Security

1. Encryption

2. Privacy-first architecture

SafeTax is designed to never retain what is not essential:

• —Your transactions and tax data are not retained after your report is generated
• —Your reports are generated on demand and deleted after download — once in your hands, they remain exclusively in your possession
• —SafeTax never directly accesses your accounts, wallets or exchanges — you import your data yourself via CSV file

3. Authentication

Access to your account is protected by a password. Two-factor authentication (2FA) is being rolled out and will be available soon.

4. Hosting and infrastructure

SafeTax is hosted on Vercel's infrastructure, which applies high standards of physical and logical security, with redundancy and continuous monitoring. The datacenters used are ISO 27001 and SOC 2 certified.

5. Internal data access

Access to your data is strictly limited to authorised personnel, solely for operations necessary to run the service. No access for commercial or analytical purposes is permitted.

6. No data exploitation

Your data is never sold, shared or used for commercial purposes. SafeTax does not monetise user data. Trying to exploit SafeTax's data would be like trying to crack open a safe… that is almost empty.

7. In the event of an incident

In the event of a data breach likely to affect your rights, we commit to:

• —Notifying the relevant supervisory authority (ICO) within 72 hours in accordance with GDPR
• —Informing you as soon as possible if the incident directly affects you

8. Reporting a vulnerability (Responsible Disclosure)

Have you discovered a security vulnerability on SafeTax? We ask that you inform us responsibly before any public disclosure.

Contact us at: contact@safetax.io We commit to acknowledging receipt within 48 hours and treating the report seriously.

Summary