Security & Compliance
Your Data is Protected
At Sovos, we take security seriously. When you use our Tax Information Reporting platform, you can trust that sensitive tax information is protected with the same enterprise-grade security used by major financial institutions. Learn more on the Sovos Trust Center.
certified & audited
ISO 27001 Certified
Our security practices meet international standards for information security.
SOC 2 Type II Certified Data Centers
Your data is hosted at Flexential, which maintains SOC 2 Type II certification with annual independent audits.
Bank-Level encryption
Data in Transit
All data sent to and from our platform is encrypted using TLS 1.2+ (the same security your bank uses).
Data at Rest
Your data is encrypted in our systems using AES 256-bit encryption.
Secure Infrastructure
- 24/7 monitoring – Our security team watches for threats around the clock
- Annual penetration testing – Third-party experts test our defenses every year
- Regular backups – Your data is backed up automatically
- Business continuity plan – We’re prepared to keep your data safe even in emergencies
access controls
Multi-Factor Authentication (MFA)
Add an extra layer of security by requiring a second verification step when users log in.
Role-Based Permissions
Control who on your team can view, edit, or approve returns.
Data RETENTION
We keep your data for 4 years (current year + 3 prior years) so you can access historical returns, file amendments, and respond to IRS inquiries.
When you’re done with us, your data is securely deleted using industry-standard methods.
PRIVACY MATTERS
- Data Protection Officer – We have a dedicated officer overseeing privacy compliance
- Your data stays yours – We never sell or share your information
- Transparent practices – View our full privacy policy at sovos.com/privacy-policy
IRS COMPLIANCE
Our platform is IRS-authorized for electronic filing and supports all state filing requirements, so you can file with confidence.