Last updated 8th July 2020
It’s your data – keeping it safe is our priority.
Where is the data hosted
@GoSimpleTax host our Websites Application GoSimpleTax with UKFast and Amazon Web Services (AWS). AWS is located on hosting facilities physically located in Dublin, Ireland and UKFast on hosting facilities in the UK. All employ robust physical security controls including CCTV, security staff and two factor authentication.
We take the security of your data very seriously and follow best practise procedures to secure our servers, including:
- 256 bit SSL data encryption of all data going between You and our Applications.
- Use of strong passwords.
- Regular installation of security patches.
- Firewalls implemented on servers.
- Data encryption at rest.
@GoSimpleTax monitors event logs, notifications and other alerts to help identify and manage potential threats.
- 24 hour Threat Monitoring.
- Automatic DDOS blocking.
- Weekly Internal & External Vulnerability Scans.
Availability of the Service
@GoSimpleTax work with UKFast & AWS to maintains Application uptime.
UKFast & AWS are monitored 24/7 to detect incidents and solve problems.
Disaster Recovery and backup procedures
@GoSimpleTax has procedures in place should a worst-case scenario such as a hosting failure happening, @GoSimpleTax can quickly switch to a backup to keep the website running.
@GoSimpleTax takes a regular snapshot of all customer data daily.
@GoSimpleTax retains these snapshots for a minimum of 1 week for disaster recovery purposes.
Access to information
@GoSimpleTax will only give access to the data stored within the servers where necessary and only ever to personnel who require access to ensure the smooth running of the Applications.
UKFast & AWS do not have access to the data.
Anyone who is granted access whether internal or external is closely monitored by a senior member of staff.
Data relating to financial information on the Tax Return is encrypted at rest within GoSimpleTax and can only be seen if the user expressly grants access within the application. This access is restricted to development and support personnel and the anonymised duplicate record made for development/support purposes is automatically deleted after 14 days.