Security & trust
Security is the product.
This page is maintained by Liveupx to answer common security questions about ReimburseFlow. It describes enabled, app-visible controls — not an independent certification.
The top risk in multi-tenant SaaS is broken object-level authorization — a user reaching another organization's record by changing an ID. The controls below exist primarily to make that impossible.
Tenant isolation
Every record carries a tenant ID. Queries and file access are automatically scoped at the data, service, and route layers. Cross-tenant access is rejected — release-blocking in CI.
Encryption
TLS 1.2+ everywhere with HSTS. Encryption at rest for the database and object storage. Field-level encryption for payment details.
Private file storage
Receipts live in private object storage. Downloads use short-lived signed URLs authorized against the object's tenant. Files are virus-scanned and validated by magic bytes.
Identity & access
Short-lived JWTs with rotating refresh tokens and server-side revocation. 2FA mandatory for privileged roles. Hardware-key 2FA for platform Super Admin.
Audit log
Append-only audit log for every privileged action: logins, role changes, approvals, payments, exports, file access, impersonation. Tenant-scoped audit visible to Owner / Admin / Auditor.
Default-deny authorization
Every endpoint and query starts from denied. Permissions are role + tenant + object + state. Segregation of duties is enforced server-side: requester ≠ approver ≠ payer.
Anomaly alerting
Bulk-export spikes, repeated 403s (BOLA probing), impossible-travel logins, and privilege-escalation attempts trigger alerts to the platform team.
Shared responsibility.
ReimburseFlow secures the platform. Customer organizations configure and operate their tenant. These lines stay clear by design.
ReimburseFlow
- Platform availability, patching, and hosting
- Tenant isolation and encryption
- Audit log integrity
- Subprocessor management
Customer org
- User and role management within your org
- Workflow configuration and approval thresholds
- Data subject request fulfillment for your users
- Acceptable use within your team
Responsible disclosure
Found a vulnerability? Please email security@reimburseflow.com with steps to reproduce. We acknowledge within 2 business days and will not pursue researchers acting in good faith.
See GDPR & DPDP details →