Koala Invoices Logo
Log inSign up free

Security Policy

Last updated: May 15, 2025

At Koala Invoices, we take the security of your data seriously. This Security Policy outlines the measures we take to protect your information and ensure the reliability of our services.

Data Protection

We implement a variety of security measures to maintain the safety of your personal information:

  • All sensitive data is encrypted using industry-standard encryption protocols (AES-256).
  • We use Transport Layer Security (TLS) to encrypt data in transit.
  • We store data in secure, SOC 2 compliant data centers with multiple layers of physical and electronic security controls.
  • Access to your data by our personnel is restricted, monitored, and logged.
  • Regular security assessments and penetration testing are conducted to identify and address potential vulnerabilities.

Authentication and Access

We employ the following authentication and access controls:

  • Strong password requirements with secure password hashing.
  • Two-factor authentication (2FA) is available and recommended for all accounts.
  • Automatic session timeouts after periods of inactivity.
  • Role-based access controls to ensure users only have access to the data they need.
  • Detailed access logs are maintained for audit purposes.

Infrastructure Security

Our infrastructure is designed with security as a priority:

  • Network security is maintained using firewalls, intrusion detection systems, and regular vulnerability scanning.
  • We maintain separate environments for development, testing, and production.
  • Regular security patching of all systems and components.
  • Distributed Denial of Service (DDoS) protection is in place to ensure service availability.
  • Continuous monitoring for unusual or suspicious activities.

Disaster Recovery and Business Continuity

We have comprehensive disaster recovery and business continuity plans to ensure your data remains safe and our services remain available:

  • Automated backups are performed regularly and stored in geographically separate locations.
  • We maintain a recovery time objective (RTO) of less than 4 hours for critical systems.
  • Backup restoration procedures are tested regularly to ensure reliability.
  • Multiple redundant systems are employed to prevent single points of failure.

Employee Security

Our security measures extend to our internal practices:

  • All employees undergo background checks before joining our team.
  • Regular security awareness training is mandatory for all staff.
  • Strict confidentiality agreements are in place.
  • We follow the principle of least privilege for system access.
  • Termination procedures include immediate revocation of access to all systems.

Compliance

We maintain compliance with relevant standards and regulations:

  • SOC 2 Type II certification for security, availability, and confidentiality.
  • GDPR compliance for the protection of personal data.
  • PCI DSS compliance for payment processing.
  • Regular third-party security audits and assessments.

Security Incident Response

In the event of a security incident, we have established procedures to:

  • Quickly identify and contain the incident.
  • Investigate the root cause and impact.
  • Notify affected users in accordance with applicable regulations.
  • Implement measures to prevent similar incidents in the future.

Vulnerability Reporting

We welcome security researchers to report any vulnerabilities they discover in our systems. To report a security issue, please email security@koalainvoices.com with the details of your findings.

Updates to This Security Policy

We may update this Security Policy from time to time to reflect changes in our security practices. We will notify users of any material changes to this policy.

Contact Us

If you have any questions about our security practices, please contact us at:

Email: security@koalainvoices.com
Address: 123 Koala Street, Suite 456, Eucalyptus City, CA 94321