Our Commitment
SimpleTaxFlow handles sensitive financial and tax data. We take that responsibility seriously. Our security practices are designed to protect your information at every stage — in transit, at rest, and during processing.
Encryption
All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Data stored within our infrastructure is encrypted at rest using AES-256 encryption via our cloud provider's managed encryption services.
Access Controls
Access to production systems is restricted through role-based access control (RBAC). Administrative access requires multi-factor authentication. We follow the principle of least privilege — team members only have access to the systems and data necessary for their role.
Infrastructure
Our application is hosted on UK-based cloud infrastructure provided by reputable, certified providers. We use managed services where possible to benefit from the provider's security investments and certifications.
Monitoring & Logging
System activity is continuously monitored. Security-relevant events are logged and retained for audit purposes. We have alerting in place for unusual activity patterns that may indicate a security concern.
Backup & Recovery
Data is backed up regularly to support recovery in the event of infrastructure disruption. Backup procedures are tested periodically to ensure reliability.
HMRC Integration
Submissions to HMRC are made using official Making Tax Digital APIs. Authorisation uses the OAuth 2.0 protocol. Access tokens are short-lived, and refresh tokens are stored in encrypted form. You can revoke HMRC access at any time from your settings or directly via your HMRC account.
Vulnerability Reporting
If you believe you have found a security vulnerability, please report it responsibly to security@infuzest.co.uk. We appreciate responsible disclosure and will work promptly to investigate and address any confirmed issues. See our Vulnerability Disclosure Policy for more details.