Back to Home

Security & Compliance

How we protect your data and maintain regulatory compliance

Our Security Commitment

Consultare is built with security at its core. As a SAP Gold Partner handling sensitive business data and financial information through BLISS (Bank Ledger Integration Suite), we maintain enterprise-grade security standards across every layer of our platform. Our security program is designed to protect the confidentiality, integrity, and availability of your data.

BLISS Integration Security

Our BLISS integration follows the strictest security protocols required for financial data handling. Here is how we keep your financial data safe:

Credential Isolation

Bank credentials are transmitted directly through BLISS's secure connection module. Consultare never sees, stores, or processes your bank login credentials. Authentication is handled entirely through tokenized access via secure banking APIs.

Token-Based Access

BLISS uses secure access tokens to retrieve authorized financial data. Tokens are encrypted at rest using AES-256 and are scoped to only the data categories you explicitly authorize. Tokens can be revoked at any time.

Data Minimization

BLISS only requests the banking permissions necessary for your SAP Business One integration. Available data scopes include: Transactions, Auth, Balance, Identity, and Investments. You control which scopes are authorized.

BLISS Compliance

  • BLISS is SOC 2 Type II certified
  • BLISS undergoes annual third-party security audits
  • BLISS is compliant with GLBA, CCPA, and GDPR
  • All BLISS API communications use TLS 1.2+ encryption
  • BLISS maintains PCI DSS compliance for payment data

SAP B1 Data Pipeline Security

Financial data flowing from BLISS to SAP Business One is processed through encrypted pipelines. Data is validated, transformed, and posted to SAP B1 without persistent storage of raw financial data. Only reconciled summaries are retained in SAP B1 as configured by your administrator.

Security Protocols

Encryption

  • AES-256 encryption for all data at rest
  • TLS 1.2+ for all data in transit
  • End-to-end encryption for financial data pipelines
  • Encrypted database backups with key rotation

Authentication & Access

  • OAuth 2.0 for all third-party integrations
  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) support
  • API key management with scoped permissions
  • Session timeout and automatic lockout policies

Infrastructure

  • SOC 2 Type II compliant cloud infrastructure
  • Geographically distributed data centers
  • Automated failover and disaster recovery
  • Network segmentation and firewall protection
  • Regular infrastructure vulnerability scanning

Monitoring & Logging

  • Real-time security event monitoring
  • Comprehensive audit logging of all data access
  • Anomaly detection for unusual access patterns
  • 24/7 incident response team
  • Automated alerting for security events

Compliance

  • GDPR compliance for EU data subjects
  • CCPA compliance for California residents
  • SOC 2 Type II audit certification
  • Annual third-party penetration testing
  • Vendor risk assessment program

Business Continuity

  • 99.9% uptime SLA guarantee
  • Automated daily backups with 30-day retention
  • Cross-region disaster recovery
  • Incident response plan with defined SLAs
  • Regular business continuity testing

End-User Data Rights for BLISS

As a user connecting financial accounts through our BLISS integration, you have the following rights:

  • Right to disconnect: Revoke access to your financial accounts at any time through our settings or directly through your bank.
  • Right to know: Request a full accounting of what financial data we have accessed and how it was used.
  • Right to delete: Request deletion of all financial data retrieved through Plaid from our systems.
  • Right to restrict: Limit the types of financial data we access by modifying your BLISS permissions.
  • Right to portability: Export your synchronized financial data in standard formats.

Incident Response

In the event of a security incident involving your data:

  • We will notify affected users within 72 hours of confirmed breach detection
  • BLISS access tokens are immediately rotated upon suspected compromise
  • A detailed incident report is provided to all affected parties
  • Remediation steps are implemented and verified by our security team
  • Relevant regulatory authorities are notified as required by law

Responsible Disclosure

If you discover a security vulnerability in our platform, please report it responsibly to security@consultare.net. We appreciate the security research community and will acknowledge valid reports. Please do not publicly disclose vulnerabilities until we have had a reasonable opportunity to address them.

Security Contact

For security-related inquiries or to report a vulnerability:

Email: security@consultare.net

Phone: +1 (786) 220-4300