Security

TaxFolder gives you and your clients peace of mind by ensuring your clients’ confidential information is secure and protected. Whether requesting signatures and uploading documents from TaxCycle desktop software or accessing your client information through a browser, your client data is protected using industry-standard security and encryption methods.

Secure Cloud Storage in Canada

Documents uploaded to TaxFolder are stored on servers located in Canada, provided by third-party cloud-hosted services such as Microsoft Azure and Amazon Web Services. When necessary, data may temporarily pass through other locations and jurisdictions, as described in our privacy policy.

Uploaded documents are encrypted using 256-bit AES encryption.

SSL Encryption

TaxFolder uses SSL encryption to protect any data sent to or from your clients over the internet. These are the same transfer encryption protocols required by the Canada Revenue Agency (CRA) when filing returns from TaxCycle desktop software.

Web browsers handle this encryption automatically for you when accessing a website through "https." When your communication is encrypted in transit, most web browsers will show you a visible "lock" of some sort to reassure you that this is happening.

Multi-Factor Authentication

TaxCycle Accounts for signing into TaxFolder include an extra layer of protection for you and your clients via two-factor authentication. Once enabled, you can choose to sign in with an authenticator app or request a verification code via text message.

Creating an account when signing a document is optional for your clients. Regardless, their documents are still protected by two-factor authentication and optional additional knowledge-based authentication questions. They must verify their identity before they can view, sign or retrieve a copy of their signed document.

Client documents are never attached to emails, and links in emails always require this verification step.

Role-Based Authorization

Administrators of your TaxFolder account can control the level of access of employees in your firm. You can designate specific individuals to see all client records or limit them only to the engagements assigned to them.

Audit Trail for Electronic Signatures

Each signed document includes a certificate that provides evidence of the date, time and IP address of when and where the document was signed.

Workflow and tracking features in TaxFolder and TaxCycle log the date and time when signatures were requested, signed and downloaded. 

Security Testing and Monitoring

We monitor TaxFolder operations and security. Intrusion attempts are logged, and our operations team is alerted immediately if an issue is discovered.

We regularly perform vulnerability scans and conduct security reviews of TaxFolder. If those tasks uncover any weaknesses, we remedy them in a timeframe based on their severity and risk.

We also periodically engage external security experts to perform security audits of TaxFolder.

Confidential (Even from Us)

Your client information stays confidential, including from staff at TaxCycle. Client documents and data are private and access from our staff is restricted to designated staff strictly for the purpose of development and maintenance of TaxFolder.

Our Ongoing Commitment

The TaxCycle and TaxFolder teams at Trilogy Software are committed to staying up to date on industry trends and CRA security requirements. We work to continuously improve the security that protects your data.