to preemptively prioritize the performance of our hosting hardware and software stack.


hourglass

Respects your choices

flowlog's flexibility increases power for the user without adding complexity or bloat.

+ details

How flowlog addresses disparate use cases in it's design.

flowlog's intent is to enable user power through flexibility, as opposed to having a page, "wizard", or form for every scenario that could possibly be addressed or, conversely, making every choice for users. Bookkeepers and accountants can create, edit and reassign accounts to suit their needs. Any available automation features are voluntary and opt-in. Reports are largely generated by what category your account groups and their child accounts are in, so flowlog doesn't have to be told everything, explicitly, to do it's job. Balances are generated on the fly, based on the current state of your accounts. This simple, largely hands-off approach, means you can keep your books, how you see fit, and flowlog will stay out of the way. This also means novice bookkeepers or those with very minimal requirements can have a very minimalist experience that is easy to conceptualize, while larger orgs or users with tighter or more elaborate requirements should be able to satify those, as well. If not, please let us know.

flowlog also addresses the needs of it's member users with flexible user account roles. flowlog account administrators can create users for the organization and set their access level, per set of books. This allows your account to have editors(bookkeepers), auditors(CPAs, co-workers with read privileges, etc) or no access.

As a web (or server/browser based) application, flowlog is agnostic to the software environment of the client software used to access it. For details, please see the Documentation. flowlog also has a responsive (mobile friendly) theme to allow for using flowlog while you're away from the office.

One way flowlog embraces engagement with it's membership (prerequisite for meeting member needs), is by having a built-in issue tracker for members to report bugs and request new features. Public visitors to flowlog.net can view issues in the issue tracker, so that they can evaluate the state of flowlog development prior to adopting for their organization. flowlog.net also encourages visitors to provide feedback via our feedback forms on this site, while current members can submit special feedback via a feedback form built into the admin section of their flowlog account. If people find value in flowlog, use it, support it and participate, we can improve it together.


flexibility

Respects your budget

flowlog is affordable, even for the smallest organizations.

+ details

How does flowlog approach affordability?

Standard flowlog.net membership is only $15 a month when paying with USD, with discounts of up to 20% available to members paying with Monero/XMR and other accepted cryptocurrencies. Also, one month is free when paying annually. During the beta, financial contribution is completely optional for the first 100 members. If the employer/payroll version is developed and released (dependent on adoption of the standard flowlog offering), we expect it to be ~$30 a month. Members can create as many sets of books in their flowlog.net account as they require, and have as many account users as needed. The membership renewal amount remains the same. flowlog is designed to be low priced and value packed at the same time. As flowlog members support themselves by using the primary documentation and helping each other in the forums, membership contributions can be used for the hosting and development of flowlog/flowlog.net. If time allows, other methods of contributing may be developed and made available. We want flowlog to be affordable enough that a single person enterprise, barely getting started, can afford to use it to keep their books. Thank you for considering flowlog for your bookkeeping/accounting needs!


IT security

Respects your security requirements

flowlog.net understands that security enables all the rest, and takes it seriously.

+ details

What steps have been taken to make flowlog/flowlog.net as secure as possible.

flowlog and flowlog.net are built with the Laravel PHP framework which contains the building blocks flowlog utilizes to protect against the most common classes of application layer threats. For instance, to protect against cross site request forgery, Laravel automatically generates a CSRF token for each active user session managed by the application. This token is used to verify that the authenticated user is the one actually making the requests to the application. Laravel also makes it very easy to protect against cross site scripting with it's templating engine's escape syntax. We simply use this syntax for any data being echo'd from the database, just in case it's malicious. flowlog.net also filters certain riskier user inputs prior to storing. Laravel's Eloquent ORM utilizes PDO parameter binding to protect against SQL injection. This ensures that malicious users can't pass in query data which could modify the query's intent. To protect against session hijacking attacks, Laravel uses encrypted cookies which flowlog.net only serves over grade A+ TLS encrypted transport. This helps to ensure that attackers can't gain access to your session cookie to impersonate you with the application. flowlog.net also forcefully generates a new session id for every login (doesn't allow reuseing previous ones), which is essential to protect against a session fixation attack. flowlog.net & flowlog also utilize Content Security Policy to help protect against cross-site scripting (XSS), clickjacking and other code injection attacks, as well as the compound attacks these could facilitate. Finally, flowlog.net requires easy to use 2nd factor authentication (Email One Time Passcode), hashes members' passwords with bcrypt, and adds simple cookie-based brute force protection to forms.

As previously mentioned, flowlog.net maintains an A+ grade TLS implementation as graded by Qualys SSL Labs. You can view results for flowlog.net here. We try to maintain reasonable support for clients(browsers), but will drop support for older clients when security dictates. Further details regarding TLS implementation are available in the docs. It would be in members' best interests to use a modern, distribution/vendor-supported browser+OS combination. Please see the Software and Hardware Requirements and Recommendations page in the docs for that information.

flowlog.net is hosted on a dedicated server running the Arch Linux operating system with the linux-hardened kernel and other OS level security optimizations. Arch Linux helps with security simply by keeping upstream packages up to date and largely unmodified. This makes security and other bug fixes available very quickly, as well as reducing the opportunity to introduce bugs not found in the upstream package. Arch Linux is also in the process of rebuilding it's packages to provide full (distro wide) ASLR which can protect against a whole class of attacks. Using Arch Linux means we run very recent versions of PHP, Mariadb and Nginx, which are then hand-tuned for performance and security.

Finally, if you find any security vulnerability with flowlog or flowlog.net or just have security related feedback, please submit it using the feedback form, as opposed to the issue tracker. Thanks!


IT security