How we protect your books.
This page describes the security controls in place at SoftBillo today. It is maintained by MetaEdx Technologies Ltd โ the company that builds and operates SoftBillo. It is not a third-party certification or audit report.
Account & authentication
Sign-in is handled by an industry-standard managed auth provider. Passwords are never stored in plaintext โ they're hashed using bcrypt before they ever touch a database. Google OAuth is available so you can avoid managing another password.
Encryption in transit
Every request to softbillo.com and our APIs is served over HTTPS (TLS 1.2+). We do not accept plain-HTTP traffic for app routes.
Encryption at rest
Your data lives in a managed Postgres database with encryption at rest provided by the underlying cloud platform. Receipt files and logos sit in a managed object store with the same posture.
Workspace isolation
Every row in our database is protected by row-level security. A signed-in user can only read and write rows that belong to their own workspace โ the database enforces this, not the application code.
Backups & availability
Our managed database provider takes automated daily backups. We do not commit to a specific RPO/RTO publicly today โ if you need contractual guarantees, get in touch and we'll talk.
Responsible disclosure
Found a security issue? Please email us before sharing it publicly. We read every report personally and aim to acknowledge within two business days.
What we don't claim
We do not currently hold SOC 2, ISO 27001, PCI-DSS, GDPR, or HIPAA certifications. If your procurement team needs any of these, please reach out so we can have an honest conversation about timelines and scope.
Report a vulnerability
Email security@softbillo.com with a description, reproduction steps, and any impact analysis. Please don't publicly disclose until we've had a chance to respond.
Not a security report? Use our contact page instead.
Last reviewed June 2026 ยท Maintained by MetaEdx Technologies Ltd.