Security at Liftline
Liftline moves real money and handles sensitive business and financial data. Protecting that data isn't a feature we bolted on, it's how the platform is built. Here's an overview of the controls we use to keep your information safe.
AES-256-GCM field encryption
MFA on every login
Ledger reconciled daily
Your data is unreadable to anyone but you.
Encrypted in transit and at rest
All traffic is encrypted with TLS, and all stored data is encrypted at rest across our infrastructure.
Field-level encryption on the most sensitive data
Bank account numbers, personal information, and credentials get an additional layer of application-level AES-256-GCM encryption — unreadable even with direct database access.
Kept out of logs
Request logs filter passwords, tokens, personal information, bank account details, and similar sensitive values before anything is written.
Never used to train AI — and never leaves the US
Liftline uses Anthropic's Claude models via their commercial API, under terms that prohibit training on customer data. All customer data is stored and processed in the United States.
Two steps in. One tenant visible. Every session accountable.
Multi-factor authentication, always
Every login requires a second factor — MFA is mandatory, not optional. Login endpoints are rate-limited to block brute-force attempts.
Sessions you can see and revoke
Sessions are server-side records, not client-side tokens — each one can be inspected and revoked individually, and password resets terminate them all immediately.
Strict tenant isolation
Every customer-facing query is scoped to the authenticated tenant, so one customer's data is never reachable from another's account. Role-based permissions gate sensitive actions.
API credentials that can't leak
API keys are displayed once at creation and stored only as SHA-256 hashes. Keys are scoped, rate-limited, and instantly revocable.
Enterprise infrastructure, built to stay up.
Trusted cloud providers
Liftline runs on Heroku (Salesforce) on AWS, with a fully managed PostgreSQL database powered by Crunchy Bridge (Snowflake) — platform and database security patching is handled automatically by dedicated services and teams.
Redundant by default
The platform spans multiple availability zones, and the database runs with a synchronized hot standby and automatic failover — we maintain greater than 99.99% uptime.
Continuous backups
The database is backed up continuously, supporting point-in-time recovery if ever needed.
Private document storage
Documents live in private Amazon S3 buckets, reachable only through signed, unguessable URLs that expire after a short window. Nothing is publicly readable.
Continuous monitoring
Errors and performance are continuously monitored with automatic exception tracking, so anomalies are caught and addressed quickly.
Every penny accounted for.
Every money movement posts balanced entries to a double-entry accounting ledger. Money can never appear or disappear without a matching counterpart.
Immutable entries
Ledger rows are append-only — every correction is a new, balanced transaction, preserving a tamper-evident history.
No card data, ever
Money movement is ACH-based through Moov, a regulated payments provider. Transfers reference provider-side tokens, not raw account details, and payment events are cryptographically verified.
Audited end to end
Durable audit records exist for all API traffic, webhook deliveries, and ledger movements. Admin access is attributed to the acting administrator.
Nothing ships without passing the gauntlet.
Reviewed, tested, analyzed
Every change goes through code review, a comprehensive automated test suite with over 95% line coverage, and static security analysis that catches common vulnerability patterns before code is ever merged.
Patched within days, not months
Every dependency is updated weekly with continuous vulnerability monitoring, so upstream security fixes land within days of release. We run current stable versions across our stack.
Signed webhooks
Outbound webhooks are signed with per-endpoint HMAC-SHA256 secrets using a timestamped signature scheme, so integrations can verify authenticity and reject replays.
APIs that can't overshare
API responses use explicit per-resource field allowlists — adding a database column never exposes new data by accident.
Subprocessors.
Liftline uses a small, deliberate set of infrastructure and service providers. All subprocessor connections are encrypted in transit, and access is scoped to what each service requires.
| Provider | Purpose |
|---|---|
| Heroku (Salesforce) / AWS | Application hosting |
| Crunchy Bridge (Snowflake) | Managed PostgreSQL database |
| Amazon S3 | Document storage (private buckets) |
| Moov | ACH payments and business verification |
| Allianz Trade | Trade credit insurance underwriting |
| Mailgun | Transactional email |
| Sentry | Error and performance monitoring |
| Anthropic | AI — document extraction and risk assessment |
Questions about our security?
We're glad to complete security questionnaires, walk through our architecture, or discuss specific requirements. And if you believe you've found a vulnerability, we want to hear about it.