TaxAgentPortal
Tax Agent Portal

Data Security Statement

Technical and operational safeguards used on TaxAgentPortal.

Last updated: 12 June 2026 · Effective: 12 June 2026

Template notice: This document is a template draft only and does not constitute legal advice. It should be reviewed by a qualified lawyer in your jurisdiction before public launch or commercial use.

Access control

  • Role-based access for super admin, firm admin, staff and client roles.
  • Multi-tenant isolation — each firm operates in its own workspace.
  • Row-level security (RLS) policies on database tables.
  • Per-firm secure storage folders for uploaded documents.
  • Signed URLs for document downloads where supported.

Sensitive identifiers

  • TFN and ABN values are masked in UI; full values are not displayed.
  • Sensitive values are hashed/encrypted at rest where applicable.

Server-side secrets

  • Service-role keys, Stripe secret keys and other privileged credentials are stored server-side and never exposed to the browser.
  • Authentication uses short-lived tokens; sessions can be revoked.

Logging

  • Audit logs are kept where supported for sensitive actions.
  • Failed access attempts may be logged for security review.

What we do NOT claim

We do not claim "bank-level" security, SOC 2 certification, ISO 27001 certification, ATO approval, or "government-grade" security, unless and until we hold the supporting certifications.

Your responsibilities

  • Choose a strong, unique password.
  • Keep your devices secure and up to date.
  • Do not share credentials.
  • Report suspicious activity immediately.

No absolute guarantees

No internet service can be 100% secure. We continuously work to reduce risk but cannot guarantee that the platform is immune to all attack or failure.

Contact

Security concerns: support@taxagentportal.com.au