Credentials protected in Stripe Secret Store
InvoiceXpress credentials are validated and stored with Stripe-managed encryption.
Security and Compliance
LusoInvoice is designed to protect operational data, reduce workflow risk, and support compliance requirements in invoicing operations.
Core technical controls
Webhook signature verification
Incoming requests validate Stripe Signature to ensure source authenticity.
Idempotency and duplicate prevention
The platform prevents repeated document creation for the same payment event.
Tenant isolation by account
Every record is scoped by Account ID with Row Level Security enabled in the data layer.
Synchronization logs for auditability
Relevant events are logged with status, timestamps, and generated document IDs.
Least-privilege access model
The app uses only the permissions required to sync payments and issue documents.
Compliance and data protection
- Data processing is restricted to invoicing operations, with no third-party marketing usage.
- Data sharing is limited to essential processors: Stripe, InvoiceXpress, and Supabase.
- Retention and deletion policies are documented in the Privacy Policy.
- Data subject rights are supported under GDPR (access, rectification, deletion, objection, portability).
Recommended customer practices
- Use API keys with periodic rotation and internal access controls.
- Validate tax and sequence settings before enabling automatic synchronization.
- Monitor sync alerts and review logs whenever operational errors occur.
- Restrict Stripe Dashboard access by role and enforce multi-factor authentication.
Need to validate internal requirements?
Our support team can help map technical, tax, and audit requirements to your integration workflow.