Skip to main content
SkipEntry

Security & Privacy

Your invoice data is financial data. We treat it that way. Here is how SkipEntry protects your information at every layer.

SOC 2-aligned controls

SkipEntry is built with SOC 2 controls in mind. Our infrastructure, access controls, and data handling processes follow SOC 2 Trust Services Criteria for security, availability, and confidentiality. We use role-based access, audit logging, and separation of duties across our systems.

Encryption at rest and in transit

All data is encrypted at rest using AES-256 via Supabase's managed PostgreSQL database. All connections use TLS 1.2+ encryption in transit. HSTS headers are enforced across the entire application to prevent protocol downgrade attacks.

You control your data

Invoices are processed by AI and the extracted data is stored in your account. You control what stays and what gets deleted. There is no hidden data retention beyond what you see in your dashboard. Delete an invoice and the data is removed.

Row-level security

Every database table uses Supabase Row-Level Security (RLS). This means database queries are filtered at the PostgreSQL level — users can only access data that belongs to their account. Even if application code had a bug, the database itself enforces isolation between accounts.

Authentication

Authentication is handled by Supabase Auth with email and magic link sign-in. Passwords are hashed with bcrypt. Session tokens are short-lived and stored in secure, HTTP-only cookies. There are no shared accounts or default credentials.

HTTPS everywhere

All traffic to skipentry.com is served over HTTPS with TLS certificates managed by Vercel. HTTP Strict Transport Security (HSTS) headers are set to prevent downgrade attacks. All API endpoints, webhooks, and integrations use encrypted connections.

No training on your data

SkipEntry uses the Anthropic Claude API for invoice extraction. Per Anthropic's API terms, data sent through the API is not used to train AI models. Your invoice content is processed, extracted, and never fed back into model training. Your financial data stays yours.

PCI-compliant billing

All payment processing is handled by Stripe, a PCI Level 1 certified payment processor. SkipEntry never sees, stores, or processes credit card numbers. Card data goes directly from your browser to Stripe's servers.

Security summary

  • AES-256 encryption at rest, TLS 1.2+ in transit
  • Row-level security on every database table
  • SOC 2-aligned infrastructure and access controls
  • No AI training on customer data
  • PCI Level 1 compliant billing via Stripe
  • HTTPS and HSTS enforced on all endpoints

Security questions or concerns? support@skipentry.com

Try SkipEntry free

100 pages free. No credit card required.