Security & Data Protection

Your client data deserves the highest level of protection. Here's how we keep it safe.

🔒

Encryption

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. Database backups are encrypted before storage.

  • HTTPS enforced on all connections
  • Database encryption at rest
  • Encrypted backup storage
🔑

Authentication

Secure authentication with strong password requirements, breach detection, and session management protects access to your account.

  • Strong password requirements (8+ characters, mixed case, numbers)
  • Password breach detection via HaveIBeenPwned API
  • 30-minute inactivity timeout with sliding expiration
  • Rate limiting on login, signup, and password reset endpoints
🛡

Security Headers

Industry-standard security headers protect against common web attacks and enforce secure browsing policies.

  • Content Security Policy (CSP) to prevent XSS attacks
  • HTTP Strict Transport Security (HSTS) enforcing HTTPS
  • X-Frame-Options, X-Content-Type-Options protection
📝

Access Logging

SOC 2 compliant access logging tracks all authentication events and permission changes for security monitoring.

  • Login and logout events logged with timestamp and IP address
  • Permission and role changes tracked with user attribution
  • Session management with forced logout capability
🏢

Data Isolation

Multi-tenant architecture with strict data isolation ensures your firm's data is completely separated from other customers.

  • Firm-level data isolation
  • Role-based access control (Admin, Preparer, Reviewer)
  • User-level activity tracking
📋

Audit Trail

Complete audit trail of all material changes supports your professional documentation requirements.

  • Immutable audit log of all changes
  • Field-level change tracking with before/after values
  • User attribution on all actions

Infrastructure

Hosted on enterprise-grade cloud infrastructure with automated backups and monitoring.

  • PostgreSQL database with automated daily backups
  • 24/7 monitoring with automated alerting
  • 1-hour recovery time objective (RTO)
💾

Your Data Rights

Your data belongs to you. Export it anytime or request deletion when you no longer need our service.

  • Export all data to Excel at any time
  • Request complete data deletion
  • No data sold to third parties

Security Questions?

Contact us at security@depreciationpro.com for security-related inquiries.

Privacy Policy Terms of Service