Book a demo
Trust & security

Security and privacy aren't features. They're the floor.

Eline reads your finance data. We treat that responsibility with the seriousness it deserves — every architectural decision starts from here.

Connects with what you already use

#4285F4#0A66C2#1877F2#FF7A59#00A1E0#2CA01C#FF9F40#635BFF#EA4335#4A154B#0F0F0F#7856FFView+7 more

Encryption at rest

AES-256

In transit

TLS 1.3

Compliance

SOC 2 Type II — in progress

Architecture

100% read-only OAuth

1 · Data security

Where your data lives, who can touch it, and what we do if something goes wrong.

Encryption

AES-256 at rest with per-organization encryption keys stored in AWS KMS. TLS 1.3 in transit (no TLS 1.2 or below accepted). All connector tokens encrypted with envelope encryption — service-role compromise cannot decrypt customer tokens without KMS access.

Where it lives

Postgres on AWS us-east-1. Supabase as the managed Postgres host (SOC 2 Type II certified). No customer data in non-US regions. EU residency available for enterprise contracts.

Access controls

Two Eline employees have production database access (founder + lead engineer). All access is via short-lived SSO tokens, logged to an immutable audit log, and reviewed monthly. No long-lived service accounts.

Audit logging

Every database write — yours and ours — emits an event to an append-only log retained 7 years. Available for SIEM export on request. The forensic chain of custody an external auditor can re-walk later.

Vulnerability disclosure

Email security@eline.app with the issue. We acknowledge within 24 hours, triage within 72, and credit the discoverer in our security changelog if they want it. No bounty program yet — we’re early; we negotiate case-by-case.

Annual third-party pentest

External security firm runs a full-stack penetration test annually. Summary available under NDA. Critical findings are remediated within 30 days; high findings within 60.

2 · Email integration

The most-asked-about scope. Here’s exactly what Eline does — and doesn’t do — with your inbox.

What Eline reads

  • https://www.googleapis.com/auth/gmail.readonly — Gmail / Google Workspace
  • Mail.Read — Microsoft Outlook (planned)
  • Sender + subject + attachments for messages matching configured invoice patterns (vendor sender domains, subjects containing “invoice” / “receipt” / “payment due”, attached PDFs).
  • Body content of those matched messages is parsed for amount + due date + vendor — and discarded after the normalized record is written.

What Eline does not read

  • Anything not matching the invoice-pattern filter — the read is filtered server-side at the connector boundary.
  • Messages flagged personal / not-business by the user.
  • Calendar, contacts, drive, or any other Google/Microsoft scope. Eline asks for the gmail.readonly scope only.
  • Sent mail — the read operates on inbox-only labels.
  • Ever, under any circumstance, the body of a message that fails the pattern filter.

Revocation: revoke Eline’s access from Google Account → Security → Third-party access, or from /app/connections inside Eline. Revocation is immediate; we can no longer call the Gmail API on your behalf within ~5 minutes (Google’s token cache TTL).

Cancellation: all matched-message snapshots are deleted within 30 days of subscription cancellation. The normalized invoice records remain available for export during the 30-day read-only window.

3 · Compliance

Where the paperwork is.

SOC 2 Type II — in progress

Targeting Q3 2026. Type I report available now under NDA. Auditor: a Big-4 accounting firm we’ll name once the engagement closes.

GDPR + CCPA

GDPR Article 28 Data Processing Agreement available on request — emailable as PDF. CCPA disclosures published below. DPA is signable as-is or red-lineable for enterprise contracts.

Sub-processors

AWS (us-east-1, infrastructure), Supabase (managed Postgres), Resend (transactional email), Anthropic (the agent layer, opt-in only). Notified 30 days before any addition.

Data retention + deletion

Live data: 36 months. Audit log: 7 years (SOX). Cancellation: 30 days read-only, 90 days archived, then deleted. Right-to-erasure honored within 30 days of request.

Email security@eline.app to request the SOC 2 Type I report (under NDA), the DPA template, the sub-processor list, the penetration test summary, the information security policy, or the incident response plan. Most return same-day.

4 · Read-only architecture

Data flows in. We write only to our own audit log.

Step 1

Source systems

OAuth-scoped read on every connector. Tokens encrypted at rest.

#0A66C2#4285F4#FF7A59#2CA01C#EA4335#FF9F40
Step 2

Reconciliation engine

Three-way match: source platform · accounting · CRM. Mismatches surface as decisions.

↳ Normalize to canonical shape

↳ Three-way reconcile

↳ Audit-log every event (7y)

Step 3

Aligned dashboards

Both leaders see the same numbers. Every cell drillable to the source row.

  • CFO · variance + recon
  • CMO · TRUE COST loaded
  • Unified · joint review
Read-only on your source systems · audit log retained 7 yearsNo HTTP method other than GET against any source-system API.

The auditor proof

Network logs from our application servers can be replayed end to end. There is no path that issues a HTTP method other than GET against any source system’s API. Our pen-test partner confirms this annually as part of the standard report.

Email for the architecture diagram

Security contact

security@eline.app

One inbox for incidents, vulnerability disclosures, document requests, and architecture deep-dives. Acknowledged within 24 hours. Read by a human.