ApprovalMax policies and safety measures for data security

ApprovalMax policies and safety measures for data security

See here where you’ll find the information most frequently asked regarding how ApprovalMax ensures the security and recovery of your data, login and authorisation options as well as some of the ApprovalMax policies.

All the policies and documents related to information security are available in our Trust Center. Here, you can also start your own security review by viewing & downloading the sensitive information that’s stored about you.

How ApprovalMax keeps safe:
  1. Once a year, ApprovalMax goes through a 3rd-party penetration test. Additionally, we perform regular internal self-assessments. Details can be shared once an NDA has been signed
  2. ApprovalMax has a 98/100 score on the automated security scanning system. Details can be shared once an NDA has been signed
  3. ApprovalMax is certified according to ISO 27001:2022 (establish, implement, operate, monitor, review, maintain and continually improve an information security management system)

How ApprovalMax handles data security and recovery:
  1. ApprovalMax is GDPR compliant
  2. This is how ApprovalMax handles Data Protection and Data Recovery
  3. ApprovalMax supports 2FA via the TOTP standard
  4. ApprovalMax supports the system logout after 15 minutes of inactivity
  5. For periodic reauthentication and enhanced system security, ApprovalMax supports a 24-hour token expiration

Available login and authorisation options:
  1. ApprovalMax is compliant with Xero and Intuit security standards
  2. ApprovalMax supports Xero SSO, QuickBooks Online SSO, Google SSO, Microsoft SSO
  3. ApprovalMax supports Xero OAuth 2.0
  4. ApprovalMax supports QuickBooks Online OAuth 2.0

ApprovalMax policies:
  1. Here is the ApprovalMax password policy. We do perform strong checks and automated checks against the list of compromised passwords. In case of multiple (6) failed login attempts, users are locked out for 30 minutes
  2. Here is the ApprovalMax Privacy Policy
  3. Here is the ApprovalMax Cookie Policy
  4. Here is the ApprovalMax Data Retention and Destruction policy
  5. ApprovalMax has a Data Security Policy. Details can be shared once an NDA has been signed
  6. ApprovalMax has a standard incident response plan as per the ApprovalMax Data Security Management Policy. Details can be shared once an NDA has been signed
  7. Here are the ApprovalMax Terms and Conditions in full




    • Related Articles

    • Support of a 24-hour token expiration

      A 24-hour token expiration refers to a security mechanism where authentication tokens, which are generated after successful login or authentication, have a limited lifespan of 24 hours. Once this period elapses, the token becomes invalid and cannot ...

    • Logout on inactivity

      To increase security, ApprovalMax supports a system logout if a user has been inactive for 15 minutes. You can enable this feature in My profile under the Avatar: On the Security tab toggle the status by clicking on . Consequently, the button turns ...

    • Does ApprovalMax support Xero OAuth 2.0?

      Yes, ApprovalMax does support Xero OAuth 2.0. Starting from 31 March 2021, OAuth 1.0 is not longer supported for Public and Partner apps.

    • Does ApprovalMax support SSO?

      At the moment, ApprovalMax supports Google, Microsoft, Xero, Intuit Single Sign-On. For questions related to information security, please refer to our Security Portal.

    • Synchronisation of related Xero data

      ApprovalMax pulls related Xero data such as Contacts/Accounts/Themes etc. every 2 hours. To speed up this process, the Administrator of an Organisation can force the synchronisation manually. To do so, go to either the approval or requester matrix in ...