Enterprise-Grade Security
Your financial data deserves the highest level of protection. SubPaid is built with security at its core.
How We Protect Your Data
We implement multiple layers of security to ensure your invoices, client information, and payment data are always protected.
256-bit Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
SOC 2 Type II Compliant
We undergo annual SOC 2 audits to ensure our security controls meet the highest standards.
Secure Infrastructure
Hosted on AWS with enterprise-grade security, redundancy, and 99.9% uptime SLA.
24/7 Monitoring
Continuous security monitoring and threat detection to protect your data around the clock.
Regular Penetration Testing
Third-party security experts conduct regular penetration tests to identify vulnerabilities.
Data Privacy Controls
Granular access controls and audit logs ensure your data is only accessed by authorized users.
Compliance & Certifications
SubPaid maintains compliance with industry-leading security standards and regulations.
| Standard | Status |
|---|---|
| SOC 2 Type II | Certified |
| GDPR | Compliant |
| CCPA | Compliant |
| PCI DSS | Level 1 (via Stripe) |
| HIPAA | Available on Enterprise |
Data Handling Practices
Data Encryption
All data transmitted to and from SubPaid is encrypted using TLS 1.3. Data stored in our databases is encrypted at rest using AES-256. Encryption keys are managed through AWS KMS with automatic rotation.
Access Controls
We implement role-based access control (RBAC) and the principle of least privilege. Employee access to customer data is logged and audited. Multi-factor authentication is required for all internal systems.
Data Retention
Your data is retained while your account is active. Upon account deletion, data is permanently removed within 90 days. Backups are encrypted and retained for disaster recovery purposes only.
Incident Response
We maintain a comprehensive incident response plan. In the event of a security incident, affected users will be notified within 72 hours as required by GDPR and other regulations.
Report a Security Vulnerability
We take security seriously and appreciate responsible disclosure. If you discover a vulnerability, please report it to our security team.
security@subpaid.comWe respond to all security reports within 24 hours.
Learn more: Privacy Policy | Terms of Service | GDPR Compliance