TaxDome Trust Center

Explore our resources to learn how we safeguard client data. We prioritize security by implementing industry best practices and continuously monitoring our systems to meet all compliance standards.

How TaxDome approaches security

Privacy

We prioritize your privacy by implementing robust security measures to protect your data. See how we manage your data and customer information in our privacy policy.

Security

We ensure strong security processes in both our product and working environment, aligning people, processes, and technology.

Compliance

We’re compliant with industry-recognized security standards and adhere to the latest requirements. Our compliance program is verified by reliable auditors.

Status

We provide real-time updates on TaxDome’s platform uptime as part of our commitment to transparency and proactive system monitoring. Stay informed by visiting our status page.

Image
A partner you can trust
Your trust is our greatest asset, and safeguarding your data is at the core of everything we do. Security isn’t just
a feature — it’s the foundation on which everything else is built.
Victor Radzinsky, CO-FOUNDER AND CEO

COMPLIANCE

Certifications and attestations

TaxDome complies with global privacy laws and security standards, implementing measures to help you fulfill your compliance obligations.

See how we implement security at every level

Join a live demo to discover TaxDome’s key security measures in our product and processes.

Building robust and proactive security measures

Security measure

Overview

Security measure

Network security

Overview

TaxDome leverages AWS and Cloudflare network security features, such as VPCs, security groups, web application firewalls, and DDoS protection, to secure the platform at the network edge.

Security measure

Endpoint security

Overview

TaxDome enforces encryption on employee devices, requires multi-factor authentication for access, and mandates automatic device locking when idle.

Security measure

Product security features

Overview

TaxDome prioritizes product security by using secure coding practices to prevent vulnerabilities and input validation to block malicious data entry. Multi-factor authentication (MFA) and role-based access controls (RBAC) ensure that only authorized users can access the data they need.

Security measure

Access control

Overview

TaxDome safeguards data with granular access controls. Its role-based access control (RBAC) system limits access based on user roles and permissions. This 'least privilege' approach ensures users only see the data necessary for their job functions, reducing the risk of insider threats.

Security measure

Application security

Overview

TaxDome follows secure coding practices, regularly scans its application for vulnerabilities, and stays updated on the latest web application threats. The platform is protected against common vulnerabilities such as SQL injection and cross-site scripting (XSS).

Security measure

Risk management

Overview

TaxDome partnered with Chubb to strengthen its risk management strategy through DigiTech® Enterprise Risk Management insurance. This plan offers comprehensive coverage against cyber threats, data breaches, and business interruptions, helping ensure operational security and continuity.

Security measure

Data protection

Overview

TaxDome uses TLS 1.2 for encrypting data in transit and AES-256 encryption for data at rest. Encryption keys are rotated regularly to ensure security.

Security measure

Security awareness training

Overview

TaxDome requires all employees to complete annual security training to identify and report security issues, understand evolving threats, and follow secure practices. The training covers secure coding, data protection, and threat awareness.

TaxDome guarantees effective response and monitoring measures

TaxDome keeps your data safe with continuous monitoring, strong security checks, ransomware protection, and secure encryption using AWS.

Monitoring

TaxDome continuously monitors its platform’s infrastructure, services, and events for suspicious activity. TaxDome uses a combination of internal and external tools and services for monitoring and has procedures for escalation and resolution.

Vulnerability management and independent testing

TaxDome employs various tools and processes to identify and mitigate vulnerabilities, including code reviews, vulnerability scanning, automated patching, independent security audits, and a bug bounty program.

Vendor and customer review

TaxDome evaluates the security posture of its vendors and requires customers to complete a security review during onboarding.

Defense against ransomware attacks

For ransomware protection, TaxDome employs data backups, user education on phishing attacks, endpoint security measures, encryption of data in transit and at rest to prevent unauthorized access, and key rotation. TaxDome offers a more secure data storage solution compared to local devices.

Cryptography and data protection

TaxDome uses TLS 1.2 for data in transit, encrypts data at rest, and regularly rotates encryption keys.

Cloud security

TaxDome leverages the secure Amazon Web Services (AWS) cloud to store and protect your data. Under AWS’s shared responsibility model, AWS ensures a secure infrastructure, while TaxDome uses services such as IAM for access control, KMS for data encryption, and CloudTrail and Config for continuous monitoring.

How we protect user data

Your data security is our priority. We constantly monitor all security notifications, and our engineers work together with the product teams to address all issues immediately. TaxDome implements a multi-layered approach to keep your information safe.
  • 256-bit SSL encryption protects your data

    All data communication between you and TaxDome is encrypted using industry-standard 256-bit SSL encryption.

  • Secure storage in AWS data centers

    We store your data in Amazon Web Services (AWS) data centers, which are recognized for their robust security measures and physical access controls.

