Security at SREDY.IO

Last updated: May 2026

How we protect your data

SREDY.IO handles sensitive SR&ED claim data for Canadian businesses. We take security seriously and implement industry-standard protections.

Encryption

All data in transit is encrypted using TLS 1.2 or higher
Sensitive data at rest is encrypted using AES-256
Database connections are encrypted and authenticated

Access controls

Session-based authentication with secure, httpOnly cookies
Passwords are hashed using bcrypt before storage
Claim data is isolated per-user — you cannot access other users' claims

Third-party services

We use Stripe for payment processing and OpenAI for AI-assisted claim drafting. Neither service receives your financial or identity data beyond what is necessary to perform their function.

Responsible disclosure

If you discover a security vulnerability, please contact us at [email protected]. We commit to acknowledging reports within 48 hours and resolving confirmed issues promptly.

Ready to start?

Prepare your SR&ED claim with AI assistance

sredy.io generates structured, CRA-ready claim packages for a fixed fee. No consultant percentage.