Legal

Security Policy.

Our commitments and disclosure program.

Security is foundational to Accountaxed. We utilize Firebase Firestore with AES-256 encryption at rest and TLS 1.3 for data in transit. We enforce strict multi-tenant data isolation across all storage layers.

Encryption

  • AES-256 at rest for all customer data, configurations, and API keys.
  • TLS 1.3 in transit for all network traffic between client, server, and AI providers.
  • Per-tenant encryption keys derived through HKDF.

Access Controls

  • Role-based access control (RBAC) for all admin operations.
  • Audit logging for all production data access by Accountaxed staff.
  • MFA required for all employee accounts.

Responsible Disclosure

If you believe you have discovered a vulnerability in our application, please report it immediately to security@accountaxed.com. We operate a responsible disclosure program and will acknowledge reports within 48 hours.

Out of Scope

Issues that do not constitute security vulnerabilities (e.g., spam, social engineering, denial of service against single user accounts) are out of scope for our disclosure program.