Your first two free runs are now up to 10M rows per file instead of 100k.

Run yours nowNo credit card required
Reconcile
HomeHow it WorksUse CasesPricing

Learn

BlogGuidesSample Files

Support

FAQContact

Legal & Trust

Security & TrustPrivacy PolicyTerms of Service
ENEnglishFRFrançaisESEspañolARالعربية
Start Free
Start Free
Reconcile
HomeHow it WorksUse CasesPricing

Learn

BlogGuidesSample Files

Support

FAQContact

Legal & Trust

Security & TrustPrivacy PolicyTerms of Service
ENEnglishFRFrançaisESEspañolARالعربية

SECURITY & TRUST

Security & Trust

On this page
Security OverviewInfrastructureSecurity PillarsTechnical SafeguardsStaff AccessCompliance & Alignment
Document

Security Overview

Reconcile is built to process sensitive financial and operational data. Our security approach is built on one core principle: we store as little as possible, encrypt everything we do store, and delete uploaded files the moment they are no longer needed.

Your uploaded files are processed for comparison only. We do not read, interpret, analyze, or store the contents of your files for any purpose beyond running your reconciliation. No member of the Reconcile team can access what is inside your files — they are deleted from our servers immediately after your report is generated. In all cases, files are hard-deleted within 24 hours of upload regardless of whether automatic deletion succeeded.

Infrastructure

Reconcile runs on the following infrastructure, all hosted in European data centers:

  • Oracle — primary compute and storage infrastructure, Europe region.
  • Cloudflare R2 — file storage and delivery, Europe region.

We may add additional infrastructure providers in the future. This page will be updated when that happens. No customer data is currently processed outside Europe.

Security Pillars

Files Deleted After Processing.

Uploaded files are deleted from our servers immediately after your reconciliation report is generated. A hard-delete process runs every 24 hours as a safety net — no uploaded file can remain on our servers for more than 24 hours under any circumstances. Reconciliation results — matched rows, unmatched rows, and discrepancies — are stored separately and retained according to your workspace settings, which you control.

Encryption by Default.

All data is encrypted in transit using TLS. All data stored within Reconcile is encrypted at rest using AES-256 encryption provided by Oracle and Cloudflare R2 infrastructure. Application-level encryption is applied on top of infrastructure encryption for all stored reconciliation results and account data.

Auditability.

Critical actions — uploads, reconciliation runs, result exports, and access events — are logged. This audit trail is available to workspace administrators and can be included in compliance documentation.

Technical Safeguards

Secure Transport.

All connections to reconcileonline.com and app.reconcileonline.com use HTTPS with modern TLS. HSTS is enforced to prevent protocol downgrade attacks.

Encrypted Storage.

All data stored within Reconcile is encrypted at rest using AES-256 encryption at the infrastructure level (Oracle, Cloudflare R2) with additional application-level encryption applied on top.

Access Control.

Access to systems and data is restricted by role. Administrative access is limited, authenticated with two-factor authentication, and monitored. Least-privilege principles are applied across all internal systems.

Two-Factor Authentication.

Two-factor authentication is available for all user accounts and is enforced for all Reconcile team members with administrative access.

Staff Access Restrictions.

No member of the Reconcile team can access the contents of your uploaded files. Files are deleted immediately after processing. Reconciliation results stored in your workspace are accessible to support staff only when you explicitly request help with a specific reconciliation, and only for the purpose of resolving your support request.

Compliance & Alignment

Reconcile is designed to align with GDPR requirements and SOC 2 control frameworks.

We are not currently certified under SOC 2 or ISO 27001. Our architecture and operational practices are built to align with SOC 2 principles across security, availability, and confidentiality. We are working toward formal certification and will update this page when that changes.

All data is processed within Europe. We use Standard Contractual Clauses where required for any cross-border data transfers involving service providers.

Security questions?

Contact us at security@reconcileonline.com. We respond to all security inquiries within 48 hours on business days.

Reconcile
Two files. One truth!
PRODUCT
Home
How it Works
Use Cases
Pricing
RESOURCES
Blog
Guides
Sample Files
LEGAL & TRUST
Security & Trust
Privacy Policy
Terms of Service
FacebookFacebookLinkedInLinkedIn

Copyright © 2026 Reconcile. All Rights Reserved.

FAQ
Contact
ENFRESAR