How we keep you safe and secure

We understand the importance of ensuring that sensitive company and personal information is secure. This underpins how we build Emburse Spend and how we select our integration partners.

Keeping your information secure is our #1 priority

SSAE 18 / SOC 1 Type II Certified

Emburse Spend has completed the Service Organization Controls (SSAE 18 / SOC 1) examination under Statement on Standards for Attestation Engagements No. 18 (AT-C Section 320), Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, of the AICPA which was performed by an independent auditing firm.

How is Emburse Spend application data secured and stored?

Spend application data is transmitted over a 256-bit encrypted channel (SSL). All expense data and card transaction details are stored in Amazon RDS and receipt images are stored in Amazon S3. All Spend application data is backed up and data is stored for a minimum of seven years. It will always be available for viewing or export either through the application or by contacting us directly.

How is my bank account information secured?

All bank account information is stored in Amazon RDS and encrypted at rest. Account numbers are always encrypted, and decryption is only possible with dedicated hardware in our private network. Bank login information you provide to connect with your Spend account is stored with Plaid, one of our integration partners, who employ strict security policies for storing and accessing data.

How is my credit card information secured?

Spend does not store any credit card account or login information within our system. All credit card information is stored with our data integration partners, Plaid and Finicity, who each have their own security policies. Plaid regularly undergoes both internal and external network penetration tests, third-party code reviews, and PCI re-certification, as well as having completed a SOC 2 report. Its security policy also includes information on how data is accessed and controlled. Finicity holds AICPA SOC 2, Type I and PCI DSS 3.0 regulatory certifications. Its security policy also includes the use of multiple security technologies at the application, network, and database layers.

Legal information