Skip to main content

Solutions

Law firms

Tax, audit & accounting firms

Corporations

Governments

Products

Legal

Trade & supply

Tax, audit & accounting

Corporate tax

Risk & fraud

Books

Recommended products

Questions? We are here to help.
Contact us

Purchase

Buy solutions

Buy books

Contact sales

Questions? We are here to help.

Resources

Insights

Events

Product training

Product communities

Developers

Policies and statements

About information security

Learn how SafeSend protects data with encryption, secure hosting, backups, testing, and monitoring, and how to report potential security issues.
At SafeSend, security is our top priority. We are committed to protecting your account data and earning your trust. We want you to feel confident and secure when using SafeSend.
The following outlines how SafeSend manages and protects your data.

Cloud-hosted servers and data centers

The SafeSend servers are hosted on Microsoft Azure servers located in the United States. Microsoft Azure uses advanced firewalls and intrusion detection technology to provide the greatest level of security for our customers.
SafeSend monitors its servers and firewall 24/7. Each client's data is stored in its own dedicated database within Microsoft Azure.

Web application firewall

All SafeSend websites are protected by a web application firewall. The sites are behind the firewall, then when they are accessed we use a 2048-bit SSL encryption. All databases are encrypted and stored in the Microsoft® Azure cloud. Our sites follow the latest OWASP 3.1 Ruleset.

Data backup

Microsoft Azure performs daily backups. The data stored in those backups is never decrypted during the process, and backup media is physically secured at all times to ensure the utmost in security. Azure backups are rotated in encrypted form to alternate secured locations in the event of a natural disaster.

Data in transfer

SafeSend protects all data with full encryption during transmission and at rest, using SHA256 certificates under TLS 1.2 encryption.

Penetration testing

A 3rd party performs penetration testing every 12 months to evaluate the security of SafeSend's information technology environment. The testing simulates people attempting to gain unauthorized access to application resources and data. They use known vulnerabilities and other hacking techniques.
Testers also evaluate external-facing components, including IP addresses and URLs, to simulate people attempting to access system components through publicly accessible internet endpoints.

SOC 2 examination

SafeSend undergoes an annual Type 1 SOC 2 examination, which evaluates management's controls against the AICPA Trust Services Principles and Criteria, covering the following areas:
  • Security
  • Confidentiality
  • Availability

Attachment file virus/malware scan

SafeSend performs a basic virus/malware scan on files uploaded by taxpayers. It will recognize known malicious files and the file upload will fail. This basic scan may not catch all malicious files, so people need to follow safe file download practices.

Reporting security issues

If you have discovered a vulnerability in a SafeSend product, email us at: support@safesend.com. Include a detailed summary of the issue including the name of the product (for example, SafeSend) and the nature of the issue you believe you’ve discovered. SafeSend will respond to your notification within a reasonable amount of time and will quickly work to fix the reported vulnerability.

This article applies to:

  • Product: safesend
  • Audiences: Staff