Security | Incurdesk

Expense and financial data is sensitive. This page describes the measures we take to protect it. Security is an ongoing process, and we continue to invest in it as we grow.

1. Encryption

Data is encrypted in transit using TLS. Data stored on our infrastructure is protected with encryption at rest provided by our cloud hosting environment.

2. Access control and tenant isolation

The Service is multi-tenant, and each organization's data is logically isolated so that one customer cannot access another's data. Internal access to production systems is limited to what is necessary to operate and support the Service.

3. Authentication

Passwords are stored using strong one-way hashing and are never stored in plain text. API keys are scoped to specific permissions, stored as hashes, and can be revoked at any time from your account.

4. Payments

Card payments are processed by a third-party payment provider. We do not store full payment card numbers on our servers.

5. Backups and reliability

We maintain regular backups of customer data and monitor the Service for availability and errors so we can respond quickly to issues.

6. Service providers

We work with reputable providers for hosting, email delivery, and related services, each bound by confidentiality and data-protection obligations. See our Privacy Policy for how data is handled.

7. Responsible disclosure

If you believe you have found a security vulnerability, please email support@incurdesk.com with details. We appreciate responsible disclosure and will work with you to investigate and resolve valid reports. Please do not publicly disclose an issue until we have had a reasonable opportunity to address it.

8. Your role

Security is shared. Use a strong, unique password, keep your credentials confidential, manage team access carefully, and revoke API keys you no longer use.

9. Contact

Security questions? Email support@incurdesk.com.