RetroTax takes security seriously. We develop our applications with known security standards in mind (OWASP). Our security documentation extends beyond the scope of this API's documentation, as it covers personnel security, operational, network, application, authentication, data, physical, etc. However, RetroTax can provide our implementation partners more detailed documentation of our security practices and policies upon request.


The RetroTax Application utilizes Authlogic and Pundit for authentication and authorization. For this we used authlogic gem, which uses default encryption type SCrypt to store the passwords.

Encryption, SSL

The RetroTax API uses 2048-bit RSA with SHA-256 as a secure signing scheme. Data in transit and at rest is encrypted using AES-256 encryption algorithm.

Penetration Testing

RetroTax conducts quarterly, internal penetration tests.