Security

We use industry-standard encryption to protect your data at every stage:

• In Transit: All connections use TLS 1.2+ encryption. We enforce HTTPS across all services.
• At Rest: All stored data is encrypted using AES-256 encryption, including database records, file storage, and backups.
• Secrets Management: API keys, credentials, and sensitive configuration are stored in secure, encrypted secret management systems.

PatronSend is built on trusted, enterprise-grade infrastructure:

• Cloud Hosting: We use Amazon Web Services (AWS), which maintains SOC 2, ISO 27001, and other security certifications.
• Database: Our database is hosted on Neon, a SOC 2 Type II certified serverless Postgres provider with automatic backups and point-in-time recovery.
• Network Security: Services are isolated within private networks with strict firewall rules and no direct public access to databases or internal services.
• Regular Updates: We maintain up-to-date systems with security patches applied promptly.

We implement robust authentication and access control mechanisms:

• Secure Authentication: User authentication is powered by Clerk, an enterprise-grade identity platform with built-in protection against common attacks.
• Multi-Factor Authentication: Users can enable MFA for additional account security.
• Role-Based Access: Fine-grained permissions ensure users only access what they need. Roles include Owner, Admin, and Member with different permission levels.
• Session Management: Secure session handling with automatic expiration and the ability to revoke sessions.

Comprehensive logging and monitoring helps us maintain security:

• Audit Logs: All significant actions are logged, including document generation, user access, and configuration changes.
• Tax Receipt Tracking: Complete audit trail for all tax receipts including authorization, delivery, and any modifications.
• Error Monitoring: We use application monitoring to detect and respond to issues quickly.

We implement practices to protect your data throughout its lifecycle:

• Data Isolation: Each organization's data is logically isolated. Users can only access data for organizations they belong to.
• Backup & Recovery: Automatic daily backups with point-in-time recovery capabilities ensure your data is protected against loss.
• Data Retention: We retain tax receipt records as required by law (typically 5-7 years depending on jurisdiction) and securely delete data when no longer needed.
• Data Export: You can export your data at any time, ensuring you maintain control over your information.

We carefully vet our service providers for security:

• Vetted Providers: All third-party services are evaluated for security practices and compliance certifications.
• Minimal Data Sharing: We only share the minimum data necessary with third parties to provide the service.
• Payment Security: Payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. We never store credit card numbers.

We have procedures in place to respond to security incidents:

• Response Plan: We maintain an incident response plan to quickly address any security issues.
• Notification: In the event of a data breach affecting your information, we will notify you promptly as required by applicable law.
• Continuous Improvement: We learn from any incidents to improve our security posture.