Security

The infrastructure and measures we use to protect your data.

Giderly processes your receipts, invoices, and expense records on modern cloud technology. Below is a summary of how your data is protected.

Infrastructure

Modern cloud technology

Database and authentication run on Supabase; file storage and AI processing use Google Cloud infrastructure. These platforms operate according to widely adopted industry security practices.

Transport

Encryption in transit

All traffic between your browser or app and our servers is encrypted with HTTPS (TLS). Uploaded document images and form data are sent over secure connections.

Storage

Protection at rest

Expense records and uploaded documents are stored on cloud infrastructure with encrypted storage layers. Only authorized service components can access the data.

Identity

Passwords stored as hashes

User and employee passwords are never stored in plain text. Passwords are hashed with bcrypt; login uses secure comparison. Main accounts use Supabase Auth; employee accounts use a separate identity layer.

Isolation

Company data is separated

Each personal or business account's data is logically separated. One customer's expenses do not mix with another's records. On business accounts, employees only see expenses they uploaded.

Access

Role-based permissions

Owners, authorized users, and employees have different access levels. Employees sign in to their own app, not the management panel. Approval, deletion, and reporting are limited by role.

Continuity

Backups and availability

We rely on our infrastructure providers' backup and disaster recovery processes. System updates are applied in a planned way; critical security patches are prioritized.

For your rights under GDPR/KVKK and data processing details, see our