Security Contact
Last Updated: January 22, 2026
🔒 Report a Security Vulnerability
If you have discovered a security vulnerability in the TCG Accounting system, please report it to us immediately using the contact information below. We take all security reports seriously and will respond promptly.
Immediate Security Contact
Primary Security Contact
Email: Support Email
Emergency Phone: +44 (0) 1217510243
Response Time: We aim to respond to all security reports within 24 hours (Monday-Friday) or 48 hours (weekends/holidays).
What to Report
Please report any security issues including but not limited to:
- Unauthorized access to user accounts or data
- SQL injection or other database vulnerabilities
- Cross-site scripting (XSS) vulnerabilities
- Authentication or authorization bypass
- Data leakage or exposure
- HMRC OAuth token compromise
- Server misconfigurations
- Any other security concerns
Information to Include
When reporting a security issue, please include:
- Description: Clear description of the vulnerability
- Steps to Reproduce: Detailed steps to replicate the issue
- Impact: Potential impact and severity
- Affected Components: Which pages or features are affected
- Your Contact Information: So we can follow up with you
- Screenshots/Evidence: If applicable (do not include sensitive data)
⚠️ Important: Please do not publicly disclose the vulnerability until we have had an opportunity to address it. We follow responsible disclosure practices.
Our Commitment
When you report a security issue, we will:
- Acknowledge receipt of your report within 24-48 hours
- Investigate the issue and determine its severity
- Keep you informed of our progress
- Work to resolve the issue as quickly as possible
- Credit you for the discovery (if you wish)
- Notify affected users if necessary
Security Best Practices for Users
Protect Your Account
- Use a strong, unique password
- Never share your login credentials
- Log out after each session
- Use secure, private networks (avoid public WiFi)
- Keep your browser and operating system updated
- Report suspicious activity immediately
- Regularly review your VAT submission history
- Revoke HMRC authorization if you suspect compromise
Data Breach Notification
If we experience a data breach that affects your personal information:
- We will notify you within 72 hours of becoming aware
- We will inform the ICO (Information Commissioner's Office) as required by GDPR
- We will provide details about what data was affected
- We will advise you on steps to protect yourself
Reporting Other Issues
General Support
Support Email
For technical support and general inquiries
Privacy Concerns
Support Email
For data protection and privacy questions
Encrypted Communication (Optional)
For highly sensitive security reports, you may request our PGP public key by emailing us at security@theconfidentgroup.co.uk.
Security Measures We Implement
We take security seriously and implement multiple layers of protection:
- Encryption: Passwords are hashed using industry-standard algorithms
- Access Control: Multi-user data isolation and role-based permissions
- OAuth Security: Secure token storage for HMRC integration
- Input Validation: Protection against SQL injection and XSS attacks
- Session Management: Secure session handling and timeout
- Regular Updates: Ongoing security patches and improvements
- Monitoring: System monitoring for suspicious activity
Compliance
Our security practices are designed to comply with:
- General Data Protection Regulation (GDPR)
- UK Data Protection Act 2018
- HMRC Making Tax Digital requirements
- PCI DSS (if applicable to payment processing)
Further Information
Thank You
We appreciate security researchers and users who help us maintain a secure system. Responsible disclosure helps protect all our users and keeps the system safe.