Security Statement

Security Statement

We are ISO 27001:2022 Certified

We are proud to be ISO/IEC 27001:2022 certified. This is the leading international standard for information security management. 🛡️

What this means for you is that we have implemented a comprehensive Information Security Management System (ISMS) that meets rigorous global standards. This certification demonstrates our commitment to:

  • Protecting your data: We have robust processes in place to identify, manage, and reduce risks to your sensitive information.

  • Continuous improvement: The certification requires regular audits and reviews, ensuring our security practices are always up-to-date with the latest threats and best practices.

  • Upholding trust: It provides independent, expert verification that our security management is comprehensive and follows international best practices.

Essentially, our ISO 27001 certification is your assurance that we take the security and confidentiality of your data very seriously.


Our Data Centres are SOC 2 Certified

The physical security of our infrastructure is critical. That's why our data centre provider is SOC 2 (Service Organisation Control 2) certified.

SOC 2 is a stringent auditing procedure developed by the American Institute of CPAs (AICPA) that ensures service providers securely manage data to protect the interests and privacy of their clients. A SOC 2 report verifies that a company has effective controls in place related to five key principles: security, availability, processing integrity, confidentiality, and privacy.

This certification means that the facilities where your data is stored are regularly audited to confirm they maintain the highest levels of security and operational reliability. This adds another powerful layer of protection for your information.


We Encrypt Your Data In Transit and At Rest

Your data is protected by multiple layers of powerful encryption, both when it's moving across the internet and when it is stored in our systems.

Encryption in Transit All connections between you and our website, our website and your accounting system, and our website and other services we use are secured with encryption that meets bank-level security standards. We utilise industry-standard TLS (Transport Layer Security) to create a secure tunnel that protects your data as it travels. This robust protocol ensures that all transmitted information remains confidential and safe from interception.

Encryption at Rest Our commitment to security continues once your data reaches our servers. All information stored within our databases, backups, and file systems is protected using AES-256 encryption, one of the strongest and most trusted encryption standards in the world. This means that even in the highly unlikely event of unauthorised access to the physical storage, your data would be scrambled, unreadable, and secure.


We Do Not Update Your Accounting System

Our connection to your accounting system is read-only by default. This means we have no general ability to change, edit, or delete your financial records, ensuring your core accounting data remains safe and unaltered.

The single exception is for customers who use our invoice finance services. If you have an invoice finance facility and give us explicit permission, we can write back the necessary transactions to keep your accounts automatically reconciled with your financing activity. This feature is designed to save you time and is the only circumstance under which we write data to your accounting system. For all other services, our access remains strictly read-only.

Furthermore, we never see or store your accounting system password. Instead, we use a secure "token"—a special digital key granted by your accounting provider—that allows us limited access. You are always in control of this key and can revoke it at any time, instantly cutting off our access.


We Keep Your Communications Private

We will never share your communications traffic (emails, SMS messages, or internal notes) with others. Your messages remain private and are protected as we protect our own. We will not disclose your customers' email addresses or contact details to third parties, except as needed to operate our service. See our Privacy & Data Protection Policy and Terms & Conditions for details.