Security

Client data protection built for tax professionals

CPA Pilot protects tax firm data with local anonymization before upload, encryption in transit and at rest, access controls, audit logging, and a strict commitment not to train AI models on your client data.

Local anonymization

Client-identifying data is anonymized on your computer before it reaches CPA Pilot.

TLS in transit

Data sent to CPA Pilot is protected by encrypted network connections.

AES-256 at rest

Stored platform data is encrypted using industry-standard encryption.

No AI training

Your client documents, prompts, and outputs are not used to train AI models.

Data Flow

How CPA Pilot reduces sensitive data exposure

Security starts before data leaves your device.

1

Anonymization before transmission

CPA Pilot anonymizes client-identifying data from the user's computer before it comes to us. That reduces the amount of directly identifying client information transmitted to CPA Pilot for AI processing.

2

Encrypted transport

Data sent between your browser and CPA Pilot is encrypted in transit using TLS. This helps protect prompts, uploaded files, generated outputs, and account activity while they move across the network.

3

Encrypted storage

CPA Pilot uses AES-256 encryption at rest for stored platform data. Access is limited to authorized systems and personnel based on operational need.

4

Controlled AI processing

AI providers used to generate outputs are contractually restricted from using your data to train their models. Uploaded content is processed to deliver the requested CPA Pilot workflow, not to build model training sets.

Firm Controls

Security practices firms expect

CPA Pilot is designed for firms handling tax returns, notices, financial statements, and client communications. The platform follows SOC 2-aligned practices and can provide additional security information for firm review.

  • Role-based access controls for internal systems
  • Audit logging and security review practices
  • Provider agreements for data protection and model-training restrictions
  • Account deletion and data retention processes described in the Privacy Policy
  • Professional-review positioning for AI-assisted outputs
FAQ

Security questions

Yes. CPA Pilot anonymizes client data on the user's computer before it is transmitted to CPA Pilot for processing.

Yes. CPA Pilot uses TLS encryption for data in transit and AES-256 encryption for data at rest.

No. CPA Pilot does not use client data, uploaded documents, prompts, or generated outputs to train AI models.

Yes. Contact CPA Pilot if your firm needs security documentation, enterprise review materials, or a data processing agreement.

Need security details for firm approval?

We can help your team review CPA Pilot's privacy and security practices before rollout.

Contact CPA Pilot
Security — CPA Pilot | CPA Pilot