We handle sensitive financial data for thousands of businesses. That responsibility drives every architectural decision we make.
Multiple layers of security protect your data at every point — from the browser to the database.
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. API credentials are stored using bcrypt hashing with salted keys.
Primary data storage is in Canada (AWS ca-central-1). Customer data never leaves your jurisdiction without explicit consent.
Granular permissions at the user, team, and entity level. Admin, approver, viewer, and custom roles with audit logging for every action.
Mandatory MFA for all admin accounts. Optional MFA for employees. Support for TOTP, SMS, and hardware security keys.
Scoped API keys with granular permissions. Automatic key rotation. Instant revocation. IP allowlisting for production keys.
Every read, write, and approval is logged with timestamp, IP address, and user identity. Exportable for 7 years.
Independent audits and regulatory compliance that meet enterprise standards.
Independent audit of security, availability, and confidentiality controls.
Highest level of payment card industry data security standard.
Personal Information Protection and Electronic Documents Act compliance.
Information security management system certification scheduled for Q3 2026.
We operate a responsible disclosure program. Report security issues to security@jmoor.com. We respond within 24 hours.
Report a vulnerabilityEnterprise buyers often need detailed security documentation. Our team will complete your questionnaire within 48 hours.