Security for your financial data
We protect revenue, cash, and accounting data with industry‑standard controls and clear accountability.
Certifications & Compliance
SOC 2 Type II
PlannedFormal audit not started.
GDPR
OngoingWe align our practices with GDPR; DPA available on request.
CCPA/CPRA
OngoingWe align our practices with California privacy requirements.
Payment card handling
In scope via StripeCard data is processed by Stripe; we do not store card data (SAQ A).
Security Measures
Data protection
Encrypted storage
Data at rest is encrypted using industry‑standard AES‑256.
Secure transmission
All data in transit is protected with TLS (1.2+).
Key management
Managed key rotation with least‑privilege access controls.
System reliability
Cloud infrastructure
Highly available infrastructure hosted on AWS.
Data location
Primary hosting on AWS; data residency options available on request.
Disaster recovery
Regular automated backups with documented recovery procedures.
Access controls
Single Sign-On
Use your company's login system for secure access.
Two-factor authentication
Extra security with phone or hardware key verification.
Role-based permissions
Control who can see and change different parts of your data.
Monitoring
Activity tracking
Every action is logged for complete audit trails.
Threat detection
Continuous monitoring to detect and respond to threats.
Security testing
Periodic vulnerability scans and security testing.
Compliance Features
Audit logs
Exportable logs for reviews, vendor assessments, and audits.
Data retention
Set how long to keep data based on your requirements.
Right to delete
Delete customer data when required by privacy laws.
Data agreements
Data Processing Agreements (DPA) available on request.
Business continuity
Documented plans for incident response and recovery.
Background checks
All employees verified before accessing systems.
Data Protection
Your data is protected at every layer
We implement defense-in-depth security with multiple layers of protection to keep your financial data safe.
Data isolation
Each customer's data is separated with unique encryption.
Backup schedule
Regular backups with defined retention policies.
Data export
Export your data in CSV or JSON format anytime.
Vendor security
All partners pass security review before integration.
Security Documentation
Get security documents
Need proof of our security for your vendor review? We provide:
- Security overview and policies
- Vulnerability management summary
- Security questionnaire answers
- Data Processing Agreements
Report security issues
Found a vulnerability? Please report it responsibly. We review every submission.