  • Strict access for authorized users

    Only authorized personnel have access to your data. Rigorous access controls and permission levels further safeguard your information.

  • SOC 2 Type II certified security standards

    TaxDome maintains SOC 2 Type II certification, demonstrating adherence to rigorous security standards set by independent auditors. This certification verifies the platform’s security controls and data management practices.

How does TaxDome comply with data privacy laws?

At TaxDome, we prioritize data privacy and adhere to global standards to ensure your data — and your clients’ data — stays protected. 

We are Privacy Shield certified and we continue to meet our obligations under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. 

To provide a secure, compliant basis for data transfers, we incorporate the EU’s Standard Contractual Clauses (SCCs) in our Data Processing Addendum, ensuring that all data handling aligns with European data privacy laws. 

TaxDome stores data in DPA-compliant vendors and helps customers meet the data subject rights requirements of GDPR. In compliance with GDPR requirements, we have appointed Rickert Rechtsanwaltsgesellschaft mbH as our representative in the EU for matters concerning data protection. Check out our GDPR policy for more information. 

Your trust and data security are paramount to us, and we remain fully committed to compliance with the highest privacy standards.

Who are TaxDome’s sub-processors?

TaxDome uses third-party services (e.g., for cloud hosting) that may process personal data, depending on the information provided by customers. These services are classified as “sub-processors”; however, they cannot access customer data contents, as it is encrypted with keys controlled by TaxDome. 

We’re keeping this process transparent — you can access the list of our sub-processors here.

Has TaxDome undergone a third-party security assessment by Google?

TaxDome has successfully undergone a third-party security assessment conducted by Google. This comprehensive assessment tests for application vulnerabilities across four key areas:

  • External network penetration testing: identifies potential vulnerabilities in external, internet-facing infrastructure systems
  • Application penetration testing: identifies potential vulnerabilities in applications that access user data
  • Deployment review: identifies exploits and vulnerabilities in developer infrastructure
  • Policy and procedure review: examines the efficacy of information security policies and procedures

This thorough evaluation by Google ensures that TaxDome maintains high standards of security and continuously improves its practices to protect client data. For more detailed information about the assessment, please refer to the Google Security Assessment.

Articles

Learn more about our security approach.

Infrastructure

TaxDome’s continued investment in stability

In this article, we outline some of our team’s crucial infrastructure improvements that have and will continue to lead to performance improvements in your workspace in the coming years.

SOC 2 Type II

TaxDome’s SOC 2 Type II compliance commitment

We’re happy to announce that TaxDome has attained SOC 2 Type II certification: a testament to our commitment to providing you and your clients with multi-layered, industry-leading security and privacy.

SOC 2 Type II

TaxDome completes SOC 2 Type I Audit Examination

TaxDome, a provider of integrated software solutions for tax professionals and accountants, has completed a System and Organization Controls (SOC) 2 Type I attestation for Security

Frequently asked questions

Can you share your organization’s security policies?

Please see TaxDome’s Security Policy and Privacy Policy.

Do you have a formal incident response policy?

Yes, TaxDome has multiple incident response plans in place, including:

 

– Security incident response policy

– Production incident protocol

– Non-technical team critical incident protocol

– Emergency bug fix protocol

Do you have SOC 2 certification?

Yes, TaxDome has attained SOC 2 Type II certification: a testament to our commitment to providing you and your clients with multi-layered, industry-leading security and privacy.

Is TaxDome PCI DSS-compliant?

Yes. TaxDome is PCI-compliant through its payment partners, Stripe and CPACharge — both certified to PCI DSS Level 1, the highest level of certification available.

Because TaxDome does not directly store or process cardholder data, our platform inherits PCI compliance through secure, third-party integrations. All payment transactions are encrypted and handled securely in accordance with PCI standards.

Is TaxDome Gramm-Leach-Bliley Act (GLBA) compliant?

Yes, TaxDome is compliant with the Gramm-Leach-Bliley Act (GLBA). The GLBA mandates that financial institutions protect the privacy of consumers’ personal information. At TaxDome, we adhere to stringent data protection measures and implement robust security protocols to ensure compliance with GLBA requirements. This commitment ensures that the sensitive information of our clients and their customers is safeguarded against unauthorized access and potential breaches.

Get help on Trust Center usage
If you need help using the Trust Center or want to learn more about our security measures, please contact our Support Team.
Explore the trends shaping the future of accounting and why its best years are ahead.
Download the 2025 TaxDome Annual Report
350+ companies surveyed: How business clients choose accountants and what they're willing to pay.
Download the report
Download the security guide to learn how to protect client data and build lasting trust.
Get the quide
Discover how a team of 10 with 1,000+ clients achieved 5-star loyalty.
Read the story