Product Features

How Fyle ensures your expense data is secure

August 13, 2021
|
4
Min Read
No items found.

In this Article

Fyle is designed with security in mind. We’re routinely tested, and constantly update our security measures to match industry standards.


User authorization

When your employees sign up with Fyle, we facilitate the exchange of employee authentication and authorization data across secure domains with Single Sign-on (SSO). Fyle uses SAML 2.0 to integrate with popular SSO services like Google, Facebook, Twitter, and LinkedIn.

It allows employees to log in using the single set of login credentials provided by your organization to access multiple applications.

If your organization has the infrastructure for SSO, you can enable support for SSO from Settings → Account → Security.


User authorization in Fyle: SSO


Next, you’ll have to provide two mandatory details: the IDP name, and the SAML metadata file.


SAML configuration in Fyle


Role-based access control

Each user is allocated a unique role as soon as they are added into Fyle. Each of these roles have visibility only into data that pertains to them. For example, a travel agent will only be able to view travel bookings that are assigned to them. Read more about our RBAC functionality here.

Fyle: Role-based access control



GDPR compliance

Fyle has been GDPR compliant as of May 25th, 2018. We do not store any sensitive and personal information of our EU clients outside of EU allowed regions. All third-party services that Fyle uses are also GDPR compliant.


IP access controls

Admin users are privy to almost all of your sensitive data, which can be taken advantage of. Fyle protects your organization against any potential data breaches. You have the option to restrict usage based on the IP address in Fyle. This feature  disables admins from viewing or accessing sensitive data within Fyle outside the corporate network. As admins, you will be able to make requests only from a certain whitelisted IP range for your company.



Fyle: IP access controls


Auditor role

Providing your auditors access to your organization’s sensitive data might be tricky. In Fyle, we have a specific ‘Auditor’ role that comes with restricted access. This allows you to keep your data safe during your auditing process. It enables read-only access to view the payments that are pending, in process or completed. This role can be disabled soon after auditing is done.


Password encryption

All passwords are salted and hashed using SHA-256 cryptographic function. This is a one-way function and the original password is never stored at Fyle. We also encourage the use of strong passwords with a mix of alphabets, numbers and special characters.


Data retention and control

We delete all our customers’ data 30 days after the termination of the contract. Our clients own their data and are free to take backups or export data in standardized formats (CSV, PNG, PDF) at any point of time.


Vulnerability testing

We routinely get our services checked by third-party vendors for any potential risks or susceptibilities every 6 months. They use industry standard Grey Box/Black Box testing and the results are shared on request.


An expense management platform you can rely on


At Fyle, we understand how tedious expense management can be. Additionally, worrying about the security of the platform you’ve brought in to help solve the process is worse. Give your employees an easy way to track and report expenses, while you have complete control over your expenses. Schedule a demo with us today!

Product Features

How Fyle ensures your expense data is secure

August 13, 2021
|
4
Min Read

Fyle is designed with security in mind. We’re routinely tested, and constantly update our security measures to match industry standards.


User authorization

When your employees sign up with Fyle, we facilitate the exchange of employee authentication and authorization data across secure domains with Single Sign-on (SSO). Fyle uses SAML 2.0 to integrate with popular SSO services like Google, Facebook, Twitter, and LinkedIn.

It allows employees to log in using the single set of login credentials provided by your organization to access multiple applications.

If your organization has the infrastructure for SSO, you can enable support for SSO from Settings → Account → Security.


User authorization in Fyle: SSO


Next, you’ll have to provide two mandatory details: the IDP name, and the SAML metadata file.


SAML configuration in Fyle


Role-based access control

Each user is allocated a unique role as soon as they are added into Fyle. Each of these roles have visibility only into data that pertains to them. For example, a travel agent will only be able to view travel bookings that are assigned to them. Read more about our RBAC functionality here.

Fyle: Role-based access control



GDPR compliance

Fyle has been GDPR compliant as of May 25th, 2018. We do not store any sensitive and personal information of our EU clients outside of EU allowed regions. All third-party services that Fyle uses are also GDPR compliant.


IP access controls

Admin users are privy to almost all of your sensitive data, which can be taken advantage of. Fyle protects your organization against any potential data breaches. You have the option to restrict usage based on the IP address in Fyle. This feature  disables admins from viewing or accessing sensitive data within Fyle outside the corporate network. As admins, you will be able to make requests only from a certain whitelisted IP range for your company.



Fyle: IP access controls


Auditor role

Providing your auditors access to your organization’s sensitive data might be tricky. In Fyle, we have a specific ‘Auditor’ role that comes with restricted access. This allows you to keep your data safe during your auditing process. It enables read-only access to view the payments that are pending, in process or completed. This role can be disabled soon after auditing is done.


Password encryption

All passwords are salted and hashed using SHA-256 cryptographic function. This is a one-way function and the original password is never stored at Fyle. We also encourage the use of strong passwords with a mix of alphabets, numbers and special characters.


Data retention and control

We delete all our customers’ data 30 days after the termination of the contract. Our clients own their data and are free to take backups or export data in standardized formats (CSV, PNG, PDF) at any point of time.


Vulnerability testing

We routinely get our services checked by third-party vendors for any potential risks or susceptibilities every 6 months. They use industry standard Grey Box/Black Box testing and the results are shared on request.


An expense management platform you can rely on


At Fyle, we understand how tedious expense management can be. Additionally, worrying about the security of the platform you’ve brought in to help solve the process is worse. Give your employees an easy way to track and report expenses, while you have complete control over your expenses. Schedule a demo with us today!

Effortless expense management for all business spends. Earned time, saved costs, improved productivity, happy employees - achieve it all with a single software.

Stay updated with Fyle by signing up for our newsletter

Thank you! Your subscription has been received!
Oops! Something went wrong while submitting the form.

Close books faster with Fyle.
Schedule a demo now.