Good security is mostly operational discipline. A secure app still depends on clean habits from the person using it.
Treat borrower data as sensitive
Names, balances, phone numbers, and repayment history should only be shared with people who genuinely need them. Keep screenshots and exports to a minimum.
Use trusted devices and browsers
Avoid logging in from borrowed or public devices. If you must, sign out fully afterwards and do not store credentials in the browser.
Watch for operational mistakes
Many security incidents are really sending the wrong link to the wrong person or forgetting to remove old information from a shared file. Double-check before you send.
FAQ
Is emailing a spreadsheet of borrowers a good idea?
Only when necessary and only after removing fields the recipient does not need.