Security & Privacy
Enterprise-grade security for your vendor data. Your data stays yours—always.
Security measures
TruePayables is built with security as a foundation, not an afterthought.
Encryption at Rest
All data is encrypted using AES-256 encryption. Database encryption keys are managed through AWS KMS with automatic rotation.
Encryption in Transit
All connections use TLS 1.3. API endpoints require HTTPS. Internal service communication is encrypted.
Tenant Isolation
Each organization's data is logically isolated. Access controls ensure one customer cannot access another's data.
Audit Logging
All access and changes are logged. Audit logs are immutable and retained according to your compliance requirements.
Access Controls
Role-based access control with least-privilege principles. SSO/SAML available for Enterprise customers.
Infrastructure Security
Hosted on AWS with SOC 2 compliant infrastructure. Network segmentation, WAF, and DDoS protection.
Data ownership
We believe your data belongs to you. Here's what that means.
Your Data Stays Yours
You own all vendor data, timelines, and verification history. We never claim ownership of customer data.
No Model Training
We do not use customer data to train machine learning models. Your invoice data is never used to improve services for other customers.
Export Anytime
Export all your data at any time in standard formats. No export fees, no restrictions, no lock-in.
Data Deletion
Request complete data deletion at any time. We will remove all customer data from our systems within 30 days.
About our technology
TruePayables uses document processing to extract invoice data and pattern matching to detect changes. We focus on accuracy and auditability—not buzzwords.
- We don't use customer data to train models
- Detection results are deterministic and auditable
- You can see exactly why any invoice was flagged
- No black-box decisions on your payments
Compliance
| SOC 2 Type II | In Progress |
| GDPR Compliant | Yes |
| CCPA Compliant | Yes |
| Data Processing Agreement | Available |
Need documentation for your compliance team? Contact us for security questionnaires and additional details.
Responsible disclosure
If you discover a security vulnerability, please report it to us responsibly. We appreciate the security community's efforts to help keep TruePayables and our customers safe.
security@truepayables.comQuestions about security?
Our team is happy to discuss security requirements and compliance needs.