Book a meeting

Security policy

Information security framework

ISO/IEC 27001:2022 certified

Taxology is ISO/IEC 27001:2022 certified and externally audited annually. Our information security management system, including policies, controls, and supporting evidence, meets internationally recognized standards across how we identify, assess, and manage security risks, protect sensitive information, control access to systems and data, monitor and continuously improve security controls, and respond to incidents and operational risks.

Our information and data security policies provide further detail on the governance framework and controls supporting this certification, and are available upon request.

Data protection and privacy

GDPR compliance

As an EU-based data processor, Taxology is fully compliant with the General Data Protection Regulation. GDPR principles are applied consistently across our platform and operations, including lawful and transparent processing, data minimization, and purpose limitation. Appropriate technical and organizational safeguards are in place, with clear controls around data access, retention, and deletion.

How personal data is processed, including user rights and data handling practices, is described in our Privacy Policy. Our Data Processing Agreement outlines the respective roles and responsibilities of Taxology and its customers with respect to personal data processing.

Security by design

Security is built into the platform at every level, ensuring sensitive data is protected throughout its lifecycle. Core measures include encrypted data storage and transmission, role-based access controls, and secure authentication mechanisms including Single Sign-On and Multi-Factor Authentication. Development, testing, and production environments are separated to reduce operational risk.

These technical controls are supported by our Security Policy, which governs how security is implemented, monitored, and maintained across the organization.

Auditability and accountability

Withholding tax recovery workflows require full traceability. Taxology maintains a complete, timestamped audit trail of all actions taken within the platform, including mutations, forfeits, assignments and status updates, collaboration activity, and user access events.

Organizations can demonstrate how recoveries were handled, by whom, and when, supporting internal controls, compliance reviews, and defensibility during audits or investigations.

Operational controls and governance

Beyond technical safeguards, Taxology maintains strong operational controls as part of its governance, risk management, and compliance framework.

This includes documented security policies and procedures, regular risk assessments, controlled system access, and ongoing monitoring of security controls, all reviewed as part of our annual ISO 27001 certification process.

Designed for trust across teams

Tax, finance, compliance, and advisory teams rely on Taxology to handle sensitive information accurately and securely in high-volume, time-sensitive workflows. Our commitment is to provide a platform organizations can trust.