Your client data is never used to train our AI models. Period. Your data processes through our system and that’s it. No sharing across firms, no feeding back into the algorithm.
AES-256 encryption at rest and TLS 1.3 in transit. Your data is encrypted from the moment it enters our system until it leaves. No exceptions, no shortcuts.
Every action logged, timestamped, and attributable. Know exactly who accessed what client data and when. Export logs anytime for your own compliance needs.
Set your own data retention policies aligned with your firm’s requirements. Automated deletion when retention periods expire. You’re in control.
Granular permissions for partners, managers, and staff. SSO integration with your existing identity provider. The right people see the right data.
Each firm’s data is logically isolated. Multi-tenant architecture with firm-level data segregation ensures your client data never intermingles with another firm’s.
All client data is processed and stored on U.S. servers only. We don’t ship source documents or returns offshore, ever.
Data is encrypted in transit and at rest. Documents, workpapers, and exports are safeguarded using modern cryptographic standards.
Filed is architected around IRS, 7216, and GDPR requirements, and is fully SOC 2 compliant. Our controls cover security, confidentiality, availability, and processing integrity, with regular third-party audits and continuous monitoring.
Filed shows its work. Every step (extraction, logic, and calculations) is fully traceable and backed by source documents, so nothing happens inside a black box.
Yes. Filed is fully SOC 2 compliant. Our controls cover security, availability, confidentiality, and processing integrity, and we undergo regular third-party audits to maintain our certification.
All client data processed by Filed is stored on servers located in the United States. We do not send source documents or returns to offshore providers or infrastructure, and we do not use offshore staff to handle your clients’ information.
Filed is designed to operate within IRS 7216 requirements. Because data remains in a secure, U.S.-based environment and is used solely to deliver services to your firm, tax firms do not need additional 7216 consents beyond their existing engagement terms. That said, your own counsel should make the final call. We’re happy to provide architecture and data-flow documentation to support their review.
No. Your client data is never used to train our AI models. Period.
Your data processes through our system and that’s it. We don’t use it to improve public models, we don’t feed it back into any shared algorithm, and we don’t train across firms.
Every firm’s data stays firmly within its own environment; no mixing, no cross-practice learning, no exceptions.
Within your firm, access is controlled by the roles and permissions you configure (e.g., preparer, reviewer, admin). Internally at Filed, production access is tightly restricted to a small, audited group of engineers and support specialists, and only for legitimate operational or support needs. We log and monitor access to production systems.
Filed's AI does the heavy lifting on document handling, tax calculation, and data entry. Some returns, like ultra-complex returns and some edge-cases are reviewed by our internal tax professionals before they’re marked reviewer-ready.
Most firms explain Filed as “a secure, U.S.-based system that automates data entry and document handling so our team can spend more time reviewing and advising you.” You can position Filed as an internal efficiency tool, not a replacement for professional judgment. We can share sample language for engagement letters, privacy policies, and your website.
Yes. For mid-market and enterprise firms, we regularly work through IT and security questionnaires, provide detailed documentation, and collaborate with your internal stakeholders as part of vendor due diligence.
We maintain monitoring, logging, and incident-response procedures designed to detect, contain, and remediate issues quickly. In the event of a security incident affecting your data, we will notify you in line with our contractual obligations and work with your team to share the necessary details and next steps.
