Skip to content
CashTrace← Back to home

Security

CashTrace handles your financial data. Here's exactly how we protect it — no marketing, just facts about what we do today.

Encryption

All data is encrypted at rest using AES-256. Data in transit is protected with TLS 1.3. Your invoice data, payment records, and personal information are encrypted before they reach our servers and stay encrypted while stored.

Hosting

CashTrace runs on Google Cloud Platform. Our servers are in the europe-west1 region. We use Google Cloud Run for auto-scaling containerized services and Google Cloud SQL for managed PostgreSQL databases with automated backups. Uptime target: 99.9%.

Access control

CashTrace uses role-based access control. Owner, admin, finance, and accountant roles each see only what they need. Every action — login, data view, edit, export — is logged in an immutable audit trail.

Data isolation

Every database query is scoped by business ID. Your data is never exposed to other businesses. There is no cross-tenant data leakage by design — it's enforced at the query layer, not just the application layer.

Where we are honestly

We're a small team and we're honest about where we are. No SOC 2 certification yet. No ISO 27001. But encryption, role-based access control, and audit logging are built in from day one — not bolted on later. As we grow, we'll pursue formal certifications and publish the timeline here.

Questions about security? Email us at info@kigsapexsolutions.com