CashSignal is built for businesses where cash flow accuracy isn't optional, and where the data behind that forecast is some of the most sensitive your business holds. We've architected security as a first-principle, not a feature added later.
Tenant isolation Every customer's data is isolated at the PostgreSQL layer through Row-Level Security (RLS) policies. This means tenant separation is enforced by the database itself, not just by application code. Even in the event of an application-layer bug, the database refuses to return another customer's data.
Sensitive integrations data, bank connections, OAuth tokens for QuickBooks Online, raw transaction history, forecast outputs, is not accessible from the browser at all. These tables can only be read or written through our authenticated backend service, which enforces company membership on every request.
Verified through testing Our access control isn't theoretical. We've verified database isolation through direct anonymous-access testing of every table: zero rows are accessible without authentication, and authenticated access is restricted to the customer's own company data only.
Encryption
Infrastructure
Compliance
Questions about our security posture? Contact security@cashsignal.io.
Founded in 2026
Here are the important security policies and documents which are a part of CashSignal’s compliance program.
Privacy Policy
Policy