Security and Privacy / NitaxInfo

Data Security Is Our Foundation.

Tax documents, FIRS notices, client records, and financial statements sit at the center of trust. NitaxInfo is built to protect them with encryption, privacy controls, resilient infrastructure, and strict access boundaries.

AES-256

Encryption standard

99.9%

Platform availability target

Zero training

Uploads are excluded from model training

Scoped access

Permissions stay role-based and audited

Raw Security Investment

NitaxInfo's Commitment to Security

Sensitive tax workflows need more than generic cloud language. These are the core promises behind how the platform handles your records.

Your data stays yours

✓NitaxInfo uses your uploads and questions only to serve the request you made.

✓We do not claim ownership over your client files or tax workpapers.

✓Your content is never sold, syndicated, or repackaged for third parties.

✓Deletion controls remain available whenever you want a record removed.

Protected at every layer

✓Traffic is encrypted in transit and sensitive records are encrypted at rest.

✓Tenant-aware isolation keeps customer workloads separated by design.

✓Monitoring, alerting, and hardened cloud controls help detect misuse early.

✓Operational access is tightly scoped, reviewed, and logged.

Privacy is non-negotiable

✓Documents are handled as confidential professional records, not marketing assets.

✓Uploaded data is not used to train general-purpose models.

✓Collection and retention are limited to what the product actually needs.

✓Our operating model is aligned to NDPR-era privacy expectations in Nigeria.

Data Ownership

Your Data. Your Control. Always.

When you upload a document, ask a tax question, or generate a response, NitaxInfo processes the request to serve you. It does not convert your firm's records into a reusable asset for the platform.

✓We do not claim ownership of any file, notice, or response you upload.

✓Information is processed only to deliver the feature you asked for.

✓Client records are not sold or disclosed for unrelated commercial purposes.

✓Retention controls are configurable, and deletion requests are supported.

✓You remain responsible for your firm workflows while we protect the platform.

Talk to our privacy team

Your Data Settings

Visual controls for the kinds of data NitaxInfo is allowed to keep in the product experience.

Upload History

Usage Analytics

Document Storage

Delete all data

This is shown as a high-friction action because removed records should not be easy to recover accidentally.

Secure by Default

Every Byte, Encrypted.

Data moving through NitaxInfo and data stored for product operations are both protected with modern encryption controls and managed key handling.

Data in Transit

TLS 1.3

Requests between your device and the platform travel over encrypted channels with modern handshake and key exchange controls.

AES Key Size256-bit / AES

Key ExchangeTLS 1.3 / ECDHE

Managed ByAWS Key Management Service

Data at Rest

Secure

Stored documents and related service records remain inside encrypted storage layers with managed key controls.

AlgorithmAES-256

Key Size256-bit

Managed ByEncrypted object storage

Your Device

NitaxInfo URL

Encrypted Storage

Secure Infrastructure

Built on Secure, Resilient Infrastructure.

24/7 Monitoring

Automated alerting flags unusual access patterns, traffic spikes, and service anomalies in real time.

DDoS Protection

Layered edge controls reduce exposure to volumetric and application-layer attacks.

Network Isolation

Core workloads are separated inside private network boundaries rather than exposed directly to the public internet.

Infrastructure Summary

Compute / Runtime

Managed cloud infrastructure with hardened service boundaries, encrypted storage, and monitored runtime paths.

Protection Checklist

✓Cloud-native compute with managed patching and restricted admin paths

✓Regional storage controls and encrypted backups

✓High-availability architecture with multi-layer failover patterns

✓Operational runbooks for monitoring, logging, and recovery

Regional Data Residency

Storage choices and deployment patterns are reviewed against privacy, performance, and customer expectations.

High Availability

Recovery planning focuses on redundancy, backup integrity, and fast restoration when a subsystem degrades.

Strict-Scoped Access Controls

Only Authorised Personnel. Only When Necessary.

Access to product functions is narrowed by role and audited so that operational support does not become blanket visibility into client work.

Role	Doc Access	Queries	Admin	Audit
User	Own only	Own only	None	None
Company Admin	All users	All	Yes	Yes
Support Staff	None	None	No	Read
Security Audit	None	None	None	Full

Role-Based Permissions

Each workspace action is tied to a role so users only see the records relevant to their responsibility.

Multi-Factor Authentication

Administrative access can be reinforced with secondary verification and session checks.

Access Audit Logs

Important actions leave reviewable traces to support investigations and internal governance.

No Raw Document Access by Staff

Support and security workflows are designed to avoid unrestricted staff access to client uploads.

Data to Trust About Privacy

A Clear Privacy Commitment

Privacy should read like an operating principle, not a vague promise. This is the short version of what the platform does and never does.

What NitaxInfo Does

✓Encrypt your data in transit and at rest.

