Security Policy

1. Overview of Security Approach

Metrox TaxInvoo follows a layered security model covering application, infrastructure, network, and access controls.

Our objective is to protect confidentiality, integrity, and availability of customer data.

2. Data Encryption

Data in transit is protected using TLS/SSL encryption. Sensitive data at rest is protected through encryption controls supported by our cloud infrastructure.

3. Access Control & Authentication

• Role-based access controls for business users and team members.
• Authentication safeguards for account access.
• Restricted administrative access following least-privilege principles.

4. Secure Payment Processing

Payments are processed through trusted third-party gateways. Metrox TaxInvoo does not store full raw card numbers on application servers.

Payment handling follows the standards and controls of integrated payment partners.

5. Infrastructure Security

• Cloud-hosted services with hardened access policies.
• Network-level controls, firewalling, and secure configurations.
• Environment segregation for production and non-production workflows.

6. Regular Monitoring & Audits

We maintain logs and monitoring to detect anomalies, suspicious activity, and operational issues.

Periodic internal security checks and vendor updates support ongoing risk management.

7. Incident Response Plan

In case of a confirmed security incident, we follow a response plan covering triage, containment, investigation, remediation, and communication.

Where required by law or contractual obligations, impacted users will be notified.

8. User Responsibilities

• Use strong passwords and keep credentials confidential.
• Assign roles carefully and revoke inactive user access.
• Report suspicious account or billing activity immediately.

9. Limitations

No digital system can guarantee absolute security. While we follow robust safeguards, users should maintain prudent security practices within their own organizations.