Tax Paperwork

Security posture

No cloud return database by default

The public-preview workflows are built around browser-local draft packet generation, narrow validation gates, and encrypted project files instead of a server-side tax-return database.

Metadata-only backend boundary Any account layer is limited to account access, audit, support-routing, and non-sensitive operational metadata.

Local Generation

The current app downloads source IRS PDFs from the app server, fills supported fields in the browser, appends support documents, and downloads watermarked draft packets to the user's device.

See the data-flow page for the current public-preview network boundary.

Project Files

Users can export a local encrypted project file for save/resume. The current implementation uses PBKDF2-SHA256 and AES-256-GCM through browser WebCrypto.

  • The passphrase is not stored by the app.
  • Lost passphrases cannot be recovered by the app.
  • Plain JSON export is not part of the public preview; encrypted local export is the supported save/resume path.

Data Minimization

Any backend workflow should store only non-sensitive operational metadata, not SSNs/TINs, EINs, addresses, gift details, entity election facts, owner facts, or generated return PDFs.

Operational Controls

The product keeps written incident response, support intake, retention, vulnerability intake, and monitoring policies. Any backend account or operational service also requires configured provider secrets, CORS allowlisting, body-size limits, and metadata-only logging.

Not Included

The public preview does not include IRS e-file transmission, professional review, stored return projects, generated PDF storage, session replay on interview pages, or a SOC 2 report.

Address Services

Third-party address autocomplete is not enabled in public preview. Address entry uses browser-native autofill and local state lists rather than sending typed addresses to an address-search API.