reconex
PrivacyTerms

Security

We understand that bank statements contain highly sensitive financial information. Here's how we protect your data at every step.

Encryption

  • In transit: All data is transmitted over HTTPS/TLS 1.2+. No unencrypted connections are accepted.
  • At rest: Uploaded files and database records are encrypted using industry-standard AES-256 encryption.
  • Passwords: Stored using bcrypt hashing with salt — we never store plaintext passwords.

Infrastructure

  • Secure hosting: Our servers are hosted on reputable cloud infrastructure with enterprise-grade physical security.
  • Firewalls & access control: Network-level firewalls and strict access controls limit who and what can reach our systems.
  • Regular backups: Automated encrypted backups ensure data can be recovered in the event of an incident.

Access Controls

  • Authentication: JWT-based authentication with secure token management and automatic expiry.
  • Data isolation: Each user's data is strictly isolated. You can only access your own statements and clients.
  • Session management: Active sessions are tracked, and you can view or revoke them at any time.
  • Admin access: Internal access to production data is strictly limited, logged, and only granted on a need-to-know basis.

Data Handling & Deletion

  • Minimal retention: We only keep data for as long as you need it. Delete statements, sessions, or your entire account whenever you choose.
  • Permanent deletion: When you delete data, it is permanently removed from our systems within 30 days (including backups within 90 days).
  • No data mining: Your financial data is never used for advertising, profiling, or any purpose beyond providing you with the Service.

Security Headers & Application Security

  • Security headers: Content-Security-Policy (CSP), X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security (HSTS), and more.
  • CORS protection: Cross-origin requests are restricted to authorized domains only.
  • Request size limits: Upload size limits prevent abuse and denial-of-service attacks.
  • Input validation: All user inputs and file uploads are validated and sanitized server-side.

POPIA Compliance

  • Purpose limitation: We only process your data for the specific purpose of bank statement analysis.
  • Data minimisation: We only collect data that is necessary for the Service to function.
  • Your rights: You have full rights to access, correct, delete, and export your data. See our Privacy Policy for details.
  • Information Regulator: You can lodge complaints with the South African Information Regulator if you believe your rights have been infringed.

Report a Security Concern

If you discover a security vulnerability or have concerns about the security of your data, please contact us immediately at support@reconex.co.za. We take all reports seriously and will respond within 24 hours.

← Back to Reconex