ApprovalMax policies and safety measures for data security
See here where you’ll
find the information most frequently asked regarding how ApprovalMax ensures the
security and recovery of your data, login and authorisation options as well as some
of the ApprovalMax policies.
All the policies and
documents related to information security are available in our Trust Center.
Here, you can also start your own security review by viewing & downloading the
sensitive information that’s stored about you.
How ApprovalMax keeps safe:
- Once a year, ApprovalMax goes through a 3rd-party
penetration test. Additionally, we perform regular internal
self-assessments. Details can be shared once an NDA has been signed
- ApprovalMax has a 98/100 score on the
automated security scanning system. Details can be shared once an NDA has
been signed
- ApprovalMax is certified according to ISO
27001:2022 (establish, implement,
operate, monitor, review, maintain and continually improve an information
security management system)
Related Articles
Support of a 24-hour token expiration
A 24-hour token expiration refers to a security mechanism where authentication tokens, which are generated after successful login or authentication, have a limited lifespan of 24 hours. Once this period elapses, the token becomes invalid and cannot ...
Logout on inactivity
To increase security, ApprovalMax supports a system logout if a user has been inactive for 15 minutes. You can enable this feature in My profile under the Avatar: On the Security tab toggle the status by clicking on . Consequently, the button turns ...
Does ApprovalMax support Xero OAuth 2.0?
Yes, ApprovalMax does support Xero OAuth 2.0. Starting from 31 March 2021, OAuth 1.0 is not longer supported for Public and Partner apps.
Does ApprovalMax support SSO?
At the moment, ApprovalMax supports Google, Microsoft, Xero, Intuit Single Sign-On. For questions related to information security, please refer to our Security Portal.
Synchronisation of related Xero data
ApprovalMax pulls related Xero data such as Contacts/Accounts/Themes etc. every 2 hours. To speed up this process, the Administrator of an Organisation can force the synchronisation manually. To do so, go to either the approval or requester matrix in ...