✓Keep processing scoped to your product workflow.

✓Support deletion and retention controls.

✓Record access events for auditability.

✓Limit collection to what the service needs.

✓Protect uploads inside an isolated environment.

✓Handle personal information under documented privacy procedures.

What NitaxInfo Never Does

✕Sell your personal or client data.

✕Train general-purpose models on uploaded documents.

✕Share your records with third parties for their own commercial use.

✕Open documents to staff without a narrow operational reason.

✕Profile users for advertising purposes.

✕Expose client-specific tax records in public or shared datasets.

✕Treat confidential uploads as reusable content inventory.

Confidentiality is foundational. If a system compromises trust in your tax records, it is not fit for the workflow.

NitaxInfo Privacy Commitment

Responsible AI Layer

AI With Guardrails, Not Guesswork.

NitaxInfo is positioned as a constrained research system for professional tax work, not an unrestricted chatbot with invisible assumptions.

Citation Required Mode

Answers are designed to point back to statute, regulation, or official source material instead of unsupported claims.

Hallucination Reduction

Retrieved context and guardrails reduce free-form speculation during professional tax workflows.

Confidence Levels

Responses can communicate how directly the available source material supports the answer.

Mandatory Disclaimer

Outputs are positioned as research assistance, not a substitute for qualified tax or legal judgement.

AI Safety Stack

User Query

Input validation and policy checks

Nigerian Tax Corpus

Retrieved context over trusted source collections

Citation Layer

Answers are structured around source references and caveats

Structured Output

Response, source, caveat, and disclaimer stay explicit

Penalty-generation is blocked

Outputs should not invent liabilities, penalties, or legal certainty without source-backed support.

Nigeria Data Protection

Aligned with the Nigeria Data Protection Framework

Our data handling approach is designed around the expectations behind Nigeria's privacy regime: lawful processing, minimisation, user rights, and documented accountability.

Lawful Basis for Processing

Processing is tied to legitimate product use, service delivery, and consent-driven workflows where appropriate.

NDPA 2023NDPR 2.1Lawful Basis

Your Rights as a Data Subject

Users may ask for access, correction, deletion, or portability of the information we keep for service delivery.

AccessErasurePortability

Data Minimisation

We aim to collect and retain only the information required to operate the product safely and effectively.

MinimisePurpose LimitRetention

Data Subject Requests

To request access, correction, or deletion of the information attached to your account or firm workspace, contact our privacy channel directly.

Submit a Data Request

Its Best Practice

If Something Goes Wrong, We Are Fast.

Response discipline matters as much as prevention. Detection, containment, remediation, and communication are handled through an incident workflow.

Detection and Assessment

Alerting and triage processes classify the event, assess probable impact, and escalate the right responders quickly.

Containment and Remediation

Affected services can be isolated while the team removes the cause, patches exposure, and validates recovery.

User Notification

Where legally required, affected users are notified with clear updates on impact, remediation, and next actions.

Incident Response Timeline

Automated alert triggered

Monitoring identifies an abnormal event and opens response handling.

< 1 hr

Initial assessment

Severity, probable scope, and escalation path are confirmed.

< 4 hrs

Containment

Impacted services, credentials, or workloads are isolated.

Ongoing

Remediation

Root cause removal, hardening, and validation continue until stable.

Post

User notification

Notifications and guidance are shared where impact is confirmed.

Final

Service restoration

Operations return to steady state with a post-incident review.

Continuous Improvement

Security Is Never Finished.

Controls need regular review. Security work stays continuous as the product, infrastructure, and regulations evolve.

Infrastructure Updates

Core services, runtimes, and dependencies are patched regularly to reduce exposure windows.

Vulnerability Management

Security review work includes hardening checks, analysis, and recurring risk review cycles.

AI Safety Reviews

Guardrails, citations, and answer framing are reviewed whenever the product surface evolves.

Access Reviews

Internal permissions are revisited on a scheduled basis and removed when no longer justified.

Questions About Security?

Whether you are evaluating NitaxInfo for a firm, due diligence process, or a privacy question, the security team can route you to the right answer.

Security Questions

security@nitaxinfo.com.ng

Questions about controls, architecture, or platform security practices.

Data Protection Officer

privacy@nitaxinfo.com.ng

Requests relating to access, correction, deletion, or other data subject rights.

Responsible Disclosure

security@nitaxinfo.com.ng

Report suspected vulnerabilities or incidents through a monitored security channel.

We respond to security enquiries within 2 business days.

Built for Trust. Ready When You Are.

Confidence in the answer should extend to the safety of every document, user, and workspace inside the platform.

AES-256 EncryptedNDPR-2025 AlignedZero Data Training

GET STARTED - IT'S FREE Back to Homepage

Live in confidence. No additional setup required.