Security
Controls for sensitive AP records.
The upload path is for sensitive financial records, so the public process is intentionally conservative: exported files first, customer-approved outreach, and explicit retention or deletion terms in the engagement.
- Use exported files for the initial scan; accounting-system credentials are not required to start.
- Vendor contact does not begin automatically. Customer approval is required before outreach.
- If your company requires an NDA, DPA, retention schedule, or security review before uploading AP records, book a review first.
Data handling commitments on the public process
- Collect only the records needed to review AP recovery opportunities: invoices, exports, payment reports, contracts, statements, rate sheets, POs, and supporting notes.
- Use uploaded records to evaluate recovery findings, prepare claim evidence, and coordinate customer-approved recovery actions.
- Provide deletion handling through written request when the scan or engagement is no longer needed, subject to legal, accounting, or dispute-preservation obligations.
- Security questionnaires, fixed retention windows, and formal compliance terms can be handled before upload through the customer agreement or security review.
What we do not do from the upload form
- No automatic vendor outreach.
- No required connection to your accounting system for the first scan.
- No claim submission without customer review.
- No recovery fee when no recoverable value is confirmed under the agreed terms.