Payments are in test mode. Use card 4242 4242 4242 4242 for demo checkouts.

Security & trust

Security is the product.

This page is maintained by Liveupx to answer common security questions about ReimburseFlow. It describes enabled, app-visible controls — not an independent certification.

The top risk in multi-tenant SaaS is broken object-level authorization — a user reaching another organization's record by changing an ID. The controls below exist primarily to make that impossible.

Tenant isolation

Every record carries a tenant ID. Queries and file access are automatically scoped at the data, service, and route layers. Cross-tenant access is rejected — release-blocking in CI.

Encryption

TLS 1.2+ everywhere with HSTS. Encryption at rest for the database and object storage. Field-level encryption for payment details.

Private file storage

Receipts live in private object storage. Downloads use short-lived signed URLs authorized against the object's tenant. Files are virus-scanned and validated by magic bytes.

Identity & access

Short-lived JWTs with rotating refresh tokens and server-side revocation. 2FA mandatory for privileged roles. Hardware-key 2FA for platform Super Admin.

Audit log

Append-only audit log for every privileged action: logins, role changes, approvals, payments, exports, file access, impersonation. Tenant-scoped audit visible to Owner / Admin / Auditor.

Default-deny authorization

Every endpoint and query starts from denied. Permissions are role + tenant + object + state. Segregation of duties is enforced server-side: requester ≠ approver ≠ payer.

Anomaly alerting

Bulk-export spikes, repeated 403s (BOLA probing), impossible-travel logins, and privilege-escalation attempts trigger alerts to the platform team.

Shared responsibility.

ReimburseFlow secures the platform. Customer organizations configure and operate their tenant. These lines stay clear by design.

ReimburseFlow

  • Platform availability, patching, and hosting
  • Tenant isolation and encryption
  • Audit log integrity
  • Subprocessor management

Customer org

  • User and role management within your org
  • Workflow configuration and approval thresholds
  • Data subject request fulfillment for your users
  • Acceptable use within your team

Responsible disclosure

Found a vulnerability? Please email security@reimburseflow.com with steps to reproduce. We acknowledge within 2 business days and will not pursue researchers acting in good faith.

See GDPR & DPDP details →