TAX SEASON

up to 55% OFF · code ITRPROMO55

Security & trust at SnapSpend

Last updated: March 28, 2026

Finance data is the most sensitive data your business has. Here’s how we treat yours — and how we sit on a SOC 2 Type 2 foundation from day one.

1. How our trust posture is built

Our backend database partner is SOC 2 Type 2 compliant. Your data sits on SOC-2-audited infrastructure from the moment you sign up. SnapSpend layers application-level controls (Row-Level Security, signed URLs, audit logs) on top — designed so we never weaken what we inherit.

2. Where your data lives

SnapSpend uses managed Postgres and object storage in a Southeast Asia region (specific region details available under NDA). Receipts, parsed data, and exports stay in the region. We do not transfer data to the US or EU for processing — and we never train models on your documents.

3. Encryption

All documents are encrypted at rest using AES-256, and in transit over TLS 1.3. Storage URLs are short-lived and signed per request — even if a URL leaks, it expires within 60 seconds. Your password is hashed with bcrypt; we cannot read it, and neither can our team.

4. Compliance posture

Our backend database partner is SOC 2 Type 2 compliant — your data sits on SOC-2-audited infrastructure from day one.

On top of that, SnapSpend implements its own SOC 2-aligned controls (formal certification on roadmap):

  • RBAC — role-based access control on every tenant
  • MFA — multi-factor auth for all admin and finance roles
  • AES-256 at rest, TLS 1.3 in transit
  • Postgres Row-Level Security on every business table — even our engineers cannot query across orgs
  • Signed Storage URLs with 60-second TTL
  • Full audit logs of all admin actions

Inherited from infrastructure (backend database partner + hosting partner): SOC 2 Type 2 · GDPR · HIPAA-capable (available for MAX-tier customers on request).

Philippine-specific: DPA 2012 alignment (NPC registration in progress) · BIR-compliant output formats (SLSP, 2550M).

BIR / BSP: SnapSpend produces SLSP and 2550M outputs that match BIR’s published file specifications for eFPS submission. We are BIR-compliant by output, not BIR-accredited — no such accreditation exists for receipt-parsing software in Philippine law.

Want documentation? Email security@snapspend.ai — we’ll share our infrastructure partners’ SOC 2 Type 2 reports under NDA.

5. Reliability

  • Uptime target: 99.5% on PRO and MAX tiers (formal SLA on roadmap).
  • Backups: Continuous WAL-streamed backups (managed by our infrastructure partner), with point-in-time recovery available.
  • Incident response: Customers are notified within 24 hours of any confirmed incident affecting their data.
  • Status page: Coming Q2 2026.

6. Your data, your rights

You can export everything at any time, in machine-readable format. You can delete your account and all associated data in one click — every row, every file, gone within 30 days, no “we keep a backup forever.”

Have a security question we didn’t answer? Email security@snapspend.ai — we reply within one business day.