Loading…
Security is not a checklist for us — it is the architecture. Here is how Taxos protects every firm and every client on the platform.
Every request is resolved to a tenant via subdomain and a scoped context. All data access is filtered at the infrastructure layer — no cross-tenant reads are possible from application code.
TLS 1.2+ in transit, AES-256 at rest for the database and document blob storage. Secrets are stored in a managed key vault and never in source control.
Authorization is permission-first, not role-first. Every endpoint is guarded by an explicit permission claim and validated against the current user's resolved permission set.
Every mutation is captured in an append-only audit log with actor, timestamp, tenant context, and a JSON snapshot of the before and after state. Retention is configurable per tenant.
Rate limiting at the edge, CORS lock-down per tenant, dependency scanning, and least-privilege service accounts across the platform.
Documents and messages carry an explicit visibility flag. Client-portal queries are filtered server-side — clients can never see anything marked internal.
Spin up a branded tenant in minutes. Bring one client, one case, one workflow — and feel the difference before lunch.