Sécurité

Our commitment

We take the security of your account and data seriously. This page summarizes how we approach security for CalFTax. It is informational and does not create a guarantee of any particular outcome or certification.

What we do

Encryption in transit: We use HTTPS (TLS) for traffic between your browser and our services.

Trusted infrastructure: We rely on established cloud and service providers for hosting, authentication, databases, and related operations, with access controls appropriate to a small SaaS product.

Application security: We follow common practices to reduce risk, such as limiting exposure of secrets, rate limiting sensitive endpoints where implemented, and reviewing changes that affect authentication or data access.

Authentication: We use industry-standard authentication flows (e.g. through our identity provider) so you can sign in securely.

What we cannot promise

No online service can guarantee perfect security. Risks include phishing, credential theft, device compromise, and vulnerabilities in third-party software. You are responsible for using a strong password, keeping it private, and protecting your devices.

Your data and uploads

You choose what to enter or upload. Avoid sharing more sensitive information than necessary. Outputs from AI-assisted features may be wrong or incomplete; treat them as inputs to your own judgment, not as authoritative filings.

Reporting a security issue

If you believe you have found a security vulnerability in CalFTax, please contact us through the Contact page with enough detail for us to reproduce or investigate. We appreciate responsible disclosure and will treat good-faith reports seriously.