Security
Your privacy, security and trust are an integral part of our service.
Secure accounts
Every ExpenseIn account is secured with a password, with the option to enforce two-step authentication for your organisation.
We follow industry standards, such as encrypting traffic and passing passwords through a one-way cryptographic hash algorithm before storing them to ensure bank level security.
We’re ready when you are
With an uptime that exceeds 99.99%, ExpenseIn is ready anytime that you are. We achieve this by limiting partnerships to premium providers, having robust, tested recovery procedures and redundancy.
Take a look for yourself at http://status.expensein.com
We keep your data safe
Every receipt and record that you entrust to us is yours. We’ll keep it safe, we’ll never share it, and it’s easy for you retrieve and download anytime.
Our staff are trained in data protection, both understanding and following best practices to keep your data safe.
Your data integrity is our priority
We leverage industry leading providers and the latest in cloud technology to ensure that your data is always available.
Data replication ensures that there’s always a mirror image of your records.
Certified and proven security
ExpenseIn has been awarded Cyber Essentials certification, a scheme backed by the UK Government and the National Cyber Security Centre.
In order to achieve certification our systems have been independently evaluated by APMG International, a leading accreditation body.
Traffic is encrypted
24/7 monitoring
99.9% uptime
Cloud data backup & replication
PCI DSS certified
Our carefully selected partners
Exceptional service, performance and security is in our DNA. That’s why we only partner with industry leaders who have proven track records and meet our own exacting standards.
Amazon AWS, one of the largest managed cloud providers, manage the servers and datacenters that power ExpenseIn. They ensure that ExpenseIn runs on enterprise-grade hardware and the latest cloud technologies.
Your privacy and data integrity is our priority and Amazon AWS enables us to ensure that your data is processed and stored in the UK to industry leading standards. And with Amazon’s certifications, including ISO 27001 and PCI Data Security Standard, you don’t just have to take our word for it.
Payments are processed by Sage Pay. They’re industry leaders and are certified to PCI Data Security Standard Level 1. Additionally, we are also PCI DSS certified, so you can rest assured that your payment information is protected.
Frequently asked questions
Where is my data held?
All of your data is processed and stored in the UK. Our hosting partner Amazon AWS enables us to ensure that your data is processed and stored in the UK to industry leading standards. And with Amazon’s certifications, including ISO 27001, you can rest assured that your information is secure.
Is ExpenseIn compliant with the GDPR?
Yes, ExpenseIn welcomes the introduction of the GDPR and has made a number of changes to internal processes, policies and our platform security.
See our GDPR Statement for further details.
Do you regularly scan for vulnerabilities?
ExpenseIn utilises a 3rd party to scan all public endpoints every 14 days. The system is tested against a range of known threats, including all known threats identified by the latest OWASP publications.
Do you have physical site redundancy?
Yes, ExpenseIn is hosted in the London UK AWS Region across multiple availability zones. Each zone is backed by one or more physical data centres.
Are my payment details secure?
We never store payment details. Instead, our carefully chosen partner Sage Pay, a Level 1 PCI DSS certified payment processor, stores your payment details.
Do you have a privacy policy?
Yes, we take data protection and privacy very seriously. All of our staff receive training in data protection and fully understand your need for privacy. Further details are available in our privacy policy.
