Security - most frequently asked questions

Security - most frequently asked questions

Below, you'll find the answers to the most frequently asked security-related questions:
  1. ApprovalMax is GDPR compliant
  2. ApprovalMax supports Xero OAuth 2.0
  3. ApprovalMax supports QuickBooks Online OAuth 2.0
  4. ApprovalMax supports 2FA via TOTP standard
  5. ApprovalMax is compliant with Xero and Intuit security standards
  6. Here is the ApprovalMax Privacy Policy
  7. Here are the ApprovalMax Terms and Conditions
  8. Here is the ApprovalMax Cookie Policy
  9. Here is how ApprovalMax Data Protection and Data Recovery works
  10. ApprovalMax goes through a 3rd party penetration test once a year.  We do perform regular internal self-assessment in addition to external penetration testing. Details can be shared once an NDA has been signed.
  11. ApprovalMax has a Data Security Policy. Details can be shared once an NDA has been signed.
  12. ApprovalMax has a 98/100 score on the automated security scanning system. Details can be shared once an NDA has been signed.
  13. ApprovalMax does not have SOC Type2, ISO27001 and alike certifications at this point. 
  14. ApprovalMax has a standard incident response plan, it is covered in “ApprovalMax Data Security Management Policy”. Details can be shared once an NDA has been signed.
  15. Here is ApprovalMax password policy. We do perform strong checks and automated check agains the list of compromised passwords. In case of multiple (6) failed login attempts, users are locked out for 30 minutes. 
  16. To increase security, ApprovalMax supports a system logout after 15 minutes of inactivity.
 
For questions related to information security, please refer to our Security Portal.

    • Related Articles

    • Budget Checking feature v1 discontinuation support – frequently asked questions

      Question: What will happen with my data if I don’t upgrade? Answer: On the date of discontinuation, Budget Checking v1 will be deactivated and hidden from the menu. All Budget Checking information will be removed from requests. Question: How can I ...
    • Business continuity

      We back up all our critical assets and regularly attempt to restore the backup to guarantee a fast recovery in case of disaster. All our backups are encrypted. For questions related to information security, please refer to our Security Portal.
    • What happens to the emails sent to orders@approvalmax.com?

      Such emails go to a dead-end mailbox, which gets cleaned up. We are not monitoring such emails. The security rules applicable to the customer data itself are also applied here. For questions related to information security, please refer to our ...
    • Does ApprovalMax support SAML?

      Currently, ApprovalMax does not support SAML. However, we'll consider this for future enhancements. ​ For questions related to information security, please refer to our Security Portal.
    • App security protection

      ApprovalMax uses security headers to protect our users from attacks.  We use security automation capabilities that automatically detect and respond to threats targeting our apps. For questions related to information security, please refer to our ...