HomePricingSecurityBlogsPolicies
Sign In
Get Started

Security Policy

Last Updated: 18/03/2025

Ezyiah is dedicated to protecting the security of your personal information and ensuring the safety of our platform. This Security Policy outlines the measures we take to safeguard your data and the responsibilities of both Ezyiah and its users. By using Ezyiah, you agree to the terms of this Security Policy.

1. Purpose of the Policy

The purpose of this Security Policy is to outline Ezyiah’s commitment to safeguarding user data and to provide an overview of the security practices we have in place. This Policy is designed in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Notifiable Data Breaches (NDB) scheme.

2. Scope of the Policy

This Security Policy applies to all users of the Ezyiah platform, including individual taxpayers, business owners, and tax professionals in Australia. It covers data protection measures for personal information, financial data, and user-generated content.

3. Data Protection and Encryption

Ezyiah uses advanced security measures to protect your personal information from unauthorized access, misuse, or disclosure:

  • Data Encryption: All user data is encrypted both in transit and at rest using industry-standard encryption protocols (e.g., AES-256 for data storage and TLS 1.3 for data transmission).
  • Two-Factor Authentication (2FA): We offer two-factor authentication to provide an additional layer of security for user accounts, helping to prevent unauthorized access.
  • Secure Data Storage: User data is stored on secure servers with robust access controls and regular security audits to ensure data integrity.

4. Access Controls

Ezyiah implements strict access controls to protect sensitive information:

  • Role-Based Access: Access to user data is restricted based on role, with only authorized personnel granted access to perform specific tasks.
  • Least Privilege Principle: Employees and service providers are granted the minimum level of access necessary to fulfill their job responsibilities.
  • Regular Audits: Access logs are regularly reviewed and audited to detect any unauthorized access or suspicious activity.

5. Network and Infrastructure Security

Ezyiah employs best practices for network security to protect against external threats:

  • Firewalls and Intrusion Detection: Our network is protected by firewalls and monitored by intrusion detection systems (IDS) to detect and block malicious activity.
  • Secure Hosting Environment: Ezyiah’s platform is hosted in a secure data center that complies with international security standards, including ISO 27001 certification.
  • DDoS Protection: We use distributed denial-of-service (DDoS) protection services to mitigate the risk of cyberattacks and ensure platform availability.

6. User Responsibilities

While Ezyiah implements robust security measures, users also play a critical role in maintaining the security of their data:

  • Strong Passwords: Users are required to create strong, unique passwords and are encouraged to update them regularly.
  • Two-Factor Authentication (2FA): Users should enable 2FA for additional protection.
  • Suspicious Activity: Users must report any suspicious activity or potential security breaches to Ezyiah immediately at [email protected].

7. Incident Response and Breach Notification

Ezyiah has a comprehensive incident response plan to address potential security breaches:

  • Incident Detection: We continuously monitor our systems for potential security incidents using automated tools and manual reviews.
  • Incident Response Team: In the event of a security breach, our incident response team will promptly investigate the issue, contain the breach, and take corrective actions.
  • Breach Notification: In compliance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth), we will notify affected users and the Office of the Australian Information Commissioner (OAIC) if a data breach is likely to result in serious harm.

8. Regular Security Assessments

To maintain the highest security standards, Ezyiah conducts regular assessments and updates:

  • Penetration Testing: We engage third-party security experts to conduct penetration testing and identify potential vulnerabilities in our platform.
  • Vulnerability Scanning: Automated vulnerability scans are performed regularly to detect and address potential weaknesses.
  • Security Updates: We implement regular software updates and patches to address known security issues and improve the overall resilience of our platform.

9. Data Backup and Recovery

Ezyiah has robust data backup and recovery protocols in place to prevent data loss:

  • Regular Backups: User data is backed up regularly to secure, geographically diverse locations.
  • Disaster Recovery Plan: Ezyiah has a disaster recovery plan in place to restore services quickly in the event of a critical failure or data loss incident.

10. Compliance with Australian Law

Ezyiah’s security practices comply with Australian legal requirements, including:

  • Privacy Act 1988 (Cth): We follow the Australian Privacy Principles (APPs) to protect personal information.
  • Notifiable Data Breaches (NDB) Scheme: We comply with the NDB scheme’s requirements for reporting data breaches that are likely to cause serious harm.
  • Australian Signals Directorate (ASD) Guidelines: Our security measures align with the guidelines set forth by the Australian Cyber Security Centre (ACSC).

11. Changes to the Security Policy

Ezyiah may update this Security Policy periodically to reflect changes in technology, legal requirements, or our security practices. Users will be notified of any significant updates. Continued use of the platform constitutes acceptance of the revised Policy.

12. Governing Law

This Security Policy is governed by the laws of the State of Victoria, Australia. Any disputes arising under this Policy will be subject to the exclusive jurisdiction of the Victorian courts.

13. Contact Information

If you have any questions, concerns, or reports of security issues, please contact us at: