Your clients' financial data is some of the most sensitive information you handle — and we treat it that way. Easify is built with bank-grade security at every layer, from encryption in transit to automatic deletion of uploaded statements after processing.
Encryption Everywhere
All data is encrypted in transit with 256-bit TLS, and sensitive credentials and tokens are encrypted at rest.
Automatic File Deletion
Uploaded bank statements are automatically purged after processing — your raw documents don't linger on our servers.
Strict Access Controls
Role-based permissions ensure team members only ever see data belonging to their own organization.
Secure Infrastructure
Hosted on enterprise-grade AWS infrastructure with regular security reviews and dependency updates.
Data Encryption
Every connection to Easify is protected with HTTPS and 256-bit TLS encryption, so data moving between your browser and our servers cannot be intercepted. Sensitive values — including authentication tokens, integration credentials, and secrets — are encrypted at rest.
Document Handling & Retention
Bank statements are processed by our proprietary bank-identification engine to extract transactions and cash flow. We keep your footprint small:
- Uploaded statement files are automatically deleted after processing completes
- Extracted data is associated only with your organization and never shared with other organizations
- When you delete your account, personal data and documents are permanently removed within 30 days
Access & Account Security
- Role-based access control scopes every user strictly to their own organization's data
- Optional two-factor authentication (2FA) adds a second layer to account sign-in
- Single sign-on via Google, Microsoft, and LinkedIn for centralized identity management
- Passwords are stored using strong, industry-standard hashing — never in plain text
Trusted Sub-Processors
We work with a small set of vetted providers, strictly to operate the platform:
- AWS — cloud infrastructure and encrypted storage
- Stripe — PCI-DSS compliant payment processing; we never store full card numbers
- Plaid — secure, read-only bank connectivity when a merchant chooses to link live data
See our Privacy Policy for the full detail on how data is collected, used, and shared.
Payment Security
All billing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. Card details are entered directly with Stripe and are never stored on Easify's servers.
Responsible Disclosure
We welcome reports from security researchers. If you believe you've found a vulnerability, please email us at security@easify.net with the details so we can investigate and respond promptly. Please give us a reasonable window to remediate before any public disclosure.
Questions?
For any questions about our security practices, or to request additional documentation for your own due diligence, reach out at security@easify.net.