NTA 2026 filing window opens. See plans
Security at MiTax

Your tax data. Fort Knox security.

AES-256 at rest. TLS 1.3 in transit. MFA and biometric. NDPA compliant. We never hold your money.

NDPA Compliant 256-bit AES TLS 1.3 Paystack Secured NDPC Registered
How we protect you

Six layers of defence around your records.

Tax data is sensitive. Income, identity, payments, and family details all sit together. Here is how we keep them safe.

01 / Encryption

AES-256 at rest, TLS 1.3 in transit

Every record in our database is encrypted with AES-256. Every connection between your device and our servers uses TLS 1.3. Keys rotate on a fixed schedule.

02 / Authentication

MFA, biometric login, session management

Multi-factor authentication on every sensitive action. Biometric login on iOS and Android. Sessions you can see and revoke, anywhere, any time.

03 / Payments

MiTax never holds your money

All funds are handled by Paystack or Flutterwave, both CBN-licensed. Payments flow straight from you to the NRS treasury. We earn a 1% fee, capped at ₦250,000, and never sit in the middle.

04 / Data residency

Stored in London, replicated EU, NDPC-registered

Our database runs in the Supabase London region with replication across the EU for durability. We are registered with the Nigeria Data Protection Commission.

05 / NDPA compliance

Full Nigeria Data Protection Act compliance

We follow the NDPA cover to cover. A Data Protection Officer is appointed and reachable at dpo@mitax.ng. Our processing record is published on request.

06 / Penetration testing

Independent annual audits, public security.txt

An independent firm pen-tests our platform every year. Vulnerabilities can be reported through our public security.txt and we respond within 72 hours.

Your data, your rights.

You own your data. Export or delete anytime from inside the app. Tax documents are retained for 7 years to satisfy the statutory record-keeping window. Any incident is reported within 72 hours per NDPA.

Recognised by

Trust signals and registrations.

The standards we are audited against and the regulators we report to.

Data protection NDPC registered
Payment standard PCI-DSS via PSP
Auth SOC 2 hosting
Reporting NRS-compatible

Tax data should be the safest thing on your phone.

If you have a security question, write to security@mitax.ng or read our incident-response policy. Researchers can disclose vulnerabilities responsibly through our security.txt.

Email security@mitax.ng Read our NDPA notice