ReconcilX Logo
Security

Security at ReconcilX

Enterprise-grade security for your financial data — because trust is the foundation of reconciliation.

TLS 1.2+

In transit

AES-256

At rest

MFA

All access

RBAC

Least privilege

Security Overview

Security is foundational to everything we build at ReconcilX. Because we process sensitive financial transaction data on behalf of our users, we maintain a rigorous security posture across infrastructure, application, and operational layers. This page summarises our key security practices to help you understand how your data is protected.

Data Protection

All data stored by ReconcilX is subject to strict access policies and encryption standards:

  • Financial transaction data is stored in isolated, encrypted databases
  • We enforce strict data segregation between different merchant accounts
  • Backups are encrypted and stored in geographically separate locations
  • We do not store raw payment credentials, card numbers, or bank passwords
  • Data is retained only as long as necessary to provide reconciliation services

Encryption

We use modern encryption standards to protect data in transit and at rest:

  • All data in transit is encrypted using TLS 1.2 or higher (HTTPS enforced)
  • Data at rest is encrypted using AES-256
  • API tokens and secrets are stored using one-way hashing and secure vaults
  • OAuth tokens for Shopify, Stripe, and PayPal are encrypted at the application layer
  • We rotate cryptographic keys periodically and on any suspected compromise

Access Control

We apply the principle of least privilege across all systems and teams:

  • Role-based access control (RBAC) limits internal access to customer data
  • Only authorised engineers may access production systems, with full audit logging
  • All internal access requires multi-factor authentication (MFA)
  • Third-party access to your data requires your explicit authorisation via OAuth
  • We regularly review and revoke unnecessary access privileges

Responsible Disclosure

We take security vulnerabilities seriously and appreciate responsible disclosure from the security community. If you believe you have found a security vulnerability in ReconcilX, please report it to us privately so we can address it before any public disclosure.

  • Do not exploit the vulnerability beyond what is necessary to verify it
  • Do not access, modify, or delete data that does not belong to you
  • Give us reasonable time (at least 30 days) to address the issue before disclosure
  • We will acknowledge your report within 48 hours and keep you updated

Report security issues to:

security@reconcilx.com

Found a vulnerability?

Please report it privately to our security team. We take all reports seriously and will work with you to resolve the issue quickly.

security@reconcilx.com