We know the things you store on Fyle - expenses, card spend, and employee data - are vital to your business. That’s why we’re constantly working to ensure security for you and your data. We are SOC 2 Type 1 compliant as of January 3rd, 2022. 

SOC 2 or Service Organization Controls 2 is a robust security framework for any technology service company that handles customer data. It intends to ensure the safety and privacy of users’ data, based on five ‘trust principles’ - Security, Availability, Confidentiality, Processing Integrity, and Privacy. It’s performed by a third-party CPA or accounting agency.

For our customers, Fyle’s SOC 2 compliance means that we ensure enterprise-level security: we have the infrastructure, controls, and processes to protect your data from any unauthorized access, both from within and outside the firm. 

There are two types of SOC 2: Type 1 and Type 2

SOC 2 Type 1 is an audit carried out to measure the suitability of the security controls at a specific point in time.

SOC 2 Type 2 includes the operating effectiveness of controls for a specified period of time.

This certification, which a third-party auditor, Prescient Assurance facilitated, is a standard for how we do business today and in the future. Fyle’s SOC 2 Type 1 audit report is now available to our customers; please reach out to our support for more details. Fyle is currently working on our SOC 2 Type 2 audit. Fyle uses Sprinto to continuously monitor and stay secure and compliant.

We take security seriously 

Fyle ensures multiple levels of data protection and complete security of all your expense, card, and employee data. An external auditor routinely tests all our applications, infrastructure, and security processes for vulnerabilities every 6 months, with industry-standard testing methods.

Here are some of our security measures, in addition to SOC 2. You can read more about them here.  

1. User authorization - When your employees sign up with Fyle, we use Single Sign-on and SAML 2.0 to facilitate the exchange of employee authorization data across secure domains. 
   

2. Role-based access control - As soon as a user is added into Fyle, they’re assigned a unique role. Each of these roles has visibility only into data that pertains to them.
   

3. GDPR compliance - Fyle has been GDPR compliant as of May 25th, 2018. We do not store our EU clients' sensitive and personal information outside of EU allowed regions.
   

4. IP access controls - You have the option to restrict usage based on the IP address in Fyle. 
   

5. Password encryption - All passwords are salted and hashed using the SHA-256 cryptographic function. The original password is never stored at Fyle. 

A secure way of handling business expenses

We integrate data security into everything we do - the way the product is built, how people work, and how we handle customer data. Needless to say, SOC 2 is just one step in our continuous compliance journey. Fyle gives your employees an easy way to track business spend without the headache of worrying about privacy. We'd love to show you around; schedule a demo today!