Trust & Security

Taxerity.AItrust & security. Built for CPAs and federally authorized Enrolled Agents.

Your clients trust you with their financial data. Taxerity.AI protects that data with a three-layer security model, requires explicit owner sign-off on every AI suggestion before it reaches a client, and keeps an append-only audit log your firm can hand to malpractice carriers or state boards on request.

Three-layer security posture

Headers, access control, validation — in that order

Every request to Taxerity.AI passes through each of these layers before a single byte of your clients' data is processed. A failure at any layer is a failure for the whole request — no graceful fallback that puts your data at risk.

1
Security headers
Every response carries a strict Content-Security-Policy with a per-request nonce and frame-ancestors 'none', minted by the platform proxy before any HTML is parsed. Click-jacking, script injection, and inline-script execution are blocked at the browser boundary — not trusted to your clients' device configuration.
2
Authentication & access control
Authenticated sessions on a hardened auth surface with role-based capability flags (approve suggestions, edit client data, view audit log). Firm-owner (OWNER) role is required for any mutation, and no AI recommendation reaches a client without explicit owner sign-off — human-in-the-loop, every suggestion, every time. Your professional judgment, and your license, stay on the line.
3
Input validation & data protection
Every /apiboundary validates its payload with typed server-side schemas before it touches your data. Database queries are scoped strictly to the authenticated user — one firm cannot read another's clients, returns, or audit entries. Trial engagements are held to the same controls as paid ones; no data-protection gap during the 14-day free trial.

Encryption

Encrypted in transit. Encrypted at rest.

Taxerity.AI never sends or stores your clients' data in plaintext.

In transit — TLS 1.3
Every byte between your browser, the Taxerity.AI platform, and your tax software integration travels over TLS 1.3. Older protocol versions and unencrypted fallbacks are refused at the edge. A captive-portal downgrade attack fails before the first request is dispatched.
At rest — AES-256
Persisted data — engagement submissions, returned suggestions, the audit log itself — is encrypted at rest with AES-256. SOC 2 Type II controls govern key management, and zero data retention after processing is the default for the AI inference path; inputs and outputs are not retained once the suggestion is delivered to your firm's reviewer.
AI recommendation disclosure

No AI recommendation reaches a client without explicit owner approval.

Taxerity.AI suggests. It does not file. Every AI-flagged deduction, anomaly, or classification is delivered into a firm owner's review queue with full IRC citations. Nothing reaches a client return — and nothing reaches your tax software — until the firm owner accepts, modifies, or rejects it. The owner's judgment, not the model's confidence score, is what ships.

Audit & approval log

Append-only. Timestamped. Long-retention.

AI suggestions, owner approvals, edits, and rejections are written to an append-only audit log with timestamps. The log is retained for seven years— consistent with IRS recordkeeping expectations under §6501 plus typical state-board and PTIN requirements — and is exportable as a PDF from the in-app Security & Compliance dashboard.

What lands in the audit log
  • Every AI suggestion surfaced to a reviewer (label, return, source, citations)
  • The reviewer's decision (accepted, rejected, modified) and timestamp
  • Permission changes, session activity, and firm-member role assignments
  • Export events — share the PDF with a malpractice carrier, an IRS examiner, or a state board without exposing client identifiers

What we never do

Hard limits on what the system will and will not do

A short list. We'd rather write them down loudly than leave them to inference.

Six things Taxerity.AI will not do
  • We never add items clients don't have. No fabricated deductions, no invented receipts, no “ghost categories” popping up because the model thought they might fit. Suggestions cite a basis you can verify.
  • We never overwrite preparer judgment. The model's confidence score is informational; the firm owner's accept / reject / modify decision is authoritative. Period.
  • We never auto-file. Taxerity.AI writes nothing to a tax authority on your behalf. Nothing is transmitted to the IRS. E-file is your firm's job, performed under your firm's EFIN.
  • We never train models on your firm's data. Submissions and outputs are not retained for model training. Your client data stays your client data.
  • We never bypass SOC 2 Type II controls for short-term convenience. Every shortcut on the codebase is held to the same SOC 2 Type II change-control discipline as the rest of the platform.
  • We never share audit log entries across firms. Queries are scoped to the authenticated user. One firm cannot read another's reviews, sessions, or suggestions — whatever query string they craft.

Questions about our posture? Email the team.