Security

All communication between your browser and our servers is protected using industry-standard encryption protocols, ensuring your data cannot be intercepted or read by third parties.

We protect every account with multiple security layers to prevent unauthorized access to your payment history and personal information.

• Bcrypt Password Hashing — Passwords are never stored in plain text. We use secure one-way hashing with salt.
• Session Management — Secure session tokens expire automatically after inactivity and on logout.
• Login Attempt Limits — Brute force protection locks accounts after repeated failed login attempts.
• Email Alerts — Automatic notifications are sent for logins from new devices or suspicious activity.

Our platform is hosted on secured, enterprise-grade infrastructure with multiple redundancy and protection layers in place.

• Firewall Protection — Web application firewall (WAF) blocks malicious traffic and SQL injection attempts.
• DDoS Protection — Rate limiting and traffic analysis protect the platform from denial-of-service attacks.
• Daily Backups — All data is backed up daily and stored in geographically separate locations.
• Regular Updates — Server software and dependencies are patched and updated regularly to prevent vulnerabilities.

Access to customer data within our organization is tightly controlled. We follow the principle of least privilege — staff only access what they need to do their job.

• Role-based access controls (RBAC) enforce strict data access boundaries between admin, executive, and customer roles.
• All admin access is logged with timestamps, IP address, and action taken for audit purposes.
• Executives can only view requests assigned specifically to them — not the full customer database.

Security is a shared responsibility. Here's how you can protect your own account and data when using BillSync.

• Use a strong, unique password — at least 8 characters with a mix of letters, numbers, and symbols.
• Never share your account credentials, OTP codes, or session links with anyone.
• Always log out of your account when using a shared or public device.
• Beware of phishing emails — BillSync will never ask for your password via email or phone.
• Keep your device's operating system and browser updated to the latest versions.

We take security reports seriously. If you discover a vulnerability or potential security issue in BillSync, please report it responsibly and we will investigate immediately.