Security

Your financial data deserves serious protection. Here's how we keep it safe.

Encryption

• All traffic is encrypted in transit with TLS 1.2+.
• Data at rest is encrypted with AES-256.
• Passwords are hashed with industry-standard algorithms — never stored in plain text.

Infrastructure

• Hosted on enterprise-grade cloud infrastructure with 24/7 monitoring.
• Automatic daily backups with 30-day retention.
• Row-level security ensures only you and your team can access your workspace.

Payments

Payments are processed by Stripe, a PCI-DSS Level 1 certified provider. We never see or store full card numbers.

Access controls

• Strict employee access on a need-to-know basis with audit logging.
• Two-factor authentication available on all accounts.
• Session tokens are short-lived and rotated regularly.

Reporting a vulnerability

Found a security issue? Email security@invoxa.app — we respond within 24 hours and credit responsible disclosures.