Security

Last updated: April 2026

Taxhance is built to handle sensitive financial data. Security is not an add-on. It is foundational to every layer of our platform, from infrastructure to AI processing.

Data Encryption

AES-256 encryption at rest and TLS 1.3 encryption in transit protect every document and message.

Infrastructure

Hosted on Supabase Cloud (SOC 2 Type 2, ISO 27001 certified) with US-based data centers. DDoS protection included.

Access Controls

Role-based permissions and multi-factor authentication (MFA) support, with granular team-member and client access scopes.

Audit Trails

Every sign-in, document upload, share, download, permission change, and administrative action is logged with actor, timestamp, IP, and affected entity. Audit history is retained for up to 1 year and exportable on request.

Compliance

Hosted on SOC 2 Type 2 certified infrastructure (Supabase). Actively pursuing own SOC 2 Type 1 certification. GDPR compliant.

AI Data Privacy

Zero Data Retention (ZDR) policy for AI processing. Client data is never stored by AI services or used for model training. Documents are classified and context is immediately discarded.

System Updates

Our infrastructure receives regular security patches and updates. We perform continuous vulnerability scanning and threat monitoring to identify and address potential risks before they become issues.

Security FAQ

Is my clients' tax data encrypted?

Yes. All data is encrypted with AES-256 at rest and TLS 1.3 in transit. Even our internal team cannot access raw client documents without authorized access controls.

Does Taxhance use my data to train AI models?

No. AI processing is ephemeral. Documents are classified and the processing context is immediately discarded. Your data is never used for model training.

Where is my data stored?

All data is stored on Supabase Cloud infrastructure in US-based data centers with enterprise-grade physical and network security.

How long do you retain audit logs?

Audit trails are retained for up to 1 year. We log every authentication event, document upload and download, share-link creation, permission change, and administrative action — including the actor, timestamp, IP address, and affected resource. Firm owners can request an export of their audit history at any time.

Questions?

If you have security questions or need to report a vulnerability, contact us at contact@taxhance.com.