Security & Compliance
Built to protect sensitive tax data
Tax notices contain highly sensitive taxpayer and financial information. Protecting that data and handling it responsibly is foundational to everything we build at Noticehub. Security and compliance are embedded into our product design, infrastructure, and operational processes.
Information security framework
ISO/IEC 27001:2022 certified
Noticehub is ISO/IEC 27001:2022 certified and externally audited on an annual basis. This certification demonstrates that our information security management system (ISMS), including policies, controls, and supporting evidence, meets internationally recognized standards.
Our ISO 27001 certification covers how we:
Identify, assess, and manage security risks
Protect sensitive and confidential information
Control access to systems and data
Monitor, review, and continuously improve security controls
Respond to incidents and operational risks
Our information and data security policies provide further detail on the governance framework, controls, and procedures supporting this certification and can be made available upon request.
Data protection and privacy
GDPR compliance
As an EU-based data processor, Noticehub is fully compliant with the General Data Protection Regulation (GDPR). GDPR principles are applied consistently across our platform and operations, including lawful and transparent processing, data minimization, and purpose limitation.
We implement appropriate technical and organizational safeguards and maintain clear controls around data access, retention, and deletion.
Details on how personal data is processed, including user rights and data handling practices, are described in our Privacy Policy.
Our Data Processing Agreement outlines the roles and responsibilities of Noticehub and its customers with respect to personal data processing.
Security by design
Security is built into the Noticehub platform at multiple levels, ensuring that sensitive data is protected throughout its lifecycle.
Core platform security measures include encrypted data storage and transmission, role-based access controls to ensure users only see what they are authorized to access, and secure authentication mechanisms such as Single Sign-On and Multi-Factor Authentication. Development, testing, and production environments are separated to reduce operational risk.
These technical controls are supported by internal procedures documented in our Security Policy, which governs how security is implemented, monitored, and maintained across the organization.
Auditability and accountability
Tax notice workflows require full traceability. Noticehub maintains a complete, timestamped audit trail of all actions taken within the platform, including notice uploads and changes, assignments and status updates, collaboration activity, and user access events.
This level of transparency supports internal controls, compliance reviews, and defensibility during audits, reviews, or investigations — ensuring organizations can demonstrate how notices were handled, by whom, and when.
Operational controls and governance
Beyond technical safeguards, Noticehub maintains strong operational controls as part of its governance, risk management, and compliance framework.
This includes documented security policies and procedures, regular risk assessments, controlled system access, and ongoing monitoring and improvement of security controls. Our governance and operational practices are reviewed as part of our ISO 27001 certification process.
Designed for trust across teams
Noticehub is used by tax, finance, compliance, and advisory teams who rely on the accurate, secure handling of sensitive information in high-volume, time-sensitive workflows.
Our commitment is to provide a platform organizations can trust when managing tax notices that carry real financial and regulatory risk.
