Sign Up
Sign Up

Access Control

Effective Date: Dec 21st, 2024

At SpendShift, protecting your account and personal information is a top priority. This Access Control Policy outlines how we manage and limit access to your data to ensure its confidentiality, integrity, and availability. It also explains how you can control access to your account and information.

1. Principles of Access Control

SpendShift follows strict access control principles to protect customer data:

  1. Need-to-Know Basis: Access to your data is granted only to authorized personnel who require it to perform their job duties.

  2. Least Privilege: Employees and systems are granted the minimum access necessary to complete their tasks.

  3. Role-Based Access Control (RBAC): Permissions are assigned based on specific roles within our organization to prevent unauthorized access.

2. How SpendShift Protects Your Data

  • User Authentication

    • Strong Password Requirements: We enforce secure password creation guidelines to protect your account.

    • Multi-Factor Authentication (MFA): We encourage all users to enable MFA for an additional layer of security.

    • Session Timeouts: Accounts automatically log out after a period of inactivity to reduce unauthorized access risks.

  • Employee Access Controls

    • SpendShift employees cannot access your account or personal data without proper authorization.

    • All access is logged and monitored to ensure accountability and detect any unauthorized activity.

  • Data Encryption

    • All customer data is encrypted during transmission (using SSL/TLS) and at rest (using AES-256).

    • Sensitive account details, such as passwords, are stored in a hashed format and cannot be retrieved in plaintext.

  • System Access Monitoring

    • Systems are continuously monitored for unauthorized access attempts.

    • Alerts are triggered for unusual access patterns or anomalies, ensuring a rapid response.

3. Customer Control Over Account Access

  • Account Settings

    • You have full control over your account and data. Features include:

      • Login History: Review when and where your account was accessed.

      • Connected Devices: View and manage all devices currently logged into your account.

      • Access Permissions: Control which third-party apps or integrations can access your SpendShift data.

  • Multi-Factor Authentication (MFA)

    • Enable MFA for your account to add an extra layer of security. This requires a second verification step (e.g., a code sent to your mobile device) to access your account.

  • Account Lock

    • If you suspect unauthorized activity, you can temporarily lock your account by contacting contact@spendshift.io. This prevents all transactions and changes until the issue is resolved.

4. Third-Party Access

SpendShift integrates with trusted third-party services to provide functionality, such as payment processing. These third parties:

  • Only receive the minimum data required to perform their services.

  • Are contractually obligated to comply with data protection and security standards.

  • Undergo regular audits to ensure compliance with our security policies.


You can revoke third-party access at any time through your account settings.

5. Responding to Unauthorized Access

If unauthorized access to your account is detected:

  1. Immediate Notification: We will notify you via email and in-app alerts.

  2. Account Lockdown: Suspicious activity will trigger a temporary lock on your account until verified.

  3. Guided Recovery: Our support team will work with you to secure your account, including resetting your password and enabling MFA.

  4. Forensic Investigation: We will investigate the incident and provide updates on findings and resolutions.

6. Employee Access to Customer Data

SpendShift employees may access customer data only under the following conditions:

  • To respond to customer support requests or resolve technical issues.

  • When required by law or regulation (e.g., subpoenas or court orders).

  • With explicit customer consent for a specific purpose.


All access is logged, monitored, and subject to audit.

7. Your Responsibilities

To help us protect your account, we recommend:

  • Secure Credentials: Use a strong, unique password for your SpendShift account.

  • Enable MFA: Add an extra layer of protection to your account.

  • Monitor Account Activity: Regularly review your login history and transaction records.

  • Report Suspicious Activity: Notify us immediately if you suspect unauthorized access.

8. Compliance and Standards

SpendShift’s access control measures are designed to comply with industry standards and regulations, including:

  • SOC 2: Ensures secure and controlled access to customer data.

  • GDPR (if applicable): Restricts access to personal data according to strict privacy regulations.

  • State and Federal Laws: We comply with all relevant data protection and access control laws in the jurisdictions where we operate.

9. Updates to This Policy

We may update this Access Control Policy periodically to reflect new security practices or regulatory requirements. Significant updates will be communicated through email or in-app notifications.

10. Reporting Issues

If you believe your account has been accessed without authorization or if you have concerns about our access control practices, contact us immediately:


Our team is available to assist and ensure your account remains secure.

11. Contact Us

For questions or additional information about this Access Control Policy, reach out to:

Email: contact@spendshift.io

SpendShift

Easily fund your projects while shopping online.

Resrouces

Engage

About

+1 (206) 522 0161

© 2025. All rights reserved.

Contact

contact@spendshift.io

Blog

Security

Privacy Policy

Terms of Use