At TaxTank, we prioritise security to provide our users with the highest level of assurance. Our comprehensive security framework encompasses various measures to protect your data and ensure the integrity of our platform.

Here are the key components of our security framework:

We have integrated GitLab DevSecOps into our development process to provide real-time

security solutions. This integration offers several benefits:

Our platform undergoes continuous vulnerability scanning, allowing us to identify and address vulnerabilities in real time.

Automated security testing is incorporated into our development pipeline, ensuring that security checks are part of every code change and update.

We adopt a “security as code” approach, embedding security in our development process to reduce the likelihood of vulnerabilities.

All our servers are hosted on secure, private infrastructure. The use of private servers

provides numerous benefits:

Private servers offer a higher level of data privacy and protection compared to public cloud solutions.

We have full control over server configurations, security policies, and access, allowing us to tailor our security measures to meet specific

requirements.

Private servers are less susceptible to public-facing vulnerabilities, reducing the risk of external threats.

We are committed to data sovereignty and ensure that all user data is stored within

Australia. This has several advantages:

Storing data within Australia ensures compliance with local data protection and privacy laws, including the Privacy Act.

Local data storage typically results in faster access and better

performance for Australian users.

Data stored locally is subject to Australian data protection

regulations, providing an added layer of security and accountability.

We employ robust encryption protocols to protect data both in transit and at rest. This

includes the use of SSL/TLS for data transmission and encryption mechanisms for data

storage. User data is encrypted to prevent unauthorised access.

Access to the TaxTank platform is tightly controlled. We implement role-based access

control (RBAC) to ensure that only authorised personnel can access and manage the

system.

Users have the convenience of logging in using their Google or Facebook accounts,

ensuring a seamless and secure login process.

In the event of a security incident, TaxTank has a well-defined incident response plan

in place. This plan allows us to react swiftly, minimise impact, and ensure transparency

and communication with affected users.

TaxTank is fully compliant with open banking regulations and provides all required

functionality as per the Consumer Data Right (CDR) regulations.

This includes the important feature of allowing users to delete their bank data,

ensuring complete control and data privacy.

Open Banking is a carefully regulated government initiative which can only be used by

Accredited Data Recipients (ADR) registered with the ACCC.

When sharing financial data, a consumer is not

required to disclose their login and password details to the ADR (as they log in via the

interface of the financial institution).

We use an Australian based aggregator to give Basiq permission to connect to your

bank. We collect information required by the provider of your account or service, such

as your login information, transactions, account numbers, and balances as well as

general identity data including names and email addresses. This allows you to gain

access to powerful financial services and tools and speeds up identity and account

verification.

Basiq provides a read-only service, in other words, we can report on your accounts and

transactions, but we can’t make any payments or transfers – so your money is secure.

Full control: Consumers also have full visibility of who they have consented to sharing

the financial data with, for what purpose and for what duration, with the ability to

revoke consent at any time.

MFA within the open banking framework facilitates a seamless and user-friendly experience. Once consumers have authorised a trusted ADR, they can enjoy a streamlined and uninterrupted delivery of bank transactions.

At TaxTank, we are committed to providing a secure and reliable platform for our users.

Our security framework, which includes the integration of GitLab DevSecOps, private

servers, data storage in Australia, and various other security measures, is designed to

deliver the highest level of assurance. We continually adapt and enhance our security

practices to stay ahead of emerging threats and protect your data.