Your data is safe with Spherics.

At Spherics we use accounting data to build carbon footprints for businesses. We recognise that because of this, many customers have valid concerns about data security and privacy. That’s why we align with the best industry standards and guidance.

Key Features

We partner with academic institutions and climate experts to ensure our methodology meets the latest thinking and standards.

Only integrates with trusted APIs

We currently support two leading accountancy platforms (Xero and Quickbooks) with APIs that adhere to the toughest security protocols.
01

Only ‘read-only’ access to your accounting data

We can’t make changes to your accounts.
02

We don’t store your bank details

We do not store any sensitive bank details on our platform, only data on your expenditure.
03

We don’t share your data with third parties

We do not share the details of your expenditure with others, only a breakdown of your carbon footprint.
04

Delete your data at any time

On request, your accounting data can be decoupled and deleted at any time, which removes all of your records from our system.
05

What data does Spherics use?

Spherics only uses accounting data, not financial data - it's important to note the difference between the two:

We only store accounting data, which is expenditure data based on your recorded transactions

The specific data we use includes:

Date of transaction

When you made the purchase
01

Accounting category code

How a transaction is categorised in your accounts.
02

Merchant/supplier of transaction

Where you spent the money
03

Transaction description

What you spent the money on.
04

We do not store any of your financial data, which includes bank card details or other sensitive financial information which could be used to make purchases

Our Security Protocol

Password security:

01

We never store your user password in plaintext.

02

We use the Argon2 password hashing algorithm to hash your password which means that in the event of a data breach, your password is safe.

03

We have strong password policies to ensure access to cloud services is protected.

Our databases and servers are protected to industry standards:

01

Our database is not internet facing and therefore cannot be the target of a cyber attack. Access to the database is strictly controlled and only accessible via a company VPN.

02

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.

03

Spherics is served 100% over Hypertext Transfer Protocol Secure (https).

Company training and policy:

01

Access to customer data is limited to authorized employees who require it for their job.

02

Spherics runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Spherics’ network.

03

We follow the National Cyber Security Centre guidance and are working towards Cyber Essentials certification.