Security Incident Response Policy for TaxPro Reply (Last Updated: 02/24/2025)

This Security Incident Response Policy ("Policy") outlines how TaxPro Reply ("we," "us," or "our") manages security incidents affecting the TaxPro Reply service ("Service"). Our goal is to protect your data, respond promptly to incidents, and maintain trust with our subscribers. This Policy applies to all users and is supplemental to our Terms and Conditions and Privacy Policy.

1. Purpose

We are committed to safeguarding the confidentiality, integrity, and availability of the Service and the data you entrust to us. This Policy establishes our process for identifying, assessing, and addressing security incidents to minimize impact and ensure compliance with applicable laws.

2. Definition of a Security Incident

A security incident includes any event that compromises or threatens to compromise the security of the Service, such as:

Unauthorized access to user accounts or data.Loss, theft, or unintended disclosure of personal or tax-related information.Malware, phishing, or other cyberattacks affecting Service operations.

3. Incident Response Process

Our response to security incidents follows these steps:

Identification: We monitor systems continuously to detect potential incidents through automated tools, user reports, or internal audits.Containment: Upon detection, we act swiftly to isolate affected systems or accounts to limit further damage, while preserving evidence for analysis.

Assessment: Our security team evaluates the scope, severity, and impact of the incident, including any data breach or operational disruption.Resolution: We implement measures to eliminate the threat, restore affected services, and strengthen defenses against recurrence.

Notification: If an incident involves your personal information, we will notify you via email within 72 hours of confirming a breach, unless delayed by law enforcement or legal requirements. Notifications will include details of the incident and recommended actions.

Review: Post-incident, we conduct a thorough analysis to identify root causes and update our security practices accordingly.

4. User Responsibilities

To support our security efforts, you agree to:

Report suspected incidents (e.g., unusual account activity) to [email protected] promptly.

Maintain secure account credentials and comply with the Fair Use Policy.Cooperate with us during incident investigations, if requested.

5. Data Protection Commitment

We employ industry-standard measures to protect your data, including encryption, access controls, and regular security assessments. In the event of a breach, our priority is to mitigate harm and restore Service integrity as quickly as possible.

6. Legal and Regulatory Compliance

We adhere to applicable data protection laws (e.g., CCPA, GDPR where relevant) and will notify authorities as required. If a breach affects client data you manage through the Service, you remain responsible for any downstream notifications to your clients.

7. Limitations

While we strive to prevent and resolve incidents, we cannot guarantee immunity from all security threats. Our liability is limited as outlined in the Terms and Conditions, and we are not responsible for damages caused by your failure to secure your account.

8. Policy Updates

We may revise this Policy to reflect changes in our practices or legal obligations. Updates will be posted here, and you will be notified via email or within the Service. Continued use of the Service constitutes acceptance of the revised Policy.

9. Contact Us

For questions, concerns, or to report a security incident, please contact us at [email protected]