Strong encryption. GDPR compliance. EU-hosted servers. Full audit trail. TaxItEasy protects your most sensitive data at every layer — because security isn't an add-on, it's the foundation.
Full EU data protection. Not just a checkbox — built into the architecture.
TaxItEasy is built from the ground up to comply with the General Data Protection Regulation (GDPR). Your data is stored exclusively on European servers, processed transparently, and protected by every right the regulation guarantees. We aim to go beyond the minimum requirements.
All data is stored and processed on servers physically located within the European Union. Your financial data never leaves EU jurisdiction.
Request full deletion of all your data at any time. We wipe everything — documents, invoices, user data, audit logs. Permanently.
Export all your data in standard formats at any time. Your data belongs to you, and you can take it wherever you want.
We collect only what's strictly necessary to provide the service. No tracking, no profiling, no selling data to third parties.
Clear privacy policy and cookie policy. You know exactly what data we collect, why we collect it, and how long we keep it.
Your financial data is never shared with, sold to, or accessed by third parties. It's your data, period.
Your documents are encrypted from the moment they leave your device.
Every piece of data that touches TaxItEasy is encrypted — both while it's moving between your device and our servers, and while it's stored. We use the same encryption standards trusted by banks and government agencies. Your invoices, receipts, and financial documents are designed to stay protected at all times.
All data moving between your browser/app and our servers is encrypted with TLS. No one can intercept or read your data in transit.
Documents and data stored on our servers are encrypted with AES-256, the same standard used by military and financial institutions.
Document download links are temporary and expire after 1 hour. No permanent public URLs to your files exist anywhere.
Even internal connections between our services are encrypted. Your data is protected at every hop within our infrastructure.
6 roles. Complete tenant isolation. Principle of least privilege enforced.
Not everyone needs access to everything. TaxItEasy enforces strict role-based access control with 6 distinct roles, from Owner with full control to Viewer with read-only access. Every company's data is completely isolated at the database level — this is designed to prevent one tenant's data from leaking into another.
Owner, Admin, Accountant, Employee, Tax Advisor, Viewer. Each role has precisely defined permissions. Everyone sees only what they need.
Each company's data is walled off from every other company. Enforced at the database level — not just the application level.
Every action by every user is logged with timestamp, IP address, and user agent. Complete accountability for all activity.
Users start with minimum permissions and are granted access only as needed. No broad default access that could be exploited.
Multiple layers of defense against unauthorized access.
Your account is protected by multiple layers of security. From industry-standard password hashing to automatic lockouts and rate limiting, we aim to make it difficult for anyone to gain unauthorized access to your account — even if your password is compromised.
Passwords are hashed with bcrypt, an industry-standard algorithm designed to be computationally expensive to crack.
Every new account requires email verification with a 6-digit code. No unverified accounts can access the platform.
After 5 failed login attempts, your account is temporarily locked. Brute-force attacks are stopped before they start.
Every API endpoint is rate-limited. Automated attacks, credential stuffing, and abuse are blocked at the network level.
Password reset uses time-limited, single-use token links sent to your verified email. No security questions, no phone calls.
Access tokens expire after 60 minutes. Refresh tokens expire after 7 days. Stolen tokens have a limited window of usefulness.
Your files are validated, encrypted, and served securely. No permanent public links.
Documents are the most valuable asset in TaxItEasy, and they're protected accordingly. Every uploaded file is validated at the byte level to prevent malicious uploads, stored in encrypted object storage, and served only through temporary, expiring links. There are no permanent public URLs to any of your files.
Files are validated by checking actual file content (magic bytes), not just the file extension. Renamed malicious files are caught and blocked.
Documents are stored in enterprise-grade encrypted object storage with redundancy. Your files are safe from data loss and unauthorized access.
Every document URL is a presigned link that expires after 1 hour. Bookmarked or cached links stop working automatically.
Accidentally deleted a document? Restore it within 30 days. After that, permanent GDPR-compliant deletion ensures it's truly gone.
Shared document links use 64-character cryptographic tokens. Guessing a valid link is statistically impossible.
Every version of every document is preserved. You always have a complete, verifiable history of your files.
TaxItEasy meets and exceeds industry standards for data protection and security.
We're building TaxItEasy with security as the foundation. Be the first to know when we launch.