Security you can trust
Your financial data deserves the highest level of protection. We've built Invoicepipe with security as a foundational principle.
Encryption at rest and in transit
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Your sensitive financial information is protected at every layer.
Least-privilege access
We only request the minimum permissions needed to capture your invoices. Email scanning is read-only—we never send emails or modify your inbox.
Audit trails
Every action is logged with timestamps and user attribution. Export comprehensive audit logs for compliance reviews and internal audits.
SOC 2 Type IIIn progress
We are actively working toward SOC 2 Type II certification. Our security practices are built to meet enterprise compliance requirements.
Role-based access control
Define who can view, edit, or export invoices. Separate permissions for team members, managers, and administrators.
Secure credential storage
API keys and OAuth tokens are encrypted using industry-standard key management. We never store plaintext passwords.
Compliance-ready infrastructure
We understand that finance teams operate under strict compliance requirements. Our infrastructure is designed to support your audit and compliance needs.
- SOC 2 Type II certification in progress
- GDPR-compliant data handling
- Regular third-party security assessments
- Comprehensive audit logging
- Data retention policies aligned with regulations
SOC 2 Type II
Certification in progress
We are actively working toward SOC 2 Type II certification. Contact us for our current security documentation.
Our data practices
Minimal data collection
We only collect the data necessary to provide our service. Invoice data is processed and stored with purpose limitation in mind.
No data selling
We never sell your data to third parties. Your financial information is yours and stays yours.
Data portability
Export all your data at any time in standard formats. You're never locked in.
Have security questions?
We're happy to discuss our security practices in detail, provide documentation, or schedule a call with our security team.