Protecting Your Brand and Business When Working with a VA

Working with a VA means sharing access to your most valuable business assets — your email list, your accounts, your brand voice, your financial data. This article covers the practical protections that let you trust the relationship while protecting the business.

Randall Wood 8 min read
Protecting Your Brand and Business When Working with a VA
Share: X LinkedIn

Protecting Your Brand and Business When Working with a VA

Working with a VA involves sharing things that matter enormously to your publishing business: access to your email platform and the list you've spent years building, your social media accounts and the audience you've cultivated, your website and its content, your publishing credentials and the metadata that determines how your books appear to readers, and in some cases your financial reporting data. Most of this sharing is necessary and appropriate — a VA can't do their job without access to the tools and information their tasks require. The question is how to structure that access so that the relationship is productive and trusting while the business is genuinely protected against the things that can go wrong.

The protections described in this article aren't expressions of distrust toward your VA. They're the standard practices of a well-run business — the same practices you'd apply regardless of who you're working with, because the risks they address aren't primarily about individual bad actors but about accidents, misunderstandings, security breaches, and the natural complications that arise when any professional relationship eventually ends. A VA who works within a well-structured access and agreement framework is protected by that structure as much as the author is.

The Written Agreement

Every author VA relationship — regardless of how it started, how much you trust the VA personally, or how informal the working arrangement feels — should be governed by a written agreement. This doesn't need to be a long or complex document, but it needs to exist, be signed by both parties, and cover the basic terms of the relationship.

Scope of work

What tasks the VA is hired to perform, stated specifically enough that both parties know what's in scope and what isn't

Rate and payment terms

Hourly rate or per-project fee, how and when invoices are submitted, when payment is due, and the method of payment

Hours and availability

Expected weekly hours, how schedule flexibility works, notice required for changes to availability

Confidentiality

A statement that the VA agrees to keep confidential information about your business — your income, your marketing strategies, your reader list, your unpublished manuscripts — private during and after the engagement

Intellectual property

Any work product created by the VA in the course of their duties is owned by you, not the VA — this matters for social content, marketing copy, SOP documents, and any other original material they create

Data handling

How the VA handles any personal data they have access to (subscriber information, reader contact details) in compliance with applicable privacy regulations

Termination

Notice period required by either party to end the relationship, and what happens to access, files, and outstanding invoices upon termination

If you're using a service like Author Anchor, much of this structure is handled through the platform's own agreements. If you're hiring a VA directly through a freelancer platform, the platform's standard contract may cover some but not all of these elements. Supplement it with a simple written addendum covering anything the platform agreement doesn't address.

⚠ This article provides a framework for thinking about VA agreements, not legal advice. The specifics of what's legally enforceable in your jurisdiction, how your situation is classified under local employment and contractor law, and whether your agreement adequately protects your specific interests are questions for an attorney familiar with your circumstances. If your VA relationship involves significant income, access to large subscriber lists, or sensitive unpublished work, the investment in a proper legal review is worth making.

Confidentiality and NDAs

A Non-Disclosure Agreement (NDA) is a specific type of confidentiality agreement that legally prohibits a party from sharing defined confidential information with third parties. For most author VA relationships, a confidentiality clause within the broader service agreement is sufficient — a standalone NDA is more appropriate when the VA will have access to genuinely sensitive pre-publication material (unannounced book titles, unreleased manuscript content, strategic business plans) or when your income level makes the financial information your VA encounters worth protecting more formally.

What does belong in every VA agreement is a clear confidentiality statement covering your subscriber list data, your royalty income, your unpublished manuscripts, your marketing strategies, and any reader personal information the VA handles. A VA who publicly discusses your income or shares early access to your manuscript content — even unintentionally, in a professional context — is causing real harm to your business. The written agreement makes clear that this is expected to remain private.

Access Control: The Principle of Least Privilege

The most practical security principle for author VA relationships is least privilege: give your VA access to exactly what they need to do their job, and nothing more. This isn't about distrust — it's about limiting the blast radius of any mistake or security incident. A VA who only has editor access to your WordPress site can't accidentally delete your entire site. A VA who only has campaign manager access to your email platform can't accidentally delete your subscriber list. A VA who doesn't have access to your PayPal account can't make unauthorized transactions.

