Trust & Security
How Better Invoice protects your data, in terms a business owner can follow and a security team can verify.
Last updated: June 17, 2026 · Contact: [email protected]
In plain terms. This is a clear, honest account of our security posture: the controls we have in place, the data we access from ConnectWise, and where that data lives. Better Invoice hosts exclusively on SOC 2 Type II–certified infrastructure and maps its controls to the SOC 2 Common Criteria, as detailed below.
The short version
Better Invoice turns your ConnectWise data into branded invoices. That means we handle business records and some personal data, such as your staff’s names and email addresses and the contents of invoices. We treat that data carefully: each customer’s data is cryptographically isolated at the database layer, sensitive credentials are encrypted with AES‑256, access requires single sign-on through your existing Google or Microsoft identity, and everything runs exclusively on SOC 2 Type II–certified infrastructure.
How we protect your data
Your data is isolated from every other customer. Better Invoice is multi-tenant, but tenants are separated using PostgreSQL Row-Level Security — isolation is enforced by the database engine itself, not just by application code. One customer’s data cannot be returned to another, even in the event of an application bug.
Sensitive credentials are encrypted. Integration credentials (such as your ConnectWise API keys) are encrypted at rest using AES‑256‑GCM, an authenticated-encryption standard. All traffic to and from the application is encrypted in transit over TLS.
Traffic is filtered at the edge. Every request passes through a web application firewall and a reverse proxy before it reaches the application. These screen out common attacks and absorb malicious traffic, authentication and API endpoints are rate-limited, and our internal services are never exposed directly to the internet.
Access uses your existing identity provider. Sign-in is via Google or Microsoft single sign-on, or a one-time email code — there are no passwords for us to store or leak. Your organization’s existing MFA and access policies apply automatically. Sessions are protected by cookies that are inaccessible to client-side scripts and only transmitted over encrypted connections, and privileged support access is time-limited.
Sensitive actions are logged. We maintain an append-only audit log of sensitive administrative actions — including configuration changes, billing changes, and any administrative access to a customer account — recording who acted, what changed, and the source IP address.
We monitor the application continuously. Errors and performance are tracked through distributed tracing and error monitoring, so issues are surfaced quickly.
We don’t store payment cards. Card data is handled entirely by Stripe; Better Invoice never stores or transmits card numbers.
What we access from ConnectWise
Better Invoice reads from your ConnectWise PSA only what it needs to reconstruct and render invoices.
What we access and process:
- Invoice metadata — number, dates, type, status, PO/account references, totals and tax
- Invoice line items — product descriptions, quantities, unit and extended prices
- Time and expense entries — including staff names, hours, rates, amounts, and the work descriptions that appear on the invoice
- Company and address details — customer, bill-to, ship-to and remit-to names, addresses, and business tax IDs (e.g. GST number)
- Staff (member) records — names and email addresses, used to match sign-ins and apply access
What we keep, and for how long:
- Public invoice rendering fetches invoice data live from ConnectWise each time and stores only usage metadata (which invoice was rendered, when, and its total) — not the invoice content itself.
- The review feature, when used, stores the reconstructed invoice in our encrypted, tenant-isolated database so reviewers can work without repeated calls to ConnectWise. Please contact us to disable this on your tenant if necessary.
- Staff records are synced for sign-in and settings.
- Raw ConnectWise API responses are cached for short periods of time for performance reasons only.
- Operational logs (usage and audit) are retained for a limited period of 90 days.
Controls mapped to SOC 2 (Common Criteria)
The mapping below is our own self-assessment against the SOC 2 Common Criteria; it has not been independently audited. We map to the technical criteria (CC6–CC9) we have implemented.
| Control area | What we do | SOC 2 area |
|---|---|---|
| Tenant isolation | Database-enforced row-level isolation per customer | CC6.1 |
| Authentication | Google/Microsoft SSO + email one-time code; no stored passwords; customer MFA applies | CC6.1 |
| Authorization | Role-based access control on protected operations | CC6.3 |
| Encryption at rest | AES‑256‑GCM for sensitive credentials; provider-encrypted storage | CC6.1 |
| Encryption in transit | TLS for all external traffic; HTTPS enforced on integrations | CC6.7 |
| Privileged access | Restricted, time-limited admin access; recorded in the audit log | CC6.2 |
| Audit logging | Append-only log of sensitive actions with actor and source IP | CC7.2 |
| Edge protection | Web application firewall and reverse proxy screening inbound traffic | CC6.6 |
| Rate limiting | Edge rate limiting on authentication and API endpoints | CC6.6 |
| Monitoring | Distributed tracing + error/exception tracking | CC7.1 |
| Application security | Parameterized queries (SQLi), output escaping (XSS), redirect allow-listing, CORS origin allow-list; internal services not exposed to the internet | CC6.1, CC7.1 |
| Change management | Version-controlled, automated deploys and database migrations | CC8.1 |
| Vendor management | All sub-processors are SOC 2 Type II (see below) | CC9.2 |
Where your data lives
Better Invoice runs entirely on established, independently audited cloud providers; we do not operate our own servers. Every sub-processor that handles customer data is listed here, and each is SOC 2 compliant:
| Sub-processor | Role | Compliance |
|---|---|---|
| Railway | Application & database hosting | SOC 2 Type II |
| Cloudflare | TLS, CDN, edge/network protection | SOC 2 Type II, ISO 27001 |
| Stripe | Payment processing | SOC 2 Type II, PCI‑DSS L1 |
| Mailgun | Transactional email | SOC 2 Type II |
| PostHog | Product analytics & error tracking | SOC 2 Type II |
Working with us on security
We support your vendor review process and can provide a completed security questionnaire, a Data Processing Agreement (DPA), and answers to specific questions. Contact [email protected].