Security Portal
Tesorio has implemented best-in-class security practices to keep customer data safe
More than just collections management and accounts receivable automation, Tesorio is the world’s first and only cash flow performance platform. Tesorio empowers CFOs and finance teams to boost profits by using artificial intelligence to better manage, predict, and collect cash.
Box
Veeva Systems
Couchbase
Highspot
Smartsheet
Domo
Coupa SoftwareDocuments
SOC Report Updates
We have just uploaded our SOC 1 Type 2 and SOC 2 Type 2 reports covering the period from March 1, 2024 - February 28, 2025
We have just uploaded our SOC 1 Type 2 and SOC 2 Type 2 reports covering the period from March 1, 2023 - February 29, 2024
We have just uploaded our SOC 1 Type 2 and SOC 2 Type 2 reports covering the period from March 1, 2022 - February 28, 2023
Subprocessor Updates
Tesorio has added Astronomer, Inc. to its list of subprocessors. Purpose: Managed Apache Airflow Services. Location: USA.
Tesorio has added CrowdView, Inc. dba Extend to its list of subprocessors. Purpose: Document Data Extraction & Processing. Location: USA.
Tesorio has added OpenAI, L.P. to its list of subprocessors. Purpose: ML/AI Data Processing. Location: USA.
Tesorio has now moved to manage subprocessor listings to our security portal. You can view our list of subprocessors here. All updates will now be recorded here on our security portal. Before this change, the last time subprocessors were updated were on February 12, 2022. If you would like to receive email notifications around subprocessor updates, please click the "Subscribe" button and submit your email.
Tesorio Update on 2022 OpenSSL 3 Vulnerabilities
Tesorio has become aware of the recently announced OpenSSL vulnerabilities CVE-2022-3786 and CVE-2022-3602. After a review, we have concluded that there is no impact to Tesorio or its customers at this time. Our cloud infrastructure partner provided a patch to our systems on November 1, 2022.
Tesorio will continue to monitor the situation closely and will provide updates where we have them available to us.
Sincerely, Fabio Fleitas Chief Technology Officer
Tesorio Update on Heroku/GitHub
Last Friday, Tesorio became aware of an incident that occurred with Heroku & GitHub. Tesorio conducted an internal investigation with the recommendations from Heroku & GitHub and have determined that we were not impacted by this issue.
Tesorio will continue to monitor the situation closely and will provide updates where we have them available to us.
Tesorio values the security of its services extremely highly and to this end we maintain appropriate industry accepted third party accreditation of our security controls and program.
Sincerely,
Fabio Fleitas
Chief Technology Officer
Tesorio Update on SpringShell
Tesorio became aware of a recently disclosed CVE-2022-22965 - "SpringShell" RCE vulnerability in spring-beans before 5.2.20/5.3.18, Tesorio can confirm we have conducted an internal investigation and can confirm that we have no evidence that Tesorio customers or internal employees have been targeted or impacted by this vulnerability.
Tesorio will continue to monitor the situation closely and will provide updates where we have them available to us.
Tesorio values the security of its services extremely highly and to this end we maintain appropriate industry accepted third party accreditation of our security controls and program.
Sincerely, Fabio Fleitas Chief Technology Officer
If you think you may have discovered a vulnerability, please send us a note.