Map your VA's access grants against this principle for every system they touch:

  • Email platform: editor or campaign manager role, not admin. Can create and send campaigns, cannot delete the account or access billing

  • Social scheduling tool: poster or editor role, not admin. Can create and schedule content, cannot add or remove users or access billing

  • WordPress: editor role, not administrator. Can publish and edit content, cannot install plugins, change themes, or access user management

  • Canva: contributor or editor in your team or brand kit. Can create and edit designs, cannot access billing or account settings

  • BookFunnel / StoryOrigin: author account access scoped to ARC and delivery management. They do not need access to your payment settings

  • ScribeCount: reader or analyst access to your dashboard. They need to see your data for reporting; they do not need to be able to modify your account settings or connected platforms

What Never to Delegate

Some access should never be shared with a VA regardless of how much you trust them, how long you've worked together, or how much more convenient it would be. These are the accounts where an error — even an innocent one — could cause catastrophic and potentially irreversible harm.

  • Your KDP account admin access: your publishing account, your bank account connection, your pricing and rights settings. Metadata changes can be prepared by your VA and implemented by you. Your VA should never have primary admin credentials to your KDP account

  • Your PayPal, Stripe, or any payment processing account: your financial accounts are not VA territory. Royalty reporting is one thing; access to the accounts that process and hold your income is categorically different

  • Your domain registrar and hosting control panel: if compromised, these can result in your website being redirected or taken down entirely. Your VA can work within your website's CMS; they don't need access to the infrastructure underneath it

  • Your primary email account (as distinct from your author email alias): your main personal email may contain communications from your agent, publisher, attorney, or financial institution that have nothing to do with your VA's work and shouldn't be accessible to them

  • Any account connected to your personal identity verification: two-factor authentication apps, government ID verification systems, banking apps

Password Management Security

A password manager is the only secure way to share account credentials with a VA. Sharing passwords through email, text, or chat creates an unmanaged trail of sensitive information that can be accessed by anyone who has access to those messages, cannot be easily revoked without changing the underlying password, and creates compliance issues for any accounts with data privacy obligations.

  • 1Password for Teams, LastPass Business, and Bitwarden are the standard options — all allow you to share specific vault items with your VA without revealing the underlying password, and to revoke access without changing the password

  • When a VA relationship ends, revoke their access in the password manager immediately — before the exit conversation if possible, or at the same time if not. Do not rely on the VA proactively stopping access to accounts after the relationship ends

  • Change any credentials your VA had visibility of through channels other than the password manager — if you ever sent a password by email or text, change it when the relationship ends regardless of how the exit went

  • Conduct a quarterly access audit: review which accounts your VA can access, confirm the access level is still appropriate for their current scope, and revoke any access that's no longer needed

Exiting a VA Relationship Cleanly

Even the best VA relationships eventually end — the VA moves on, your business needs change, the scope of work no longer fits. A clean exit protects both parties and prevents the kind of lingering access or disputed ownership that creates problems afterward.

  • Revoke all system access at the time of the exit, not after — use your password manager to remove them from shared vaults, remove them from your task management system, revoke their access to your email platform and social scheduling tools

  • Retrieve any files, documents, or assets that exist only in the VA's personal accounts or on their personal devices — your SOPs, your brand guide, your tracking sheets should all live in your shared systems rather than on your VA's personal hardware

  • Settle all outstanding invoices promptly — a VA who is owed money and doesn't receive it in a timely way from an author they've shared access to has legitimate grievance

  • If the exit is amicable, consider asking whether they'd be willing to provide a transition period — a few weeks of overlap while you're searching for a replacement, or a willingness to answer questions about ongoing projects they were managing


Conclusion

The protections covered in this article aren't obstacles to building a trusting VA relationship — they're the foundation that makes genuine trust possible. An author who has clear agreements, scoped access, and documented systems can extend real professional trust to their VA, knowing that the relationship has the structure it needs to weather the complications that arise in any working relationship. A VA who works within that structure knows exactly what's expected and what they're responsible for. That clarity benefits both parties and produces better working relationships than either ambiguity or excessive informality. The next article covers one of the most interesting developments in author VA work: how VAs and AI tools are beginning to work together.

Hello, I'm Randall Wood. When I'm not pounding the keyboard or entertaining my giant dog I like to build tools for my fellow indie authors. In these articles, you'll find lessons learned over sixteen years spent in the indie author world. I share it all here to help you get one step closer to where you want to be.— Randall



Share this article: X LinkedIn
#AuthorVA #IndieAuthor #SelfPublishing #ScribeCount #AuthorSecurity #VAContract #VirtualAssistant #IndiePublishing #AuthorBusiness #VAProtection

Ready to Take Control of Your Author Career?

Join thousands of authors who trust our platform to manage their sales, streamline their reporting, and focus on what they love—writing!

Start Your 14-Day Free Trial