Your Invoice data is yours. Always.

Invoice PDFs contain supplier names, unit prices, and internal spend data you wouldn’t share openly. Onpoint is built so that data stays encrypted, EU-hosted, and used only to deliver your analysis – nothing else.

Built for data you would not share openly

EU-Hosted

All data is stored and processed in EU data centers on Google Cloud. Nothing leaves the EU/EEA.

Encrypted End-to-End

Data encrypted in transit (TLS 1.2+) and at rest (AES-256), with keys managed by Google Cloud KMS.

GDPR Compliant

We act as Data Processor under GDPR. Your data is processed only to deliver your analysis – nothing more.

Never Used for AI Training

Your invoice data is never used to train AI models. Processing is via Google Cloud Vertex AI with enterprise-grade data protection commitments.

Security in detail

Data & Privacy

  • Each account is fully isolated – data is segregated by company ID and access is enforced via database-level security rules. Your invoice data is never shared with other customers.
  • AI processing is performed via Google Cloud Vertex AI with enterprise-grade data protection. Your data is never used to train AI models, and AI inputs and outputs are logged and auditable.
  • You can delete your data at any time and export it in full on request. No third-party data sharing.
  • We act as Data Processor under GDPR. Your invoice data is processed solely to deliver the contracted service – nothing more.

Infrastructure & Encryption

  • All data is stored and processed in EU data centers on Google Cloud (Firestore and Cloud Storage). Nothing is transferred outside the EU/EEA.
  • All traffic is encrypted in transit using TLS 1.2+. All data is encrypted at rest using AES-256.
  • Encryption keys are managed via Google Cloud KMS with automatic key rotation.
  • Google Cloud infrastructure is certified ISO 27001, SOC 2 Type II, and other international standards.

Access Control

  • Role-Based Access Control (RBAC) with the principle of least privilege. No employee has broader access than their role requires.
  • Multi-Factor Authentication (MFA) supported. Single Sign-On (SSO via OIDC/SAML) available for Enterprise customers.
  • All privileged access is restricted and logged. Access is reviewed regularly.

Incident Response & Governance

  • Documented incident response plan in place. GDPR-compliant breach notification within 72 hours.
  • No material security incidents in the past 24 months.
  • Security responsibility is assigned at executive level. Security practices align with ISO 27001 controls, with formal certification planned as the company scales.

Get started - your data stays protected

Upload your first invoices and get a clear spend overview in minutes. No setup. No IT.

Use Onpoint Freesecurity@onpoint.finance