How is my personal data protected when using Automatic Expense Import?
In order to provide Automatic Expense Import, FreshBooks has partnered with a third party service provider that has been in use by more than 500 financial institutions in the U.S. for over a decade. Your user IDs, passwords, PINs and responses to challenge questions are never logged by FreshBooks, and are kept private and protected by our partner as follows:
Multi-layered hardware and software encryption protect your personal data at all times (256-bit SSL encryption for data in transit, and Triple DES encryption for data at rest in the database). Your data is never stored or displayed in clear text in any database, application or log files. The system is view-only; no one can move any money, or make any trades or transactions. All personal information is hosted at two secure, top-tier global data centers which protect against intrusion attempts.
Controls and Processes
The infrastructure, application, processes and controls used to aggregate your financial institution data are audited regularly and are SAS 70 Type II compliant. This includes security practices, which are audited and approved annually by external CISSP-certified security experts, and architecture, which is regularly upgraded. Routine system integrity checks are performed on firewalls and other network control systems to ensure the safety and accuracy of sensitive information.
The secure hosting environment is provided by Equinix, and is monitored 24 hours a day, 7 days a week. All server access requires multiple levels of authentication, and Cisco ASA-series firewalls prevent unauthorized electronic access to all servers and all secure information.
Note: Automatic Expense Importing is currently only available in North America.
Learn more about FreshBooks’ internal Security Safeguards. If you have any security concerns or questions, feel free to contact us at support[at]freshbooks.com.