Security at Abacus

Keeping your information secure is our #1 priority

We understand the importance of ensuring that sensitive company and personal information is secure. This underpins how we build Abacus and how we select our integration partners.

SSAE 18 / SOC 1 Type II Certified

Abacus has completed the Service Organization Controls (SSAE 18 / SOC 1) examination under Statement on Standards for Attestation Engagements No. 18 (AT-C Section 320), Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, of the AICPA which was performed by an independent auditing firm.

How is Abacus application data secured and stored?

Abacus application data is transmitted over a 256-bit encrypted channel (SSL). All expense data and card transaction details are stored in Amazon RDS and receipt images are stored in Amazon S3. All Abacus application data is backed up and data is stored for a minimum of 7 years. It will always be available for viewing or export either through the application or by contacting us directly.

How is my bank account information secured?

All bank account information is stored in Amazon RDS and encrypted at rest. Account numbers are always encrypted, and decryption is only possible with dedicated hardware in our private network. Bank login information you provide to connect with your Abacus account is stored with Plaid, one of our integration partners, who employ strict security policies for storing and accessing data.

How is my credit card information secured?

Abacus does not store any credit card account or login information within our system. All credit card information is stored with our data integration partners who each have their own security policies. Plaid regularly undergoes both internal and external network penetration tests, third-party code reviews, and PCI re-certification, as well as having completed a SOC 2 report. Their security policy also includes information on how data is accessed and controlled. Finicity holds AICPA SOC 2, Type I and PCI DSS 3.0 regulatory certifications. Their security policy also includes the use of multiple security technologies at the application, network, and database layers.