Trust & Security

Security at SmartInvoice

Your financial data deserves enterprise-grade security. Here's how we protect it.

GDPR Compliant

Full compliance with EU data protection regulations

SOC 2 Type II

Via Google Cloud Platform infrastructure

ISO 27001

Information security management certification

PCI DSS

Payment Card Industry Data Security Standard (via Stripe)

How We Protect Your Data

Security isn't just a feature—it's built into every layer of our platform.

Encryption at Rest & Transit

All data is encrypted using AES-256 encryption at rest and TLS 1.3 in transit. Your documents are protected from the moment they leave your device.

SOC 2 Type II Infrastructure

We use Google Cloud Platform, which maintains SOC 2 Type II, ISO 27001, and PCI DSS compliance. Your data is stored in enterprise-grade data centers.

Secure Authentication

Firebase Authentication with support for email/password, Google SSO, and multi-factor authentication. Session tokens expire automatically.

Access Controls

Role-based access control (RBAC) ensures users only see data they're authorized to access. All access is logged and auditable.

Document Lifecycle

Uploaded documents are processed in isolated environments and automatically deleted after 30 days. You can delete data at any time.

Employee Security

All employees undergo background checks and security training. Access to production systems requires approval and is logged.

How Your Documents Are Processed

Secure Upload

Your document is encrypted using TLS 1.3 before it leaves your device. It travels through secure channels to our servers.

Isolated Processing

Each document is processed in an isolated container. Your data never mixes with other users' data. AI processing happens in secure Google Cloud environments.

Encrypted Storage

Extracted data is encrypted with AES-256 and stored in Firestore. Original documents are kept temporarily and automatically deleted after 30 days.

Your Control

You can export or delete your data at any time. When you delete your account, all associated data is permanently removed within 30 days.

Responsible Disclosure

We take security seriously and appreciate the help of security researchers in keeping SmartInvoice safe. If you discover a vulnerability, please report it responsibly:

Email security@smartinvoice.finance with details of the vulnerability
Allow us reasonable time to investigate and fix before public disclosure
Do not access or modify other users' data

Report a Vulnerability

Security FAQ

Who can see my uploaded documents?

Only you can see your documents. Our support team may access data only with your explicit permission to help troubleshoot issues, and all access is logged.

Are my bank statements stored permanently?

No. Original documents are automatically deleted after 30 days. Extracted data (transactions, balances) is retained until you delete your account.

Is the AI trained on my data?

No. We do not train our AI models on your specific documents. Your data is used solely for processing your requests and is not shared with third parties.

What happens if there's a data breach?

In the unlikely event of a breach, we will notify affected users within 72 hours as required by GDPR. We maintain cyber insurance and incident response procedures.

Can I get an audit log of who accessed my data?

Yes. Business and Enterprise plans include audit logs showing all access to your account. Contact support if you need this information.

Have Security Questions?

Our security team is happy to answer any questions about how we protect your data.

Contact Security Team

Platform developed by AI Makers • 10-12 Snipweg, Willemstad, Curaçao