Doortax, Inc. Security Policy

At Doortax, Inc., we are committed to safeguarding the personal and financial information of our clients. This security policy outlines the steps we take to protect sensitive data and ensure compliance with applicable regulations.

Data Protection

We collect sensitive data, including but not limited to:

  • State Driver’s Licenses
  • State IDs
  • Social Security Cards
  • Financial Records
  • Wage Reports
  • Contact Details

All data is encrypted during transmission and storage using industry-standard protocols to ensure confidentiality and security.

Access Control

Access to sensitive data is strictly controlled and based on role:

  • Doortax Executive Team and Administrators: Full access to all client information.
  • Licensed Tax Preparers: Limited access to the client information of the clients they are assigned.

Granting and Revoking Access:

  • Access to sensitive data is granted only after a comprehensive background check has been completed for all personnel.
  • Access is role-based, with Licensed Tax Preparers having the minimum necessary access to perform their duties.
  • Upon termination of employment or contract, all access is immediately revoked through the deactivation of user credentials and revocation of permissions.

Data Retention and Deletion

Doortax, Inc. retains tax records for up to 7 years in compliance with applicable tax regulations. Clients have the right to request the deletion of data older than 7 years by contacting contact@doortax.com and requesting “Account and Data Deletion.” Deletion requests are processed promptly, except in cases where data must be retained for legal or regulatory reasons (e.g., audits).

Clients also have the right to request data correction in case of typographical or other errors.

Compliance

Doortax, Inc. complies with the following regulations:

  • GDPR (General Data Protection Regulation): We ensure that client data is handled in accordance with European privacy laws.
  • IRS Tax Preparer Regulations: Our operations comply with all relevant U.S. tax preparer requirements, including the possession of a valid PTIN (Preparer Tax Identification Number) and EFIN (Electronic Filing Identification Number), as mandated by the IRS.

Incident Response Plan

In the event of a data breach or security incident, Doortax, Inc. will follow this protocol:

  1. Identification: Our security team will immediately investigate any suspected breach and determine the scope and cause.

  2. Containment: We will take immediate steps to contain the breach by securing affected systems, limiting further data exposure, and disabling compromised accounts.

  3. Assessment: We will assess the severity of the breach, including the types of data affected, and determine the potential impact on our clients.

  4. Notification: If client data is compromised, affected individuals will be notified as soon as possible, providing them with information on what data was exposed and the steps they can take to protect themselves.

  5. Recovery and Review: We will restore the integrity of our systems and review our policies to prevent future incidents.

Client Rights

Clients have the right to:

  • Request the deletion of data older than 7 years.
  • Request correction of any errors in their data.

All requests must be submitted via email to contact@doortax.com, and we will act on these requests in compliance with GDPR and IRS regulations.