Safeguarding your confidential information takes a multi-pronged approach. From transport encryption, to transparent encryption/decryption of data at rest, to data sanitization and validation and more, we're putting our best foot forward.
We use only High Grade transport encryption for securing your web browser session to both our website and our cloud software application. Using High Grade encryption helps ensure that your connection cannot be intercepted and decoded or eavesdropped on while in transit between our servers and your computer. If you're reading this, it means your browser supports high grade encryption. You cannot access our website or our app without encryption enabled.
Encryption at Rest
When you create Filers/Companies and Recipients, sensitive information such as Tax ID, Name, Address, etc are encrypted using the AES algorithm with 256-bit keys (AES-256) in CBC mode. This is the same encryption approved/required for TOP SECRET military documents. Each customer(what we call a Registrant in our system) is provisioned a unique set of encryption keys that differ from Registrant to Registrant. In the event of an unauthorized disclosure of a given Registrant's core cryptographic keys, the impact would be limited to a specific Registrant, not all customers. Additionally each users password is hashed using a key derivation function with a high cost (iteration) count.
We sanitize information and strip potentially malicious data from all input fields on our website and our cloud software application. We further validate each field's information to ensure it meets our programmatic expectation for insertion into our database.
Compliant Hosting Environment
Our servers run SELinux in enforcing mode hosted on AWS (Amazon Web Services). Amazon infrastructure was designed and is managed in alignment with the following regulations, standards, and best practices including: HIPPA, SOC 1/SSAE 16/ISAE 3402 (formerly SAS70), SOC 2, SOC 3, PCI DSS Level 1, ISO 27001, MTCS Tier 3, FedRAMP (SM), DIACAP and FISMA, ITAR, FIPS 140-2, CSA, MPAA. You can read more about Compliance in the Amazon AWS infrastructure by visiting the AWS Compliance site.
Compliant Print & Mail Processing Facility
The facilities we use for Printing & Mailing your forms passed an SSAE 16 Type II audit and works with businesses in the Financial, Healthcare, Tax and other industries that handle sensitive information.
We support Multi-Factor authentication to add an extra layer of security to your account. Multi-factor authentication requires at least two independent authentication factors. E.G. something you know (your password), and something you possess (a secret code on your smart phone). Essentially once you enable this feature in your profile, we provide you with a QR code you can scan with your smart phone using Google Authenticator (or similar). Once scanned a code will be available in the Google Authenticator app that rotates every thirty seconds. You will be required to type in your E-Mail Address, your Password, AND this six digit code when you login. This helps keep you safe in the event somebody with malicious intent gets a hold of your e-mail address and password. Without your smart phone too, they would be unable to access your confidential data.