At Supatax, we are committed to maintaining the confidentiality, integrity, and security of our customers’ data. This Privacy & Security Policy outlines how we protect information, ensure platform reliability, and uphold compliance across all systems and processes.
Overview
Supatax provides cloud-based tax and compliance solutions designed to help users manage their financial and business data securely. Protecting customer data is a top priority, and we have implemented robust administrative, technical, and physical safeguards in line with industry best practices.
Penetration Testing
Supatax engages independent third-party vendors to conduct annual penetration testing of our systems.
All vulnerabilities identified during testing are prioritized and remediated in accordance with our Software Development Life Cycle (SDLC) and security risk management policies.
Vulnerability Scanning
Supatax performs quarterly vulnerability scans using a certified third-party provider.
Any discovered vulnerabilities are promptly evaluated, prioritized, and resolved to maintain a secure environment for all users.
Physical Access Control
Our platform is fully hosted on Amazon Web Services (AWS) (North Virginia region) and secured through Cloudflare for additional network-level protection.
We rely on AWS and Cloudflare’s proven security frameworks to ensure the physical safety and redundancy of our hosted infrastructure.
Virtual Access Control
Access to all cloud resources is managed through AWS Identity and Access Management (IAM) following the Principle of Least Privilege.
Access rights are reviewed annually, and all remote connections are handled securely through BastionZero, which:
- Disables SSH access
- Keeps all commonly targeted ports closed
- Enforces secure, auditable access for authorized users only
Audit Logging
Supatax maintains comprehensive logging for both application-level and infrastructure-level events.
All activities are monitored through Application Performance Management (APM) systems with automated alerts to ensure real-time detection of anomalies or suspicious actions.
Intrusion Detection and Prevention
Our workloads are continuously monitored using AWS-native security controls and AI-enhanced threat detection software.
This ensures that all systems are safeguarded from intrusion attempts, malware, and unauthorized access.
Secure Software Development Life Cycle (SDLC)
Supatax follows a rigorous SDLC process to ensure secure and high-quality product development. Our best practices include:
- Version Control for all code changes
- Independent Code Reviews before deployment
- Automated Unit and Integration Testing
- Manual QA Testing for reliability
- CI/CD Pipelines for consistent and predictable deployments
- Infrastructure as Code (IaC) to ensure environment consistency and traceability
Email Security
Supatax enforces strict email authentication and security measures, including:
- SPF, DKIM, and DMARC records to prevent phishing and spoofing
- Encouragement for customers to add Supatax domains to their allowlist to ensure uninterrupted email communication
Data Security
Backups
We perform automated full database backups daily and incremental backups every 5 minutes.
All backups are encrypted with AES-256 and stored securely across multiple availability zones.
Encryption
- Data at rest: Encrypted with AES-256 encryption.
- Data in transit: Protected with HTTPS TLS 1.2 or higher.
Data Retention & Removal
Supatax retains customer data indefinitely unless a formal removal request is made.
Customers may request deletion of their data by contacting their Customer Success Manager or emailing security@supatax.ai.
All verified deletion requests are processed securely and permanently within a reasonable timeframe.
AI Data Privacy
Supatax does not use customer data to train generative AI models.
All workloads processed through OpenAI or other integrated systems operate on Zero Data Retention (ZDR) infrastructure — ensuring that no customer data is stored, retained, or reused for model training or improvement.
Changes to This Policy
Supatax may update this Privacy & Security Policy periodically to reflect new practices or legal requirements.
Any updates will be published on our website with a revised effective date. Customers are encouraged to review this page regularly.