Security & Compliance

We take security seriously. Sensitive data is encrypted, API access is authenticated, and we follow practices to protect your tax data.

Data Protection

Encryption at Rest

Sensitive data such as TINs and tax documents are encrypted before storage using industry-standard encryption, with keys kept in secure configuration.

Encryption in Transit

All traffic is served over HTTPS. We use TLS for API and web traffic.

Access Controls

Dashboard and API access require authentication. Changes to your data are logged and auditable.

Compliance & Certifications

IRS Publication 1220

Our e-filing is built to follow IRS Publication 1220 specifications for electronic filing of information returns.

Data Retention

We retain data according to our policies and applicable requirements. Contact us for questions about export or deletion.

Infrastructure Security

Cloud Infrastructure

Hosted on managed cloud infrastructure
Standard security controls and isolation

Application Security

OAuth 2.0 API authentication
Rate limiting on API and token endpoints
Dependency vulnerability checks in CI

Audit & Responsiveness

Audit Logging

Changes to your data are recorded in audit logs (create, update, delete). Logs are retained for our operations and support.

Incidents

We respond to security and availability issues and will notify affected customers when appropriate.

Security Questions?

Have questions about how we handle security? We're happy to discuss and answer what we can.