At Deductic, protecting customers’ personal data is of paramount importance. We know that the information you provide to us in relation to your tax return is particularly sensitive. We put customer data security at the heart of everything that we do and it is a key priority in the design of our software solutions. Moreover, we constantly review our existing processes and systems to ensure that these are consistently improved so we remain secure.

Physical Security

We are cloud native and have opted to host our service on Digital Ocean as a best-in-class provider of cloud infrastructure solutions. Digital Ocean is certified under several global compliance programmes which demonstrate best practices in terms of data centre security, including:

  • ISO 27001 Information Security Management Controls
  • PCI-DSS Level 1 Payment Card Standard
  • AICPA/SOC 1 and SOC2
  • Cloud Security Alliance (CSA) STAR Level 1

A full list of Digital Ocean compliance programs can be found here:

For further information on Digital Ocean data centre controls see here:

Encryption and Information Security

We encrypt all network data at transport level and encrypt confidential personal data at rest. Confidential personal data on our platform is stored in encrypted databases. Additionally, we encrypt your passwords securely rather than store them as plain text. We only apply best practices in relation to encryption key storage and security.

We comply with best practices and regulations relating to management and processing of personal data under the General Data Protection Regulations (GDPR). Further information on this can be found in the Privacy Policy.

Access control

All access to the platform is logged and audited for suspicious behaviour. Anti-brute force and time-limited login protections are in place to ensure access is only made by the customer.