Data Encryption
All data is encrypted in transit via HTTPS/TLS. Data at rest is encrypted by our infrastructure providers (Neon PostgreSQL for case data, AWS S3 for uploaded documents). No unencrypted client data is stored anywhere.
User Isolation
Every case, document, and scenario is scoped to the authenticated user who created it. Our API enforces user-level access control on every request. There is no cross-user data access — your cases are visible only to you.
Document Storage
Uploaded documents (W-2s, tax returns, financial statements) are stored in AWS S3 with server-side encryption. Downloads use presigned URLs that expire after one hour. Documents are uploaded through authenticated server-side routes only — no direct client-to-S3 access.
Authentication
We use passwordless magic link authentication. No passwords are stored or transmitted. When you sign in, a one-time link is sent to your email. Sessions are managed by industry-standard NextAuth with secure HTTP-only cookies.
Local Data
Calculator form data is auto-saved to your browser's local storage for convenience. When you sign out, all locally stored form data is automatically cleared. This prevents data from persisting on shared computers.
Data Deletion
You can delete individual cases and documents at any time from the Cases page. Deleted data is permanently removed from our database and storage. To delete your entire account, contact us and we will remove all associated data.
No Third-Party Sharing
Your data is never shared with, sold to, or accessed by third parties. We do not use your data for AI model training, analytics profiling, or any purpose other than providing the service to you. Period.
Questions?
If you have questions about our security practices or data handling, please contact us.