Enterprise-Grade Security
Your financial data deserves the highest level of protection. OutflowGuard is built with security at its core, ensuring your sensitive information stays safe.
Data Protection
- •AES-256 encryption for all data at rest
- •TLS 1.3 encryption for all data in transit
- •Minimal data retention—we only store what's necessary
- •Read-only Xero access—we never modify your data
Secure Infrastructure
- •Vercel (Frontend) — Global CDN with DDoS protection
- •Render (API) — SOC 2 Type II compliant hosting
- •AWS via Supabase (Database) — ISO 27001 certified
- •Automated security updates and patching
Access Controls
- •OAuth 2.0 authentication via Xero
- •Role-based access control (RBAC) for team permissions
- •Complete audit logging of all user actions
- •Automatic session expiry and secure token handling
Compliance & Standards
- •GDPR-aware data handling practices
- •Australian Privacy Act compliant
- •SOC 2 Type II certification on our roadmap
- •Regular third-party security assessments
Responsible Disclosure
We take security vulnerabilities seriously. If you discover a security issue, please report it to us responsibly. We commit to:
- •Acknowledging your report within 48 hours
- •Providing regular updates on our investigation
- •Crediting researchers who help improve our security (with permission)
Security Contact: security@outflowguard.com