Skip to content
Trust

Security at Reconcily

You're trusting us with receipts, statements, and inbox access. Here's how we protect them.

Last updated: June 25, 2026

Access & least privilege

  • Read-only inbox access. When you connect a mailbox, Reconcily reads — it never sends, deletes, or modifies mail.
  • Scoped connections. You can disconnect any source at any time, which revokes our access.
  • Least-privilege internals. Access to production systems is limited and logged.

Encryption

  • In transit. All traffic is encrypted with TLS.
  • At rest. Your documents and data are encrypted at rest.
  • Credentials. Mailbox tokens and IMAP credentials are envelope-encrypted with a managed key service and stored in a dedicated secret store — never in plaintext.

Tenant isolation

Each customer's data is isolated at the database level (a schema-per-tenant model), so one customer's documents and books are not accessible from another tenant.

Audit trail

Every reconciled line traces back to a source document, and key actions are logged — both so your books are audit-defensible and so we can detect and investigate misuse.

Account protection

  • Modern authentication via Google Cloud Identity Platform.
  • Multi-factor authentication (TOTP) is available for accounts.

Compliance

Reconcily handles financial data, so we build toward the controls our customers expect:

  • GLBA / FTC Safeguards — we align our controls (encryption, access control, MFA, logging, secure disposal) with these obligations where they apply.
  • SOC 2 — we are not SOC 2 certified today; we are building toward the underlying controls and plan to pursue certification as we grow.
  • Payments — handled by Stripe; we do not store full card numbers.

Sub-processors

We use vetted providers for AI document extraction, cloud hosting, payments, content delivery, and error monitoring. The current list is maintained in our Privacy Policy.

Data deletion

You can request deletion of your data at any time; we remove or de-identify it within 60 days of account termination. See the Privacy Policy for detail.

Reporting a vulnerability

Found a security issue? Please email security@reconcily.ai. We appreciate responsible disclosure and will work with you to resolve valid reports.