ApprovalMax | Security And Privacy

Security and Privacy
Logout on inactivity
To increase security, ApprovalMax supports a system logout if a user has been inactive for 15 minutes. You can enable this feature in "My profile" under the Avatar: Just toggle the status by clicking on . Consequently, the button turns green and the ...
What happens to the emails sent to orders@approvalmax.com?
Such emails go to a dead-end mailbox, which gets cleaned up. We are not monitoring such emails. The security rules applicable to the customer data itself are also applied here.
Does ApprovalMax have an incident response procedure?
Yes, we do have a standard incident response plan, it is covered in our “ApprovalMax Data Security Management Policy” that can be shared when an NDA has been signed. Please request this by contacting our Customer Success team.
Does the uploaded information get backed up? Are there clear procedures in place in case we need to obtain a backup?
All information you upload in our app is stored in a database in a secure data centre of Microsoft Azure in Ireland (EU), with a backup site in the Netherlands (EU). ApprovalMax utilises the built-in Microsoft Azure backup service and performs two ...
Are the activities performed by users logged and are they accessible if necessary?
We do have logs, but we do not share them with our customers.
Does ApprovalMax perform regular self-assessments based on international security practices?
We do go through 3rd party penetration testing every year, and perform regular internal self-assessment in addition to the external penetration testing.
Does ApprovalMax have security and privacy accreditation? (SOC Type2, ISO27001, etc.)
We do not have any such certifications (SOC Type2, ISO27001 and the likes) at the moment. However, we do go through a 3rd party penetration testing every year.
Does ApprovalMax support SAML?
Currently, ApprovalMax does not support SAML. However, we'll consider this for future enhancements. In the meantime, you're welcome to contact our Customer Success team with any questions you might have.
Security - most frequently asked questions
Below, you'll find the answers to the most frequently asked security-related questions: ApprovalMax is GDPR compliant ApprovalMax supports Xero SSO, QuickBooks Online SSO, Google SSO ApprovalMax supports Xero OAuth 2.0 ApprovalMax supports QuickBooks ...
Data Protection and Data Recovery
Data Protection ApprovalMax processes personal data as both a Data Controller and Data Processor, as defined in the Directive and the General Data Protection Regulation (GDPR). We are a Data Controller with regard to the client information we process ...
Supported browsers
ApprovalMax supports the following browsers: Chrome (the latest two versions) Firefox (the latest two versions) Safari (11 or later) Microsoft Edge (the latest two versions) Opera (the latest two versions) As the major functionality updates for ...
Restrictions for file upload
There are some restrictions in place for adding attachments to comments. Here are the basic rules for attaching documents in the comment section of a request: · File extensions: any - except .exe, .com, .iso, .dex, .crx, .dmg, .ps1, .msi, ...
Does ApprovalMax support SSO?
At the moment, we only support Google, Xero and Intuit Single Sign-On. We currently do not support Okta, Azure or Office365 SSO. However, we are considering Okta and Azure SSO for development but cannot commit to a time frame right ...
What data will ApprovalMax keep after the termination of a trial or a contract?
Upon termination, all of Your Data retained by ApprovalMax in the system database files shall be made available to you for a period of one year after the date of termination. Thereafter, all of Your Data retained by ApprovalMax in the system database ...
What happens to the customer-owned data?
You are the owner of all data input provided by you and all your output (collectively “Your Data”). ApprovalMax does make backup copies of Your Data. ApprovalMax may store and maintain Your Data for such period of time as it deems necessary. You ...
User login lockout policy
Users are locked out if they make multiple (6) failed login attempts. This is done to prevent the brute forcing of user passwords. Users will be able to retry logging in after 30 minutes. Other sessions (in the mobile app) will not be interrupted. ...
Password policy
Having a strong password is an important part of protecting your information. Use 8 or more characters Use upper and lower case letters (e.g. Aa) Use a number (e.g. 1234) Use a special character/symbol (e.g. !@#$) Different from your other passwords ...
Where is the data stored?
All processing of customer data takes place in EU-based Microsoft Azure cloud centres in Ireland and the Netherlands. ApprovalMax guarantees that there is no cross-border data transfer and that all data is safely handled within the EU. All data is ...
SSL usage
Yes, SSL is used for both the web app and API.
Who has access to approval requests?
The security logics in ApprovalMax restrict the access to approval requests. Any particular request can only be seen by: The Requester (the person who created the request) The Approvers who make an approval decision for the request The Organisation's ...

Popular Articles
Roles in ApprovalMax
There are two types of roles in ApprovalMax: Organisation-based roles and Request-based roles. A user in ApprovalMax can have one Organisation-based role and at the same time be assigned to several Request-based roles. In this case, the authorities ...
Budget management
We are currently working on a feature to allow checking Bills and Purchase Orders against the budgets that can be pulled from Xero. The Beta version is already available, so please contact us if you’d be interested in giving it a try. Once the ...
Support Policy
Within the trial or subscription period feel free to contact us and our Customer Support team will be happy to help you. When signing up for an ApprovalMax subscription, you automatically get access to our Standard Support service. Approved Partner ...
Can I approve QuickBooks Online Bills?
Yes. You can now create bills in ApprovalMax, route them through a multi-step approval workflow and then push them to QuickBooks Online on approval completion.
Approval conditions
In any approval step, there can be multiple Approvers. If this is the case, you can specify how such a request should be handled. For this, you can choose between two approval conditions: “All” and “Any of”. They determine how many of the Approvers ...

ApprovalMax | Security And Privacy | Knowledge Base

Security and Privacy

Logout on inactivity

What happens to the emails sent to orders@approvalmax.com?

Does ApprovalMax have an incident response procedure?

Does the uploaded information get backed up? Are there clear procedures in place in case we need to obtain a backup?

Are the activities performed by users logged and are they accessible if necessary?

Does ApprovalMax perform regular self-assessments based on international security practices?

Does ApprovalMax have security and privacy accreditation? (SOC Type2, ISO27001, etc.)

Does ApprovalMax support SAML?

Security - most frequently asked questions

Data Protection and Data Recovery

Supported browsers

Restrictions for file upload

Does ApprovalMax support SSO?

What data will ApprovalMax keep after the termination of a trial or a contract?

What happens to the customer-owned data?

User login lockout policy

Password policy

Where is the data stored?

SSL usage

Who has access to approval requests?

Popular Articles

Roles in ApprovalMax

Budget management

Support Policy

Can I approve QuickBooks Online Bills?

Approval conditions