Taxback International is now Fintua. To learn more, click here.

Contact Us

SECURITY

Technology that puts security and data protection first

We streamline indirect tax compliance while mitigating risk and maximising data security.

Certified to ISO 27001 standards

Fintua is ISO27001 certified – the global standard for managing information security. This means we handle your data securely, in line with GDPR and other data protection laws.

This is more than a certificate – it’s our commitment to doing things right. We regularly update security policies, train our teams, test our systems and carry out both internal and external risk assessments to stay ahead of potential threats.

You can trust your data is in safe hands – with security built into everything we do.

Secure data centre

One secure platform

Our platform is built on a multi-tenant architecture, with strict data filters in place. Access is controlled based on user roles and permissions – so the right people see the right data, and nothing else.

We use TLS 1.2 encryption to protect data in transit. This means your information stays secure, even as it moves between systems.

Fintua partners with trusted hosting providers like Interxion and AWS. Interxion facilities are certified to ISO27001 and ISO22301 and maintain a SOC 2 report. AWS facilities are certified to ISO27001 and also maintain a SOC 2 report.

For us, security isn’t an add-on – it’s built into everything we do.

Proactive security monitoring and incident response

Our Security Operations Centre monitors systems 24/7, ensuring we can respond fast if something goes wrong.

We have a clear, documented incident management process, with defined severity levels and escalation paths – so every incident is handled with the right levels of urgency.

Security isn’t just about prevention – it’s about being ready.

Data protection and compliance

We retain data only for as long as necessary, in line with defined timelines and regulatory requirements. When it’s no longer needed, it’s securely deleted.

Headquartered in Ireland, we operate under the General Data Protection Regulation (GDPR) and comply with all local data protection laws in the regions we serve.

We apply strong technical and organisational controls, audited bi-annually under our ISO 27001 certification.

Data protection is a part of our culture. All employees complete mandatory training each year, with regular updates from our Data Protection Officer to keep awareness high.

Patch management

We take a risk-based approach with all critical patches installed within 7 days or less in line with our patch management standard.

Regular external audits

We have implemented a dedicated audit program with several internal audits completed monthly and bi-annual external audits completed to ensure conformance of our Information Security Management System with ISO27001.

Penetration testing

Penetration testing is conducted at least annually by a third party provider. Vulnerabilities are assigned owners and tracked to remediation at our IT governance forums.

Vendor management

We have defined rules for engagement with third parties. Requirements include contracts and due diligence to ensure that services commissioned are from reputable companies that operate in accordance with all applicable industry, regulatory and legislative requirements.