Security

Built for finance teams that move money seriously.

Paythos is an accounts-payable workflow platform, and security is its foundation. Every payable is checked, every action is recorded, and every payout account is verified before money moves.

Encryption

TLS 1.3 in transit

All data in transit is encrypted end-to-end.

AES-256 at rest

Database and file storage encrypted at the block level.

Encrypted secrets

API keys and credentials stored in a secrets manager, never in code.

Access control

Role-based access (RBAC)

Admin, approver, and viewer roles with fine-grained permissions.

Multi-factor authentication

MFA enforced for all team accounts.

Session management

Short-lived JWT tokens with automatic refresh and revocation.

Infrastructure

SOC 2 Type II hosting

Hosted on infrastructure with SOC 2 and ISO 27001 certifications.

Isolated environments

Production, staging, and development environments fully separated.

Automated backups

Daily encrypted backups with point-in-time recovery.

Application security

Row-level security

RLS enforces organisation-level data isolation at the database layer.

Idempotent payments

Unique idempotency keys prevent duplicate payment submissions.

Bank-detail change protection

Vendor payout changes are held for verification before any payment is released.

Monitoring & audit

Immutable audit log

Every action (approve, reject, route, pay) is logged with actor, timestamp, and context.

AI anomaly detection

The risk engine flags duplicates and unusual patterns before payments are authorised.

Real-time alerting

Security-relevant events trigger immediate in-app notifications.

Responsible disclosure

Found a vulnerability? We take security reports seriously. Please disclose responsibly and we will work with you to address the issue quickly.

Report a vulnerability