Security

Data isolation

Every user's data is stored in its own isolated partition using Row Level Security. No other user — and no AXIVO employee — can access your expense records through the application.

Encryption

All data in transit is encrypted with TLS (HTTPS). Data at rest is encrypted on our database provider's infrastructure. API tokens are stored as one-way SHA-256 hashes — we never store or log the original value.

Payment security

Payments are processed by Stripe, a PCI Level 1 certified payment provider. Your card details never touch our servers. We only store your subscription status and Stripe customer ID.

Privacy and GDPR

Nordic EastAsia Group AB is a Swedish company and complies with GDPR. We collect only the data necessary to run the service. We do not use advertising or tracking cookies. You can request access to, correction of, or deletion of your data at any time.

Read our full Privacy Policy for details.

Infrastructure

AXIVO runs on managed cloud infrastructure with automated backups, monitoring, and redundancy. Our authentication layer and database are provided by Supabase, which runs on AWS with SOC 2 Type II compliance.

Questions

If you have security concerns or questions, contact us at support@axivo.app.