Security

Your privacy, security and trust are an integral part of our service.

Secure accounts

Secure accounts

Every ExpenseIn account is secured with a password, with the option to enforce two-step authentication for your organisation.

We follow industry standards, such as encrypting traffic and passing passwords through a one-way cryptographic hash algorithm before storing them to ensure bank level security.

99.9% Uptime

We’re ready when you are

With an uptime that exceeds 99.9%, ExpenseIn is ready anytime that you are. We achieve this by limiting partnerships to premium providers, having robust, tested recovery procedures and redundancy.

Take a look for yourself at http://status.expensein.com

We respect your privacy

We keep your data safe

Every receipt and record that you entrust to us is yours. We’ll keep it safe, we’ll never share it, and it’s easy for you retrieve and download anytime.

Our staff are trained in data protection, both understanding and following best practices to keep your data safe.

Cloud backups

Your data integrity is our priority

We leverage industry leading providers and the latest in cloud technology to ensure that your data is always available.

Data replication ensures that there’s always a mirror image of your records.


Certified and proven security

Cyber Essentials

ExpenseIn has been awarded Cyber Essentials certification, a scheme backed by the UK Government and the National Cyber Security Centre.

In order to achieve certification our systems have been independently evaluated by APMG International, a leading accreditation body.

View our Cyber Essentials Certicate


Traffic is encrypted.

Traffic is encrypted

24/7/365 monitoring

24/7 monitoring

99.9% uptime.

99.9% uptime

Cloud data backup and replication.

Cloud data backup & replication

PCI DSS certified.

PCI DSS certified


Our carefully selected partners

Trademarked logo of AWS

Trademarked logo of SagePay

Exceptional service, performance and security is in our DNA. That’s why we only partner with industry leaders who have proven track records and meet our own exacting standards.

Amazon AWS, one of the the largest managed cloud providers, manage the servers and datacenters that power ExpenseIn. They ensure that ExpenseIn runs on enterprise-grade hardware and the latest cloud technologies.

Your privacy and data integrity is our priority and Amazon AWS enables us to ensure that your data is processed and stored in the UK to industry leading standards. And with Amazon’s certifications, including ISO 27001 and PCI Data Security Standard, you don’t just have to take our word for it.

Payments are processed by Sage Pay. They’re industry leaders and are certified to PCI Data Security Standard Level 1. Additionally, we are also PCI DSS certified, so you can rest assured that your payment information is protected.


Frequently asked questions

Where is my data held?

All of your data is processed and stored in the UK. Our hosting partner Amazon AWS enables us to ensure that your data is processed and stored in the UK to industry leading standards. And with Amazon’s certifications, including ISO 27001, you can rest assured that your information is secure.

Is ExpenseIn compliant with the GDPR?

Yes, ExpenseIn welcomes the introduction of the GDPR and has made a number of changes to internal processes, policies and our platform security.

See our GDPR Statement for further details.

Do you regularly scan for vulnerabilities?

ExpenseIn utilises a 3rd party to scan all public endpoints every 14 days. The system is tested against a range of known threats, including all known threats identified by the latest OWASP publications.

Do you have physical site redundancy?

Yes, ExpenseIn is hosted in the London UK AWS Region across multiple availability zones. Each zone is backed by one or more physical data centres.

Are my payment details secure?

We never store payment details. Instead, our carefully chosen partner Sage Pay, a Level 1 PCI DSS certified payment processor, stores your payment details.

Do you have a privacy policy?

Yes, we take data protection and privacy very seriously. All of our staff receive training in data protection and fully understand your need for privacy. Further details are available in our privacy policy.


What our customers say about us

ExpenseIn was easy to setup and customise. The end users submit their expenses on the go with minimal time output, the approval process is fast and Finance receives fully completed claims in a timely manner.

Rodial

ExpenseIn has made our expenses process much more straightforward, both for staff and the Finance team.

Bridges Fund Management

ExpenseIn is well worth the investment as it pays for itself within weeks or even days. Easier to use than any other system that we have ever come across.

ATTCo Global