Security at idutax
Tax documents contain some of the most sensitive financial information your clients have. We built idutax with security as a first principle, not an afterthought.
Encryption at rest and in transit
All files are encrypted with AES-256 at rest. Data in transit is protected with TLS 1.3. Encryption keys are managed by Cloudflare and are never accessible to idutax employees.
Data residency control
Choose where your data lives: Canadian data centers (Cloudflare R2 Toronto, Neon ca-central-1) or US data centers. Your clients' files never cross borders without your permission.
PIPEDA & GLBA alignment
Our practices are aligned with PIPEDA (Personal Information Protection and Electronic Documents Act) for Canadian users and the GLBA Safeguards Rule (FTC) for US users.
Audit log
Every action — who uploaded what, when, from which IP — is logged and tamper-evident. Export the full audit log at any time for regulatory or internal review.
Access controls
Role-based access ensures team members only see the clients and documents they're authorized to access. Session management with idle timeout and suspicious login detection.
SOC 2 in progress
We are pursuing SOC 2 Type I certification. Our infrastructure is designed to meet these standards from day one. Contact us for our current security posture documentation.
Report a vulnerability
We take security reports seriously. If you believe you have found a security vulnerability in idutax, please contact us at security@idutax.com. We commit to acknowledging reports within 24 hours and to working with you to understand and address the issue promptly.