Skip to Content

PARA Ramp-Odoo Integration Security Policy

Overview

The PARA Ramp-Odoo integration facilitates secure financial data transfer between Ramp (expenses, bills, transactions) and Odoo ERP systems through an Azure-based backend. This Security Policy outlines the measures in place to protect customer data, ensure compliance with applicable regulations, and maintain operational integrity.

Data Protection

·     End-to-End Encryption: All communication between users, PARA Dashboard, Azure Functions, Ramp API, and Odoo ERP occurs overHTTPS (TLS 1.2 or higher).

·     Encryption at Rest: Credentials are encryptedbefore storage in Azure SQL Database.

·     Minimal Data Retention: Transactional data isnot stored. Only failed records retain metadata (internal ID, timestamp, errordetails) temporarily until resolved.

Network & Infrastructure Security

·     Virtual Network Isolation: All Azure resources(Function Apps, SQL Database, Key Vault) are deployed inside a dedicated AzureVirtual Network (VNet).

·     Private Endpoints & Service Endpoints: Usedfor internal communication between Azure services.

·     IP Whitelisting: Access to backend and SQL isrestricted to approved subnets and whitelisted IPs.

Access & Identity Control

·     User Authentication: PARA Dashboard accessrequires Microsoft Authentication (MSAL).

·     Role-Based Access Control (RBAC): Applied acrossKey Vault, Functions, and SQL to enforce least-privilege access.

·     Managed Identity: System-assigned identities areused for backend authentication instead of shared secrets.

·     Token Security: Access tokens are stored only inmemory, refreshed automatically, and invalidated upon logout.

API & Credential Security

·     Ramp API Integration: Outbound API calls useHTTPS with 2FA authentication.

·     Odoo API Integration: Connection validated withsecure credentials retrieved only at runtime.

·     Credential Lifecycle: Credentials are neverstored client-side. They are encrypted in transit, validated before use, andcleared on logout.

Logging & Error Handling

·     Non-Sensitive Logging: Logs capture onlymetadata such as internal IDs, timestamps, and error messages. No financial orPII data is logged.

·     Error Metadata Retention: Metadata from failedsyncs is automatically purged once the sync succeeds.

·     Monitoring & Alerts: Azure ApplicationInsights and logging mechanisms are used to detect anomalies and triggeralerts.

Compliance & User Rights

·     Data Minimization: The system collects andprocesses only what is necessary to execute integrations.

·     Right to Erasure: Metadata and logs tied tocustomer data can be deleted upon request, except where retention is legallyrequired.

·     GDPR & CCPA Alignment: Users may requestaccess, correction, or deletion of data, in accordance with applicable laws.

Review & Updates

This Security Policy is reviewed regularly and updated to reflect evolvingbest practices, regulatory requirements, and changes in system architecture.

Instagram white flat icon
© 2025 PARA Consulting Co. Designed & Developed by Pastel Creative