Security at SimplyExpensed
Your financial data deserves enterprise-grade protection
Encryption in Transit
All data transmitted between your device and our servers is encrypted using TLS 1.3. Every connection is secured with HTTPS.
Encryption at Rest
Receipt images are stored in encrypted AWS S3 buckets. Database contents are encrypted using AES-256 encryption.
Strong Authentication
Passwords are hashed with bcrypt using 12 rounds of salting. We enforce strong password policies and support secure session management via JWT tokens.
Private Receipts
Receipt images are stored with private access controls. Each file access requires a time-limited signed URL that expires automatically.
Secure Infrastructure
Our infrastructure runs on enterprise-grade cloud services with automated backups, access controls, and monitoring.
Payment Security
All payment processing is handled by Stripe, a PCI Level 1 certified payment processor. We never store credit card numbers.
Report a Security Issue
If you discover a security vulnerability, please report it responsibly to [email protected]. We take all reports seriously and will respond within 48 hours.