Reconcile Legal Center
Policies that explain how Reconcile handles service usage, privacy, and security.
Security Overview
Reconcile is built to help teams reconcile sensitive operational and financial data. We take security seriously by minimizing stored data, encrypting what must be stored, and enforcing strict access controls throughout the platform.
The Pillars of Reconcile Security
Our security model focuses on reducing risk, limiting exposure, and protecting customer data at every stage.
- Encryption by Default. All data is encrypted in transit using modern TLS. Stored data is encrypted at rest using secure cloud-managed encryption. For highly sensitive files, application-level encryption may also be applied.
- Minimal Data Retention. Reconcile is designed to process files ephemerally. Raw uploads can be automatically deleted after processing, reducing long-term data exposure.
- Auditability. Critical actions such as uploads, reconciliations, exports, and access events are logged to provide traceability and accountability.
Technical Safeguards
Technical safeguards support the platform's security posture across transport, storage, administrative access, and sensitive file handling.
- Secure Transport. All connections to Reconcile are encrypted using HTTPS with modern TLS standards. HSTS is enforced to prevent protocol downgrade attacks.
- Encrypted Storage. Data stored within Reconcile is encrypted at rest using industry-standard encryption provided by the underlying cloud infrastructure.
- Access Control. Access to systems and data is restricted by role. Administrative access is limited, authenticated, and monitored.
- Application-Level Encryption. For certain sensitive files or exports, Reconcile may apply application-level encryption using strong, vetted cryptographic libraries.
Compliance & Alignment
Reconcile is designed to align with widely accepted security and privacy principles, including GDPR requirements and SOC-style control frameworks.
While Reconcile is not currently certified under formal programs such as SOC 2 or ISO 27001, our architecture and operational practices are built to support future compliance efforts.
Des questions sur la sécurité ?
For security-related inquiries or due-diligence requests, contact us at security@reconcileonline.com.