logo
Numerand

Security at Numerand

How we protect your data using Browserbase-managed sessions and cookies

Data Protection Overview

At Numerand, we use Browserbase to handle authenticated browsing during setup. You sign in directly to supplier portals; we never collect or store your credentials. Session cookies are stored in Browserbase and used only to discover and validate invoice paths. Once paths are defined in our system, cookies are not used again unless you explicitly request troubleshooting due to a malfunction.

Credential Management

Authentication is initiated by you. We don't store passwords; we rely on Browserbase session cookies:

  • You authenticate directly; we never handle your passwords
  • We do not store credentials in our databases
  • Session cookies are stored in Browserbase, not by Numerand
  • Cookies are accessed only when needed to reach supplier portals
  • No cookies or credentials are logged or exported

Session Security

Sessions run in isolated Browserbase environments:

  • Isolated browser instances with network and filesystem sandboxing
  • Secure cookie storage within Browserbase; no direct database storage
  • Short-lived sessions with automatic expiry and rotation where supported
  • All traffic is encrypted over TLS 1.3
  • Local execution uses cookies only to discover and validate invoice paths

Data Processing & Storage

Cookie usage and path discovery:

  • Cookies are used only to discover and validate invoice paths; invoices are retrieved by our system, not via Browserbase
  • After paths are defined, cookies are not reused unless you request troubleshooting
  • Cookies may be accessed locally during setup; they are never repurposed
  • We do not persist cookies on our servers beyond temporary processing needs
  • Access is audited and limited to the least privilege necessary

Access Controls

We implement strict access controls including:

  • Role-based access with principle of least privilege
  • Regular access reviews and permission audits
  • Secure authentication for all system access
  • Monitoring and logging of all access events
  • Immediate revocation capabilities for compromised accounts

Security Monitoring

Our security infrastructure includes:

  • 24/7 security monitoring and incident response
  • Automated threat detection and prevention systems
  • Regular vulnerability assessments and penetration testing
  • Real-time alerts for suspicious activities
  • Comprehensive audit logs for compliance

Compliance & Standards

We maintain compliance with:

  • GDPR (General Data Protection Regulation)
  • SOC 2 Type II certification
  • Industry-specific financial data regulations
  • Regular third-party security assessments

Transparency & Control

You maintain full control over your data:

  • Clear visibility into what data is accessed and when
  • Ability to revoke access permissions at any time
  • Regular security reports and updates
  • Data portability and deletion rights
  • Direct communication channels for security concerns

Incident Response

In the unlikely event of a security incident:

  • Immediate containment and impact assessment
  • Transparent communication within 72 hours
  • Forensic analysis and remediation
  • Preventive measures to avoid recurrence
  • Coordination with relevant authorities when required