We take security seriously. Here's how we protect your data.
All sensitive data encrypted using AES-256-GCM
Per-tenant encryption keys
Keys rotated regularly
All connections use TLS 1.3
Certificate pinning for API calls
HTTPS enforced everywhere
Row-Level Security (RLS) - Database enforced isolation between tenants
Role-based access - Users only see data they're authorised to access
OAuth scopes - Minimal Xero permissions requested
Hosted on SOC 2 compliant infrastructure
Regular security audits
Automated vulnerability scanning
DDoS protection
We only store what's necessary:
Bank details are masked (only last 4 digits)
Full details are never permanently stored
Logs are retained for limited periods
