Developed for your security

GetMyInvoices utilizes leading technologies to store data safely and to protect the user's privacy. Our Zero-Knowledge Solution ensures that exclusively you get access to your data.

Secure account creation

Secure account creation

Users create an account with an e-mail address and a secure password. A specific encryption code is created for each account.

Also you can invite your team members easily by e-mail. They then get their own login and can get a restricted user account.

Furthermore you can invite your bookkeeper and grant him read-only access to your account.

Secure account creation

Encryption algorithms

Encryption algorithms

We use AES-256 Bit cryptographic techniques to achieve a maximum in security for your data.

Advanced Encryption Standard, in short AES, is a symmetric cryptographic technique and is used for encryptions of documents and communication links.

PKKDF2 (Password-Based Key Derivation Function 2) is a standardized function, for deriving a password from a key, which can be used in a symmetric procedure.

Leading encryption algorithms

No password access

No password access

Saved passwords are not displayed anywhere. Not even you or your employees are able to see the passwords in GetMyInvoices.

No password access

Transport layer encryption

Transport layer encryption

GetMyInvoices uses SSL to secure the transfer of data between your device and our servers. The connection is also encrypted, which means user names and passwords are transmitted in an encrypted form likewise.

Transport layer encryption

PBKDF2-256 Hashing

PBKDF2-256 Hashing

PBKDF2 is a leading hashing-algorithm to protect the encryption code from attacks.

PBKDF2 (Password-Based Key Derivation Function 2) is a standardized function for derivating a password from a key, which can be used in a symmetric procedure.

PBKDF2-256 Hashing

Complete redundancy

Complete redundancy

GetMyInvoices is designed to eliminate downtime and single point-of-failure.

Complete redundancy

Certified data centers

Certified data centers

Our data centers have all the necessary certifications, including SOC1 report – SSAE 16 and ISAE 3402. Server location for data storage is Germany.

International Service providers we rely on are Amazon Web Services (Location Frankfurt), Google Cloud Platform, Zoho, CloudFlare and Mailgun.

Certified data centers

2-factor-Authentication

2-factor-Authentication

Two-factor-Authentication adds extra security to GetMyInvoices accounts by requiring a second login code before authorizing the user. The second code is provided by the Google Authentificator mobile app.

2-factor-Authentication

Automated backups

Automated backups

Encrypted backups are done on a regular basis to protect you from data loss. The backups are only saved on german servers and retained at several locations.

Automated backups

 

Responsible Disclosure of Security Vulnerabilities

Keeping GetMyInvoices safe for everyone is our top priority. In case you found any security vulnerability, we will appreciate if you let us know about it in a responsible manner. If you discovered a security issue, please send an email at moc.seciovniymtegnull@ytiruces. We will get back to you, analyze the scope of concern and start working on it. Safety is our highest priority, that is why we will consider your request immediately and do our best to reply to you as soon as possible.

We kindly ask you to act in a right way towards the privacy of our users’ data. GetMyInvoices asks you not to publish any information about the potential vulnerability in public channels until we research, understand and reply to your request. Also, we respectfully request you do not share any information that belongs to our customers.

GetMyInvoices does not pay compensation to individuals or companies for identifying possible or confirmed security vulnerability, but we would appreciate if you let us know about it in a right way. Some of the “issues” you may identify are potentially deliberate in order to provide compatibility with older browsers.

Please do not report about the following topics:

  • Logout CSRF
  • Email configuration (SPF, etc.)
  • Missing security headers which do not lead directly to a vulnerability
  • Rate limiting
  • Autocomplete password fields

 

What you can do to increase your data security

Our professional IT security concepts provide a safe transmission and storage of your data. The sole area where we CANNOT guarantee data security, is your terminal device – this is up to you. These actions provide your data security at your Company’s computer:

  • main user & upload-only-user: the main user account is reserved for the company boss, only exceptionally the access data may be shared with selected employees (e.g. the person who is responsible for accounting). All the other employees get Upload-Only-Accounts to upload their documents. Beyond that, they don’t have access to your data.
  • Password protection for your user account: pick a strong password and encourage Upload-Only-Users to do it, too!
    • Expressions that are easily figured out like your company’s name, your favourite coffee or the name of the bureau-dog are generally unsuitable. Better use arbitrary numbers and combinations of letters.
    • Don’t pick the same password that you are using for other online services
    • Don’t store your password on your computer or smartphone  in plain text
  • System password: Do not only protect your user account but also your Company’s computer with a strong password. Only share this password exceptionally with selected employees.
  • Accessibility: Keep your contact information, especially your email-address, always up-to-date, so we can reach you if necessary (e.g. in case you forgot your password)
  • Security Software: Protect your Company’s computer with professional firewall & anti-virus-software from unauthorised access and attacks from the web. Update these on a regular basis!
  • physical security: Laptops should not only on travels, but also in shared office spaces be protected with a Laptop-lock.
  • Problems? Should you have any questions or have mentioned any indications for a data security problem, please contact our Service Team: [email protected]
Top