Security built into how Sendlum handles your data.

Company data is scoped, encrypted, and logged by design — and nothing from a connected integration becomes real spend data without a human confirming it first.

Role-based access control

Sendlum has 8 distinct roles, and every user is scoped to exactly what their role needs — nothing more. Someone in Employee never sees the same surface as Finance & Ops, and IT & Procurement never sees the same surface as a CFO.

Company data isolation

Every company’s data is fully isolated. Access is scoped at the database level by organization, so there is no path for one company to see another company’s subscriptions, invoices, or spend data.

Audit logs

Every sensitive action is logged — who did what, and when. Approvals, role changes, disconnections, and confirmations all leave a record finance and IT can review.

Encrypted tokens

Integration credentials and session tokens are never stored in plaintext. Everything issued by your bank, inbox, or accounting provider is encrypted at rest.

Integration permissions

Companies control exactly which data sources are connected — bank, Gmail/Outlook, QuickBooks/Xero, or a custom connector — and can disconnect any of them at any time.

Discovery Inbox as a trust boundary

Nothing from an integration is ever auto-created as real spend data. Every detected subscription, charge, or renewal lands in the Discovery Inbox as a suggestion until a human confirms it.

Questions about security?

Talk to us about how Sendlum fits your company's security and compliance requirements.