YourChaser
Sign Up

Security

Your clients' financial documents are sensitive. Security is built into YourChaser from the ground up — here's how we protect your data.

Last updated: 13 June 2026

Encryption

  • In transit — all traffic is encrypted with TLS 1.2+.
  • At rest — stored data and documents are encrypted using AES-256.

Tenant isolation

YourChaser is multi-tenant by design. Every record is scoped to a firm, and access is enforced at the database layer using PostgreSQL row-level security (RLS). This means a user can only ever read or write data belonging to their own firm and role — isolation is enforced by the database, not just the application.

Access controls

  • Role-based access — granular permissions across app administrators, firm administrators, bookkeepers, and clients.
  • Least privilege — users and internal systems receive only the access they need.
  • Secure authentication — passwords are hashed, and we support email magic-link sign-in.

Auditability

Significant actions are recorded in an audit log, giving firm and app administrators visibility into who did what and when. This supports accountability and helps with investigations if anything looks unusual.

Infrastructure

We build on reputable cloud infrastructure and managed database services that maintain industry-recognised security and availability practices. Our providers operate hardened, monitored environments with physical and network safeguards.

Application security

  • Secure development practices and code review.
  • Dependency monitoring to address known vulnerabilities promptly.
  • Protections against common web application threats.
  • Secrets and credentials kept out of source code and client devices.

Backups and resilience

Data is backed up regularly to support recovery in the event of an incident. We design for resilience so your workflow keeps moving.

Third-party integrations

Connections to platforms such as Xero and Dext use scoped, revocable authorisation. We request only the access required, and you can disconnect an integration at any time.

Responsible disclosure

We welcome reports from security researchers. If you believe you have found a vulnerability, please email security@yourchaser.com with details and steps to reproduce. Please give us a reasonable opportunity to investigate and remediate before any public disclosure, and avoid accessing or modifying data that isn't yours.

Questions

For any security or compliance enquiries, reach us at security@yourchaser.com.