Security & Compliance
Built to protect sensitive tax data
Tax notices contain highly sensitive taxpayer and financial information. Protecting that data and handling it responsibly is foundational to everything we build. Security and compliance are embedded into our product design, infrastructure, and operational processes.
Information security framework
ISO/IEC 27001:2022 certified
Noticehub is ISO/IEC 27001:2022 certified and externally audited annually. Our information security management system, including policies, controls, and supporting evidence, meets internationally recognized standards across how we identify, assess, and manage security risks, protect sensitive information, control access to systems and data, monitor and continuously improve security controls, and respond to incidents and operational risks.
Our information and data security policies provide further detail on the governance framework and controls supporting this certification, and are available upon request.
Data protection and privacy
GDPR compliance
As an EU-based data processor, Noticehub is fully compliant with the General Data Protection Regulation. GDPR principles are applied consistently across our platform and operations, including lawful and transparent processing, data minimization, and purpose limitation. Appropriate technical and organizational safeguards are in place, with clear controls around data access, retention, and deletion.
How personal data is processed, including user rights and data handling practices, is described in our Privacy Policy. Our Data Processing Agreement outlines the respective roles and responsibilities of Noticehub and its customers with respect to personal data processing.
Security by design
Security is built into the platform at every level, ensuring sensitive data is protected throughout its lifecycle. Core measures include encrypted data storage and transmission, role-based access controls, and secure authentication mechanisms including Single Sign-On and Multi-Factor Authentication. Development, testing, and production environments are separated to reduce operational risk.
These technical controls are supported by our Security Policy, which governs how security is implemented, monitored, and maintained across the organization.
Auditability and accountability
Tax notice workflows require full traceability. Noticehub maintains a complete, timestamped audit trail of all actions taken within the platform, including notice uploads and changes, assignments and status updates, collaboration activity, and user access events.
Organizations can demonstrate how notices were handled, by whom, and when, supporting internal controls, compliance reviews, and defensibility during audits or investigations.
Operational controls and governance
Beyond technical safeguards, Noticehub maintains strong operational controls as part of its governance, risk management, and compliance framework.
This includes documented security policies and procedures, regular risk assessments, controlled system access, and ongoing monitoring of security controls, all reviewed as part of our annual ISO 27001 certification process.
Designed for trust across teams
Tax, finance, compliance, and advisory teams rely on Noticehub to handle sensitive information accurately and securely in high-volume, time-sensitive workflows. Our commitment is to provide a platform organizations can trust when managing notices that carry real financial and regulatory risk.
