Security & access

What Fiducio can and cannot access — in plain terms

No bank access

Fiducio never connects to your bank and never sees banking logins or passwords.

No payment processing

Fiducio does not move money or initiate payments. Your team pays as normal — Fiducio only warns first.

Selected mailboxes only

We read only the accounts payable mailboxes you choose to connect — never your whole tenant.

Read-only supplier baseline

Xero access is read-only, used to import the verified payee details we compare against.

Tenant isolation

Every organisation's data is isolated with per-tenant row-level security in Supabase.

Full audit trail

Every alert, decision, and verification is timestamped for your finance team and auditors.

What Fiducio does

Fiducio helps construction and trades SMEs reduce payment fraud risk by monitoring selected payment-risk mailboxes, classifying invoice and payment-related emails, comparing details against verified supplier records, flagging potential fraud, and supporting human verification before payment.

What Fiducio does not require

  • Bank logins, passwords, or live banking access
  • Confidential supplier lists during registration or enquiry forms
  • Full organisation-wide mailbox access

Data handling

Platform data is stored in Supabase with per-organisation isolation and row-level security policies. Customer accounts require sign-in; API routes resolve your organisation from your profile. Contact and contact forms collect only business contact and qualification information — not mailbox credentials.

Least-privilege integrations

Microsoft 365 — access only to customer-selected mailboxes (e.g. accounts@, invoices@). You can disconnect and revoke access from Settings.

Xero — read-only supplier contact and payment fields you authorise for baseline import. You can disconnect at any time; imported suppliers remain in your tenant until you remove them.

Billing — subscription payments are handled by Stripe. We do not store full card numbers on Fiducio servers.

Email and supplier data retention is limited to what is needed for payment-risk assessment, verification workflows, and audit trails.

Known limitations (read before relying on Fiducio)

Fiducio is designed to be narrow and reliable for payment-risk email — not a general security suite. You should understand these limits before connecting live mailboxes:

  • Verified baseline required. Bank-detail mismatch detection needs suppliers marked verified with sort code, full account number, and trusted phone on file.
  • Human verification still required. Fiducio flags risk; your team must confirm bank details by phone or other trusted channel before payment.
  • Selected mailboxes only. We monitor mailboxes you connect — not your entire tenant unless you choose to add them.
  • PDF and attachment limits. Text-based PDFs are supported; scanned image PDFs may not extract reliably without OCR.
  • Not a bank control. Fiducio does not access live banking, initiate payments, or replace your accounting or approval processes.
  • Genuine-domain compromise. If a real supplier mailbox on their genuine domain is compromised, detection is harder — thread history and behavioural signals are limited in early releases.
  • No guarantee of detection. We aim for high-signal alerts on the scenarios we describe; we do not warrant detection of every fraud attempt.

Data minimisation

Fiducio stores only data necessary for payment-risk assessment and audit trails. Sensitive fields such as bank account fragments are encrypted at rest.

Security roadmap

  1. Supabase/Postgres database — in place
  2. Authentication — in place
  3. Row-level security — in place
  4. Tenant isolation — in place
  5. Microsoft 365 integration with encrypted token storage — in place
  6. Multi-factor authentication (MFA)
  7. User-scoped database client (reduce service-role surface)
  8. Immutable audit logs
  9. Data retention controls
  10. Vulnerability scanning
  11. Penetration testing
  12. Cyber Essentials / ISO 27001 direction (later)

You stay in control — disconnect anytime

You can revoke Fiducio's access whenever you want, directly from your own systems as well as from Fiducio:

  • From Fiducio: go to Settings and disconnect Microsoft 365 or Xero. Monitoring stops immediately.
  • From Microsoft 365: an administrator can revoke Fiducio's app access in the Microsoft Entra admin centre (Enterprise applications).
  • From Xero: remove Fiducio under Settings → Connected apps in your Xero organisation.

Disconnecting stops all future access. Suppliers you have already imported remain in your Fiducio tenant until you remove them.

Contact us

If you have concerns about data handling or access scope, contact us via the contact page.

Privacy policy · Terms of use · Data processing agreement · Security