Skip to content

SECURITY BY DESIGN

What your auditor asks before approving an ERP.

IntegraDox was built to pass an audit, not survive one. These are the technical guarantees.

Ledger integrity

Each doxaccount journal entry is signed with a hash chain linked to the previous one. Any post-close tampering — modifying an amount, changing a date, deleting a line — breaks the chain and is visible immediately.

Soft-delete by default

Nothing is erased. When a user deletes a record, it is marked inactive but stays recoverable. Your auditor sees the full universe, not just what survived.

Full audit log

Every access, every change, every export is logged with timestamp, user, IP, and user-agent. The log is queryable by admins and exportable for the auditor.

Granular roles

Permissions per module, not per app. A user can have read access to accounting, write to inventory, and restricted posting in banking — all in the same session.

Multi-entity isolation

Each entity operates in its own logical space. A user assigned to entity A cannot read entity B's data, not even with a direct SQL query to the backend.

Auditable exports

XBRL, CSV and OFX straight from the GL — no intermediate transformations. The auditor receives the same data the system uses internally.

Technical stack

CSRF on every POST, prepared statements on every query, Argon2id passwords, rate limiting on sensitive endpoints, upload storage outside the web root, strict security headers (CSP, HSTS, X-Frame, Referrer-Policy).

PRÓXIMO PASO

Your auditor has specific questions?

In the demo we can cover any technical point your IT team or audit firm needs.

Book a demo