Data Security and Compliance

SOC 2 Compliance

TaxBandits is SOC 2 certified e-file provider. As required by SOC 2 compliance, we undergo regular audits to ensure that we protect our user data and privacy in every aspect.

HIPAA Compliance

As per the Health Insurance Portability and Accountability Act, we have implemented all the required security measures to secure the Protected Health Information (PHI) of our users.

CCPA Compliance

We adhere to all the regulations of the California Consumer Privacy Act (CCPA) in handling the personal information (PI) of California residents.

PCI DSS Compliance

All the payment processing tools used by TaxBandits adhere to PCI-compliance requirements for encrypting and securely transmitting credit card data.

Two Factor Authentication

For two factor Authentication, we provide our users with an option to utilize Google authenticator, Authy by Twilio, Microsoft authenticator, Last Pass, and the 2FA Authenticator applications.

Firewall

We have a firewall that monitors and prevents our system from any suspicious and unnecessary traffic.

Antivirus

Our system is protected by antivirus software that serves as a powerful defense mechanism against viruses and other types of malicious software.

PII Data Security

We follow all the regulations of PII data security standards to ensure that your personal information (Social Security numbers, email addresses, phone numbers, etc) are secure.

Encryption - Data-in-Rest, Data-in-Motion & Data-in-Use

We encrypt all the user data which are stored in our database (Data-in-rest) and data which are transmitted between networks or devices (data-in-motion).

Also, we follow SSL (Secure Sockets Layer) and TLS (Transport Layer Security) cryptographic protocols to encrypt the data which are currently being accessed or read (Data-in-use).

Database Management

To maintain the security and privacy of the database system, we perform data fragmentation. We frequently carry out data backups as a preventive measure against any unprecedented security incidents.
See how we counter any security disasters.

Defense In-Depth Security

We have employed a Defense In-Depth (DID) security approach to guard our users' information across our database with multiple layers of security mechanisms and controls.

Oracle Cloud Infrastructure Security

Our database is maintained through Oracle Cloud Infrastructure Security, and our servers are under Compute Security protection. Through Application Segmentation, all the sensitive data in our database remains isolated and unbreachable.

A dedicated whitelist is associated with an individual instance in the cloud, allowing only specific sources to communicate to the instance.

Data Loss Prevention

Data Loss Prevention (DLP) practices are carried out to avoid loss of sensitive data and data exfiltration from our system.

Secure Remote Access - VPN

Access to all our servers, data, and tools have been restricted to allow only authorized SPAN corporate personnel who are connected through our secure VPN network. Also, only the IP addresses from selected geographical locations that we have authorized can access our network.

Wireless Security

Accessing our system through any unauthorized wireless networks is restricted to prevent the confidentiality of all our data.

Perimeter Security - WAF for Application

Our Web Application Firewall inspects the traffic to our application and filters out suspicious and malicious ones.

Internet URL Filtering

To prevent the entry of any security threats into our system, access to websites that contain potentially malicious content (Eg: Phishing Pages) is restricted throughout our network.

Secure Software Development -DevSecOps

We rely on the DevSecOps approach and follow Secure Software development practices to ensure that our application possesses all the security qualities in each stage of software development.

Threat Modeling

By foreseeing potential security threats and vulnerabilities right at the development of our application, we formulate strategies to negate and nullify them.

API Security

As there is a possibility of APIs exposing sensitive data, we have a designated security checklist for the APIs. This helps us identify and eliminate any potential security vulnerabilities in our API endpoints.

Incident Management

TaxBandits is always prepared to counter any unprecedented and unexpected security incidents with instant solutions. In case of any sudden security issues, we analyze and take immediate action so that our users remain unaffected.

Change Management

We don’t leave any room for security issues that may arise with our application changes or other software updates. We have various countermeasures to make sure that all our data and services encounter a minimal impact with any such changes.

Security Policies

We have clearly defined policies in place to ensure the utmost data security. We adhere to these policies in our day-to-day practices and activities related to data.

Security Awareness Training

Every one of us at TaxBandits has a clear-cut understanding of data security. We constantly update ourselves with new technologies and security mechanisms to counter any unprecedented threats.

Robust Architecture and Design

We have streamlined workflows and models to depict our security framework, defining the implementation and ongoing management of all our security methodologies and standards.

Escalation Matrix

The responsible personnel and notification procedures in the event of any security incidents for each escalation level have been clearly defined and are being followed. In the event of an escalation, the responsible personnel will take the necessary actions at each level.

Penetration Testing

Frequently, there will be simulated cyber attacks made on our application and database by our security engineering team to test the effectiveness of all the security mechanisms and technologies we have implemented.

Monitoring and Response

There is constant monitoring of our network and application to identify any potential security threats. When there is such a threat identified, we perform event log analysis to respond with proactive measures for negating the threat.