AI Pro Tax Prep

Security

Security overview

Last updated: February 2, 2026

WISP

We maintain a written information security program that documents the data we collect, how it is stored, who can access it, and how we respond to incidents. This program is reviewed as the product evolves.

Reasonable security controls

  • HTTPS enforced across all environments.
  • Encryption at rest via Firebase and cloud storage defaults.
  • Role-based access for admin tooling.
  • MFA required for admin access.
  • Audit logging for intake and payment events.

Incident response

We maintain an incident response plan covering detection, containment, notification, and remediation. If a breach occurs, we will notify impacted users and comply with state notification laws.

Data retention

Uploads are deleted within 48 hours after processing. Support chat transcripts are deleted within 12 hours. Account metadata is retained until you request deletion.

Support contact

Support requests are handled through the in-app support form from a verified account. This keeps requests tied to the right user and protects sensitive information.