Saltar al contenido principal

Security

How we protect accounting operations and customer data.

What afínate guarantees

Seven verifiable principles, present in every document processed.

Full data ownership

Download and deletion available at any time, with no restrictions.

Reliability above 95%

In automatic document classification and accounting entries.

Auditable documents

The system allows editing values, reclassifying or voiding any record.

24/7 customer support

WhatsApp +57 321 390 2280 and email [email protected].

Colombian data protection law

Personal data handled in compliance with Law 1581 of 2012 (Habeas Data).

Meta Business verified

WhatsApp owner Meta validated the legal identity and authorized official operation.

Payments only via Wompi

Colombian PCI DSS-certified gateway with industry-standard guarantees.

For IT and compliance teams

For audit processes that require security questionnaires, data processing agreements or formal technical evidence, afínate prepares documentation tailored to each case. Requests by email or WhatsApp.

Request documentation WhatsApp +57 321 390 2280

Frequently asked questions

The most common queries, grouped by audience.

Business

Who accesses each account's information?
Only the owning organization. Every database query is filtered by user via Row Level Security (RLS); no other customer can read someone else's information. The afínate team accesses data only when required for support or maintenance, under strict confidentiality criteria.
Can the data be downloaded or deleted at any time?
Yes. The dashboard exports documents, accounting entries and reports as PDF and CSV on demand. When the account is deleted, data is removed in compliance with Law 1581 (Habeas Data).
How is Law 1581 (Habeas Data) handled?
afínate processes personal data in accordance with Colombian Law 1581 of 2012 and its regulations. Any data subject may request consultation, update, correction or deletion by writing to [email protected].
What does Meta Business verification mean?
afínate operates as a Verified Business under Meta Business (owner of WhatsApp). Meta validated the company's legal identity and authorized official use of the WhatsApp Business API for customer support.
How is a vulnerability or incident reported?
Email [email protected] with the details of the finding. Each case is reviewed and answered within a reasonable timeframe. For active incidents, WhatsApp +57 321 390 2280 is also available.

Technical

Encryption in transit
All communication with the website, dashboard and APIs uses HTTPS (TLS 1.2+). The domain is protected with DNS, SSL certificates and a CDN that encrypts traffic end-to-end.
Database access control
The database enforces Row Level Security (RLS): every query is automatically filtered by the authenticated user ID, preventing one customer from reading another's data even if the application layer fails.
Isolated infrastructure
Backend, automations (n8n) and the admin panel run on a dedicated Hetzner server (European data center) managed with Docker containers and accessible only via VPN. Reduces attack surface and enables fast recovery.
AI processing with certified providers
Documents are analyzed with the Google Gemini and OpenAI Whisper APIs, both with enterprise privacy commitments: customer information is not used to train third-party models.
Backups and availability
The database has automatic daily backups and point-in-time recovery. The infrastructure is prepared for operational recovery within defined timeframes.
PCI-compliant payments
Payments are processed exclusively through Wompi, a Colombian PCI DSS-certified gateway. afínate does not store or handle card data; only the transaction outcome signed with SHA-256 is received.