We understand how valuable our users' data are and how important it is to protect them. Therefore, we ensure that all our user information remains safe by implementing various methodologies to maintain multiple layers of security.

Here, we have listed all the security standards and protocols set by TaxBandits to protect our users' data.

Compliance

  • SOC 2 Compliance

    TaxBandits is SOC 2 certified e-file provider. As required by SOC 2 compliance, we undergo regular audits to ensure that we protect our user data and privacy in every aspect.

  • HIPAA Compliance

    As per the Health Insurance Portability and Accountability Act, we have implemented all the required security measures to secure the Protected Health Information (PHI) of our users.

  • CCPA Compliance

    We adhere to all the regulations of the California Consumer Privacy Act (CCPA) in handling the personal information (PI) of California residents.

  • PCI DSS Compliance

    All the payment processing tools used by TaxBandits adhere to PCI-compliance requirements for encrypting and securely transmitting credit card data.


Data Protection

  • Two Factor Authentication

    For two factor Authentication, we provide our users with an option to utilize Google authenticator, Authy by Twilio, Microsoft authenticator, Last Pass, and the 2FA Authenticator applications.

  • Firewall

    We have a firewall that monitors and prevents our system from any suspicious and unnecessary traffic.

  • Antivirus

    Our system is protected by antivirus software that serves as a powerful defense mechanism against viruses and other types of malicious software.

  • PII Data Security

    We follow all the regulations of PII data security standards to ensure that your personal information (Social Security numbers, email addresses, phone numbers, etc) are secure.

  • Encryption - Data-in-Rest, Data-in-Motion & Data-in-Use

    We encrypt all the user data which are stored in our database (Data-in-rest) and data which are transmitted between networks or devices (data-in-motion).

    Also, we follow SSL (Secure Sockets Layer) and TLS (Transport Layer Security) cryptographic protocols to encrypt the data which are currently being accessed or read (Data-in-use).

  • Database Management

    To maintain the security and privacy of the database system, we perform data fragmentation. We frequently carry out data backups as a preventive measure against any unprecedented security incidents.
    See how we counter any security disasters.

  • Defense In-Depth Security

    We have employed a Defense In-Depth (DID) security approach to guard our users' information across our database with multiple layers of security mechanisms and controls.

  • Oracle Cloud Infrastructure Security

    Our database is maintained through Oracle Cloud Infrastructure Security, and our servers are under Compute Security protection. Through Application Segmentation, all the sensitive data in our database remains isolated and unbreachable.

    A dedicated whitelist is associated with an individual instance in the cloud, allowing only specific sources to communicate to the instance.

  • Data Loss Prevention

    Data Loss Prevention (DLP) practices are carried out to avoid loss of sensitive data and data exfiltration from our system.


Network Security

  • Secure Remote Access - VPN

    Access to all our servers, data, and tools have been restricted to allow only authorized SPAN corporate personnel who are connected through our secure VPN network. Also, only the IP addresses from selected geographical locations that we have authorized can access our network.

  • Wireless Security

    Accessing our system through any unauthorized wireless networks is restricted to prevent the confidentiality of all our data.

  • Perimeter Security - WAF for Application

    Our Web Application Firewall inspects the traffic to our application and filters out suspicious and malicious ones.

  • Internet URL Filtering

    To prevent the entry of any security threats into our system, access to websites that contain potentially malicious content (Eg: Phishing Pages) is restricted throughout our network.


Preventive Measures

  • Secure Software Development -DevSecOps

    We rely on the DevSecOps approach and follow Secure Software development practices to ensure that our application possesses all the security qualities in each stage of software development.

  • Threat Modeling

    By foreseeing potential security threats and vulnerabilities right at the development of our application, we formulate strategies to negate and nullify them.

  • API Security

    As there is a possibility of APIs exposing sensitive data, we have a designated security checklist for the APIs. This helps us identify and eliminate any potential security vulnerabilities in our API endpoints.

  • Incident Management

    TaxBandits is always prepared to counter any unprecedented and unexpected security incidents with instant solutions. In case of any sudden security issues, we analyze and take immediate action so that our users remain unaffected.

  • Change Management

    We don’t leave any room for security issues that may arise with our application changes or other software updates. We have various countermeasures to make sure that all our data and services encounter a minimal impact with any such changes.


Security Standards

  • Security Policies

    We have clearly defined policies in place to ensure the utmost data security. We adhere to these policies in our day-to-day practices and activities related to data.

  • Security Awareness Training

    Every one of us at TaxBandits has a clear-cut understanding of data security. We constantly update ourselves with new technologies and security mechanisms to counter any unprecedented threats.

  • Robust Architecture and Design

    We have streamlined workflows and models to depict our security framework, defining the implementation and ongoing management of all our security methodologies and standards.

  • Escalation Matrix

    The responsible personnel and notification procedures in the event of any security incidents for each escalation level have been clearly defined and are being followed. In the event of an escalation, the responsible personnel will take the necessary actions at each level.


Security Evaluation

  • Penetration Testing

    Frequently, there will be simulated cyber attacks made on our application and database by our security engineering team to test the effectiveness of all the security mechanisms and technologies we have implemented.

  • Monitoring and Response

    There is constant monitoring of our network and application to identify any potential security threats. When there is such a threat identified, we perform event log analysis to respond with proactive measures for negating the threat.

  • Windows/Server Hardening

    We perform a sequence of server hardening processes to eliminate all the potential vulnerable points for security attacks in our servers.