Security
How we protect your data. For information about what data we collect and your rights, see our Privacy Policy.
Encryption in Transit
All data is encrypted using TLS/HTTPS with Let's Encrypt certificates. Your receipt images and sensitive information are protected during transmission.
European Data Centers
All infrastructure runs exclusively in EU data centers (France), ensuring data sovereignty and compliance with European regulations.
Passwordless Authentication
We use OAuth 2.0 with one-time passwords (OTP) for authentication. No passwords to remember or manage, reducing the risk of credential-based attacks.
Role-Based Access Control
Employees only see their own receipts. Admins have controlled access to company data with multi-layer enforcement at route, service, and database levels.
Infrastructure
- Network Isolation: Private VPC network isolates all infrastructure. Databases run in private Kubernetes namespaces with no direct internet access.
- Query Safety: All database queries are parameterized to prevent injection attacks.
- Data Durability: Object storage versioning and volume retention policies protect against accidental data loss.
- Logging: Centralized log aggregation for debugging and audit trails.
Third-Party Services
Stripe
PCI DSS compliant payment processing
Mailgun (EU)
Email receiving in EU region
Scaleway
EU-based cloud infrastructure (France)
Let's Encrypt
TLS certificate authority
Security Vulnerability Reporting
If you discover a security issue, please report it privately so we can address it promptly.
security@receiptbundler.euInclude details about the vulnerability and steps to reproduce. We will respond within 48 hours.