At TaxTank, we prioritise security to provide our users with the highest level of assurance. Our comprehensive security framework encompasses various measures to protect your data and ensure the integrity of our platform.
Here are the key components of our security framework:
GitLab DevSecOps Integration
We have integrated GitLab DevSecOps into our development process to provide real-time security solutions. This integration offers several benefits:
Continuous Vulnerability Scanning
Our platform undergoes continuous vulnerability scanning, allowing us to identify and address vulnerabilities in real time.
Automated Security Testing
Automated security testing is incorporated into our development pipeline, ensuring that security checks are part of every code change and update.
Security as Code
We adopt a “security as code” approach, embedding security in our development process to reduce the likelihood of vulnerabilities.
Continuous integration
Security testing is applied to any change in application code, ensuring that vulnerabilities are identified early in development.
Continuous delivery
Frequent updates allow us to continuously improve the security of the application and promptly respond to known vulnerabilities.
Continuous log analyse
Allows you to avoid the emergence of application vulnerabilities at the development stage.
Cloud infrastructure
The use of modern cloud architecture provides numerous benefits:
Isolated environment
The application infrastructure has no direct access from outside, limiting access to the infrastructure for attackers.
Limited interaction
External user access to the application is outside the infrastructure and provides access only through an authorised channel.
Monitoring
Active monitoring of infrastructure security allows us to identify any deviations in operation and suspicious activities.
Private servers
All our servers are hosted on secure, private infrastructure, receiving regular security updates.
Enhanced Privacy
Private servers offer a higher level of data privacy and protection compared to public cloud solutions.
Improved Control
We have full control over server configurations, security policies, and access, allowing us to tailor our security measures to meet specific requirements.
Reduced Exposure
Private servers are less susceptible to public-facing vulnerabilities, reducing the risk of external threats.
Data Stored in Australia
We are committed to data sovereignty and ensure that all user data is stored within Australia. This has several advantages:
Compliance with Australian Laws
Storing data within Australia ensures compliance with local data protection and privacy laws, including the Privacy Act.
Faster Access
Local data storage typically results in faster access and better performance for Australian users.
Enhanced Data Security
Data stored locally is subject to Australian data protection regulations, providing an added layer of security and accountability.
Encryption
We employ robust encryption protocols to protect data both in transit and at rest. This includes the use of SSL/TLS for data transmission and encryption mechanisms for data storage. User data is encrypted to prevent unauthorised access.
Access Control
Access to the TaxTank platform is tightly controlled. We implement role-based access control (RBAC) to ensure that only authorised personnel can access and manage the system.
Social Login Options
Users have the convenience of logging in using their Google or Facebook accounts, ensuring a seamless and secure login process.
Incident Response Plan
In the event of a security incident, TaxTank has a well-defined incident response plan in place. This plan allows us to react swiftly, minimise impact, and ensure transparency and communication with affected users.
Open Banking Compliance
TaxTank is fully compliant with open banking regulations and provides all required functionality as per the Consumer Data Right (CDR) regulations. This includes the important feature of allowing users to delete their bank data, ensuring complete control and data privacy.
Open Banking is a carefully regulated government initiative which can only be used by Accredited Data Recipients (ADR) registered with the ACCC.
Secure method of sharing data:
When sharing financial data, a consumer is not required to disclose their login and password details to the ADR (as they log in via the interface of the financial institution).
We use an Australian based aggregator to give Basiq permission to connect to your bank. We collect information required by the provider of your account or service, such as your login information, transactions, account numbers, and balances as well as general identity data including names and email addresses. This allows you to gain access to powerful financial services and tools and speeds up identity and account verification.
Basiq provides a read-only service, in other words, we can report on your accounts and transactions, but we can’t make any payments or transfers – so your money is secure. Full control: Consumers also have full visibility of who they have consented to sharing the financial data with, for what purpose and for what duration, with the ability to revoke consent at any time.
Convenient and Seamless Experience:
MFA within the open banking framework facilitates a seamless and user-friendly experience. Once consumers have authorised a trusted ADR, they can enjoy a streamlined and uninterrupted delivery of bank transactions.
At TaxTank, we are committed to providing a secure and reliable platform for our users. Our security framework, which includes the integration of GitLab DevSecOps, private servers, data storage in Australia, and various other security measures, is designed to deliver the highest level of assurance. We continually adapt and enhance our security practices to stay ahead of emerging threats and protect your data.