Enterprise-grade security designed for Dutch accounting professionals. Your data is protected with multiple layers of defense.
Last updated: December 29, 2025
Full audit trail, right to deletion, and data portability
Military-grade encryption at rest and in transit
Complete data export in CSV format (<60 seconds)
User-controlled data lifecycle management
We appreciate security researchers and users who help us maintain the security of our platform. If you discover a security vulnerability, please report it responsibly.
Email: support@receiptguard.io
Please include:
We appreciate researchers who:
When you report:
Multi-layered security protecting your sensitive financial data with defense-in-depth strategy.
Every organization's data is completely isolated using application-level filtering with database Row-Level Security policies as defense-in-depth. Each query is automatically filtered by your organization ID, making cross-organization access impossible.
We implement multiple security layers so that even if one layer is compromised, others protect your data:
Full compliance with European data protection regulations, designed for Dutch accounting professionals.
Every action is logged with comprehensive details:
Logged actions include: view, upload, update, delete, bulk delete, rescan, export_data, update_retention, auto_delete, and access denied events.
Enterprise-grade authentication with support for multi-factor authentication and team collaboration.
ReceiptGuard supports team collaboration with proper access control. Organization owners have full control, while members have limited access to protect your data.
We use Clerk for enterprise-grade authentication with:
Your receipts are stored in private, encrypted buckets with time-limited access controls.
Receipts are stored in Supabase Storage with strict access controls. Each organization's files are isolated in separate folders, preventing cross-organization access.
Files are accessed via time-limited signed URLs:
Multiple validation layers:
Take control of your data with self-service export and configurable retention policies.
Organization owners can export all data at any time via Settings → Data Management. Export completes in under 60 seconds and includes complete CSV files with all your data.
Organizations can configure how long receipts are retained before automatic deletion. This supports GDPR data minimization principles while respecting Dutch 7-year fiscal retention requirements.
Business receipts must be kept for at least 7 years under Dutch fiscal law. Users are responsible for compliance. Set retention to at least 7 years or "Never delete" for maximum compliance.
The automatic deletion system is protected by multiple security layers:
All data is encrypted both at rest and in transit using industry-standard protocols.
All communication uses TLS 1.3:
Protection against abuse and denial-of-service attacks with organization-level rate limits.
| Operation | Limit | Window | Purpose |
|---|---|---|---|
| Upload | 100 requests | 1 hour | Prevent spam uploads |
| Rescan | 10 requests | 1 hour | Prevent AI abuse |
| Batch Process | 5 requests | 1 hour | Prevent resource exhaustion |
Every response includes rate limit headers showing your remaining quota and reset time.
We only use SOC 2 compliant service providers with signed Data Processing Agreements.
Authentication & session management
Database & file storage
Application hosting & CDN
Payment processing (we never see card numbers)
ReceiptGuard