Security & Compliance

Your financial data deserves the highest level of protection. At RedFlag, security isn't just a feature—it's fundamental to everything we do.

Our Security Approach

RedFlag employs enterprise-grade security measures to protect your sensitive financial data. Our multi-layered security approach is designed to meet the requirements of even the most security-conscious organizations.

SOC 2 Compliance

RedFlag is SOC 2 Type II compliant, meaning we've undergone rigorous third-party audits of our security controls, processes, and procedures. This certification verifies that we meet the highest standards for data security, availability, processing integrity, confidentiality, and privacy.

Data Protection

All data is encrypted both in transit and at rest using industry-standard encryption protocols (TLS 1.2+ and AES-256). We implement a strict least-privilege access model, meaning employees only have access to the specific data they need to perform their jobs.

Enterprise-Grade Security Features

Secure Authentication

  • • Strong password requirements
  • • Multi-factor authentication (MFA)
  • • Session timeouts and automatic logouts
  • • Suspicious login detection

Infrastructure Security

  • • SOC 2 compliant cloud infrastructure
  • • Regular security assessments and penetration testing
  • • DDoS protection and WAF
  • • Real-time threat monitoring

Data Handling

  • • End-to-end encryption
  • • Zero knowledge of your QuickBooks credentials
  • • Secure OAuth integration
  • • Automated data backups

Compliance & Privacy

GDPR Compliance

RedFlag is fully compliant with the General Data Protection Regulation (GDPR), giving users control over their personal data and ensuring transparent data processing practices.

  • Right to access, correct, and delete personal data
  • Data protection impact assessments
  • Clear and transparent data processing policies

Privacy-First Design

We built RedFlag with privacy as a core principle. We only collect the data necessary to provide our services and never sell your information to third parties.

  • Minimized data collection
  • Regular security audits and testing
  • Strict employee access controls

Security FAQ

How do you secure my financial data?

All data is encrypted both in transit (using TLS 1.2+) and at rest (using AES-256 encryption). We implement strict access controls, and our infrastructure is hosted in SOC 2 compliant data centers with 24/7 monitoring.

Do you store my QuickBooks credentials?

No. We use OAuth for secure authentication with QuickBooks, meaning we never see or store your QuickBooks credentials. You grant us specific permissions to access only the data needed for fraud analysis.

How long do you retain my data?

We retain transaction data for analysis for the duration of your subscription plus 30 days. After this period, or upon account closure, your data is securely deleted from our systems according to our data retention policy.

What happens if there's a security incident?

We have a comprehensive security incident response plan. In the unlikely event of a security incident affecting your data, we will notify you promptly, provide details about the impact, and take immediate steps to address the issue.

Ready to learn more?

Contact our security team for more information or to request our security documentation.

Contact Security Team View Privacy Policy