Security, Privacy & Data Protection

The Sign-off Doctrine

No filing is submitted, no payment made, no money moved and no advice issued without review and signature by a licensed human professional — a CPA or EA in the US, a chartered accountant in the UK, and an FTA-registered tax agent in the UAE. Our AI agents prepare; people approve. This is absolute, and it is the single most important control we operate.

How We Protect Your Data

Client isolation

Every client's data lives in its own segregated workspace. Our agents work strictly within one client's records at a time and never reference, compare or disclose one client's affairs to another. Your information is never used to train external models.

Our own signing & delivery — no third-party tools

Prepared returns and documents are sent for e-signature and delivered through our own in-house system — not DocuSign, not WeTransfer, not Dropbox. Documents are gated by a unique link and a separate access code, hashed with SHA-256 for integrity, and accompanied by a Certificate of Completion with a full audit trail. Fewer third parties means fewer places your data can leak.

Encryption in transit & at rest

All traffic is served over HTTPS/TLS. Stored documents are held in encrypted object storage with access restricted to authenticated, authorised firm staff. Free-tool features such as the AI Return Review and Money Finder analyse your upload in the moment and do not retain it.

Least-privilege access

Access to client records and the signing console is restricted by admin authentication. Staff and agents receive only the access a task requires, and sensitive data — payroll and salary information in particular — is never summarised or transmitted beyond the people who need it.

Data minimisation & retention

We collect only what an engagement genuinely requires, and retain records for the periods required by tax and company law in each jurisdiction (and no longer than necessary thereafter). You can request a copy or deletion of your personal data, subject to statutory retention obligations.

Regulatory Alignment

United Kingdom — UK GDPR & the Data Protection Act 2018. Lawful-basis processing, data-subject rights, and breach-notification procedures.
United Arab Emirates — Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL), and DIFC/ADGM data-protection regimes where applicable.
United States — IRS safeguards expectations for taxpayer data, plus applicable state privacy laws (e.g. CCPA/CPRA) where relevant.
Engagement confidentiality — professional duties of confidentiality binding CPAs/EAs, chartered accountants and FTA tax agents apply to every engagement.

Identity & Onboarding (KYC/AML)

As a regulated accounting and tax practice, we carry out Know-Your-Client and anti-money-laundering checks as part of onboarding, in line with UK and UAE requirements. This protects you, the firm and the integrity of the work — and it is completed securely before any engagement begins.

Questions Before You Engage?

We'll happily walk your advisers or in-house team through our controls in detail. Discretion is the point.

Begin A Private Inquiry

This page describes our operating practices and is not a contract or a substitute for our engagement terms and privacy notice, which govern. Security is a continuous programme; controls evolve as the firm and the threat landscape do.