The ATO Website provides each user in the organization with a unique username and password that must be entered each time a user logs in. The system issues a session “cookie” only to record encrypted authentication information for the duration of a specific session. The session “cookie” does not include either the username or password of the user. The system does not use “cookies” to store other confidential user and session information.

The system attempts to protect your data through certain security measures, including the use of both server authentication and data encryption, ensuring that your data is safe, secure, and available only to registered users in your organization. Your data is completely inaccessible to non-registered users.