Security

When you create Filers/Companies and Recipients, core fields like Tax ID, Name, and Address are encrypted using the AES algorithm with 256-bit keys (AES-256). Every account (or “Registrant”) is assigned a unique set of encryption keys, ensuring that each customer’s data is isolated from others. We also apply a key derivation function with a high iteration count to hash all user passwords.

E-File Magic applies encryption in three layers to safeguard sensitive information:

1. Transport Layer: All connections use encrypted HTTPS (TLS 1.2 or above), so data is protected from interception as it travels between your browser and our servers.
2. Storage Volumes: The operating system drives and backup snapshots of our primary compute cluster are encrypted at the storage level, preventing unauthorized access to raw data.
3. Application Layer: We employ both asymmetric and symmetric cryptography, minimizing the need to store decryption keys in our database or config files. This design demands rigorous diligence from initial development through deployment, but it’s essential for maintaining data integrity and security.

We continually refine our application-layer encryption to exceed minimal industry standards. While some competitors only encrypt basic fields like SSN or EIN, we go beyond, protecting over fifty unique sensitive data points system-wide.

We exclusively use high-grade TLS (1.2 or above) to encrypt all connections to our public website and cloud application. This ensures your traffic cannot be intercepted or eavesdropped upon. If you’re reading this, your browser supports the required encryption level—unencrypted access is not permitted.

Our primary compute cluster and database reside on AWS volumes that transparently encrypt and decrypt data before writing or reading. This helps protect the integrity of the information stored on our systems and any backup snapshots.

We sanitize inputs to remove potentially malicious content and validate each field’s data before inserting it into our database. This prevents malformed or malicious data from impacting our environment.

We use parameterized statements for all database interactions involving user-defined data—create, read, update, and delete operations. This best practice protects against SQL injection, long identified by OWASP as a top vulnerability in web applications.

Our servers run SELinux in enforcing mode within Amazon Web Services (AWS). AWS is designed and managed to meet a range of regulations, standards, and best practices: HIPAA, SOC 1/2/3, PCI DSS Level 1, ISO 27001, FedRAMP (SM), FIPS 140-2, and many more. Learn more here.

Our Print & Mail partners undergo annual SOC 2 audits and regularly process sensitive data for financial, healthcare, tax, and other industries. They adhere to the same high standards we do.

We support Multi-Factor Authentication (MFA) for added account security, requiring multiple factors like something you know (password) and something you have (smartphone code). Once enabled in your profile, you’ll scan a QR code using Google Authenticator (or similar), generating a new code every 30 seconds. You must provide your email, password, and this rotating code at login, thwarting unauthorized access.

We set a strict Content Security Policy that modern browsers (Chrome, Edge, Safari) enforce via headers. This policy dictates which resources can load on our domain, limiting cross-site scripting and injection attacks. Learn more about how CSP enhances security.

Our servers operate within AWS, where we’ve configured the AWS Web Application Firewall (WAF) to inspect incoming traffic using Amazon-managed and third-party rules. AWS WAF helps block common exploits before they reach our infrastructure. Read more here.

We issue Strict Transport Security headers to your browser, instructing it to only connect via HTTPS. This further reduces the risk of man-in-the-middle attacks and ensures that insecure connections are disallowed. Learn more here .