Our security practices

For the detail-minded: Invoflux encrypts data in transit and at rest, hosts in the EU, is Google CASA Tier 2 certified, runs regular independent security testing, and rotates secrets on a schedule.

Written By Sergiu Biris

Last updated 10 days ago

If you or your accountant want the specifics, here is how we protect the platform.

Encryption and hosting

In transit: all traffic uses HTTPS/TLS.
At rest: your data is encrypted at rest.
Location: data is hosted in the EU.

Independent assessment and testing

Invoflux is Google CASA Tier 2 certified, the independent security assessment Google requires for apps that access Gmail and Drive data.
We run regular independent security testing of the application.

Operational security

Secret rotation. Credentials and keys are rotated on a defined schedule.
Least privilege. Access to your data is limited by role, and connections to external services (your bank, Google, your cloud) use the minimum access needed.
Vulnerability management. We track and remediate security issues on an ongoing basis.

Result

The platform is encrypted, EU-hosted, independently assessed (Google CASA Tier 2 certified), and maintained with ongoing security testing and secret rotation, so the data you and your accountant rely on is well protected.

Is my data secure?
What Invoflux can access in your Google account

Encryption and hosting

Independent assessment and testing

Operational security

Result

Related