Protecting your data is our priority.

We fully comply with the requirements for all of our services to be GDPR ready and ensure organisational and technical security for all services.

GDPR compliant
Network protection

Network protection

Under Amazon's control since we use an EC2 instance.

Access management

Access management

The only person with access to Amazon Information is the client/end-user. They have a unique username and only have access to their own Amazon Information. Their information is encrypted with a key generated solely from information the client enters to login with, and is never stored anywhere within the system, in any form.

Encryption in transit

Encryption in transit

The only Amazon Information that leaves the system is the country code and VAT ID number of a business who is claiming a preferential VAT rate for a specific transaction. That data is sent over https to the official VIES-on-the-web service in order to validate the VAT ID number, and is sent at the clients' specific request, and in isolation from any other information at all.

Incident response plan

Incident response plan

System-level log files that record all client activity can be monitored and analysed to determine legitimate and suspicious behaviour. Any data intercepted by malicious users is encrypted with a key that is not stored anywhere, and in AES-256 encryption, considered by the American Secret Service to be Top Secret level, so it is not possible to brute force attack it. The data relates to VAT calculations, so is generally not valuable and is recreatable by the client anyway.

Additional security requirements specific to personally identifiable information

Data retention and recovery

PII is retained at the clients' request, in order to calculate VAT liability. All information is deleted instantly on client online request. If the data is lost due to system failure, it is not recoverable and client has to explicitly re-upload the data. This is intentional, to ensure absolute privacy.

Data governance

Our policy is that the only person who has any access to PII is the client. No one, including Administrative users of any level, can view this data except the client, and only then in relevant report format. The raw, plaintext data is either uploaded via a spreadsheet file over HTTPS to the Amazon AWS EC2 instance, or is acquired over HTTPS from a providing API (either from PayPal, or Amazon currently). Once in the servers' memory, the PHP code encrypts it before storing in the MySQL database on the same instance. It is only decrypted when used to generate a report the client has requested, and then only the immediately-relevant data is decrypted immediately upon use and discarded from memory. The report is securely deleted after the client has downloaded it, or on demand from the client. The record of data processing activities is available separately.

Encryption and storage

All PII is encrypted at rest using AES-256 in CTR mode. The cryptographic key used to encrypt/decrypt this data is not stored anywhere other than computer memory, for as long as the client is logged in.

Least privilege principle

Only end clients have access to any PII; Support-, Admin-, and Owner-level users only have access to generate reports that do not contain any PII at all.

Logging and monitoring

Client activity is logged in system-level log files, and can be monitored and inspected as required.

Security questions?

If you want to know more about a certain security issue, or require more information on we handle your data, please get in touch with our security team at [email protected]

For more information please read Terms & Conditions and Privacy Policy.

salesVAT is a software as a service platform that enables automated VAT calculation for both UK and EU online sellers. These online sellers include Amazon, eBay, Shopify, BigCommerce etc or any other webstore. salesVAT can handle data from any source and provide you with simple yet powerful reports in seconds.

salesVAT - an affordable and easy to use VAT calculation automation software. Start your free trial.