Tax and company filings can involve sensitive identity and business information. This page describes ITIN-Pro’s security principles and customer guidance; it is not a certification, penetration-test report, warranty that an incident can never occur, or substitute for a formal security and privacy assessment.
Before sending identity documents
Do not send a passport, national identity document, tax return, or unredacted government notice through an ordinary website contact form, standard email, or WhatsApp unless our support team has confirmed that channel and the exact document is necessary for your case. Contact support@itin-pro.com first and ask for the approved secure transfer instructions.
Never send a card number, card security code, online-banking password, one-time passcode, seed phrase, or account password to an ITIN-Pro team member. We will not ask for those credentials in a message or call.
Data minimization
We request information in stages. The public contact and assessment forms do not accept passport, tax-return, or identity-document uploads. If a purchased filing later requires a document, we explain why it is needed and provide the approved transfer instructions first. Government or acceptance-agent procedures can require originals, certified copies, or unredacted details; the applicable route depends on the case.
Website controls
The current website is designed to:
- Reject oversized and malformed checkout requests and enforce same-origin checks.
- Use one-way, short-lived network identifiers for checkout rate limiting.
- Recalculate package prices on the server rather than trusting the browser total.
- Keep live card collection disabled unless explicit merchant launch settings are enabled.
- Keep full card numbers and security codes out of ITIN-Pro application servers.
These controls reduce risk but do not make any online service risk-free. We do not claim a certification, security audit, or PCI status on this page.
Payments
Card checkout is currently shown as a no-charge preview unless both merchant launch gates and payment credentials are enabled. When activated, card data is entered in fields hosted by the payment provider. ITIN-Pro receives transaction status, amount, billing details, and a masked reference—not the full card number or security code. Confirm the domain and browser connection before entering payment information.
Service providers
Hosting, payment, communication, filing, registered-agent, mail, analytics, and support providers may process limited data on our behalf. We limit the information shared to the provider's role and require appropriate confidentiality and data-protection terms where applicable. The Privacy Notice explains the categories and available privacy requests.
Retention and disposal
We retain records for the service, legal, accounting, fraud-prevention, or professional periods described in the Privacy Notice. When the applicable purpose ends, records are deleted or de-identified where technically and legally appropriate. Backups and third-party systems may follow separate deletion cycles.
Incident response
We promptly escalate a reported unauthorized access, loss, fraud, or misdirected document so we can preserve evidence, contain risk, assess notification duties, and communicate next steps. Please notify us immediately if you receive a suspicious ITIN-Pro message, disclose a credential, or believe information connected with a matter has been exposed.
Report a security concern
Send a concise report to support@itin-pro.com with the subject “Security concern.” Include the affected page or account and a description of what happened, but do not attach identity documents, passwords, full payment-card data, or exploit code in the first message. We will provide a safer follow-up channel if additional evidence is needed.
