Security & Trust

We protect your invoices. We also protect our own AI.

Fraudsters are getting smarter — some now write fake invoices designed to trick AI software directly, not just a busy employee. Most invoice tools have no defence against this at all. We built one, and it's now patented technology.

Meet the Canary Layer.

Think of it as a second guard standing behind our AI, double-checking its work. Before our system makes a decision on an invoice, the Canary Layer checks the invoice for hidden tricks. After the AI gives its verdict, the Canary Layer checks that verdict too — so a cleverly worded fake invoice can't simply talk its way to "approved."

No security system catches everything, and we won't pretend otherwise. What the Canary Layer does is make these attacks far harder to pull off — and the moment someone tries, it's flagged and recorded, so you know exactly who attempted it.

Two checks, on every single invoice

  • Before the decision — every invoice is screened for hidden instructions designed to manipulate the AI
  • After the decision — every verdict is double-checked for consistency before it ever reaches your team
  • Any attempt to manipulate the system is logged and flagged as a red flag in its own right

Built to keep your business on the right side of the rules.

You shouldn't need a law degree to trust your software. Here's the short version of how we protect your business and your data.

Clear, human-readable decisions

Every result comes with a plain-English reason — not just a score. That's increasingly expected under new AI transparency rules in the UK and EU, and we built for it from day one.

Your data stays yours

Your invoices and supplier information are kept separate from every other customer's data. We follow UK data protection law and only keep what's needed to do the job.

A clean record for your accountant

Every check and every decision is logged automatically, so you have a tidy, tamper-proof record ready to hand to an auditor or accountant whenever you need it.

Kept private. Kept separate. Kept safe.

Every customer's data is fully separated from every other customer's — there's no way for one business to ever see another's invoices or supplier lists. Access to your account is locked down with strong authentication, and sensitive information is encrypted as standard.

In plain terms

  • Your account is fully separated from every other customer
  • Sensitive information is encrypted, not stored in plain text
  • A tamper-proof record of every decision, automatically kept
  • Hosted securely, with UK businesses' data kept in the UK
Ask us anything

Got a security question? Just ask.

We'd rather answer it directly on a call than let a sales page speak for us.