Revax

Security & trust

Safe, private, and trusted with client data.

Tax work is sensitive. Revax is engineered to ensure that everything you put into the platform is confidential & protected at every layer.

Principles

Security at every layer of the platform.

  • Zero training on your data

    Your data stays yours. Your inputs, outputs, and uploaded documents are never used to train, fine-tune, or improve any model - ours or our providers'. Contractual in our service agreement with clients, and our model providers under zero-retention terms.

  • Data residency & control

    You decide what's uploaded, set retention policies, and delete at any time. Data is held in-region in ISO-aligned cloud infrastructure, with hard-delete on offboarding within 30 days.

  • Access that matches your IdP

    SSO via SAML 2.0 and OIDC (Okta, Entra, Google), enforced MFA, and role-based access on a least-privilege basis. A full audit log of every query and draft, streamable to your SIEM.

  • Encrypted, end to end

    TLS 1.3 in transit and AES-256 at rest. Every customer workspace is logically separated.

  • Independently tested

    Annual independent third-party penetration testing, automated vulnerability scanning, and continuous monitoring across both infrastructure and application.

  • Commitments you can enforce

    A DPA and security addendum with binding terms. Security incidents are notified within 24 hours of confirmation; personal-data breaches within 72 hours.

Certifications

Security built for global accountancy firms.

  • SOC 2 Type II

    AICPA Trust Services Criteria - Security, Availability, Confidentiality.

    Controls in place · final audit Q3 2026

    Implemented controls
  • ISO 27001

    Information security management system certification.

    Controls in place · final audit Q3 2026

    Implemented controls
  • Cyber Essentials Plus

    UK NCSC-accredited cyber hygiene certification.

    Certified · Renewed annually

    Implemented controls
  • UK GDPR & DPA 2018

    DPA available on request, including the UK International Data Transfer Addendum.

    Aligned · DPA on request

    Implemented controls

Everything your security team needs.

Our trust centre offers granular transparency. Additional compliance documentation is ready for your review on request.