Wholesail takes security, privacy, and data integrity seriously. Wholesail’s integration with business-critical accounting and ERP systems enables buyers to access invoices online and enables sellers to automate key aspects of their accounts receivable process.
Wholesail takes several precautions to secure your critical business data, sensitive personal & payments information of your customers, and ensure the integrity of your business data in your accounting or ERP system.
Security Practices
- All connections to accounting or ERP system APIs from Wholesail are TLS / HTTPS encrypted. For "file-based" ERP integrations data is transferred over SFTP using public key encryption (RSA 4096).
- All connections to third party payment providers (Stripe, Plaid, Modern Treasury) where payment information is transferred are TLS / HTTPS encrypted. Wholesail also does not store credit card numbers or bank account numbers; they are securely tokenized by Wholesail’s payment providers.
- All Wholesail employees undergo security training, and are required to follow a high standard of security practices. Two-factor authentication and strong password controls are required for administrative access to systems, and employee computers and devices are configured to use full-disk encryption.
- Wholesail infrastructure is built on Google Cloud Platform. Physical and environmental security is handled entirely by Google. Google provides an extensive list of compliance and regulatory assurances, including SOC 1/2-3, PCI-DSS and ISO27001. See Google Cloud Platform compliance, security, and data center security documentation for more detailed information.
- Wholesail enforces user-level permission control for customer and payment information in the system. Users will not be able to read or modify customer information, or make payments without first receiving proper permissions from owners of the data.
- Wholesail automatically logs audit entries for all the payment activities happening through the Wholesail platform, including payment account connections, and payment and deposit creations and exports, for auditing and customer inquiries in case of suspicious activities.
To date, Wholesail has not experienced a breach in security of any kind. In the event of such an occurrence, Wholesail protocol is such that customers would be made aware as soon as the compromise is confirmed.
Data Integrity
Wholesail has a number of precautions to maintain the integrity of your data in Wholesail and in your accounting system:
- Balance cross-check - Wholesail computes a customer’s open balance by aggregating invoice, credit, and payment data. To ensure the buyer’s balance is always accurate, Wholesail compares it’s computed balance with that from your accounting system to ensure it’s always accurate.
- Data never deleted or overwritten - Wholesail will never delete data in your accounting system and will never overwrite any changes you make in your accounting system. In the rare situation where the data in Wholesail conflicts with your accounting system, Wholesail will not update your accounting system and a representative of Wholesail will reach out to you to remedy the situation. Wholesail’s system also has built-in checks to ensure that the same entity is not exported to the accounting system multiple times.
- Approved integration - Wholesail only uses APIs, SDKs, and sync interfaces provided by your accounting system or ERP vendor.
- Flexible Sync Frequency - Wholesail syncs as frequently as possible given the limitations of your accounting system.
- Limited data collection - Wholesail only reads the critical information required to enable buyers to manage their balance, which generally includes information about invoices, credit memos, payments, customers, and GL accounts. Wholesail does not collect social security numbers or sensitive employee information from your ERP or accounting system.