Security - Welcome

AI TAX ASSISTANTS: DATA SECURITY

Enterprise-Grade Security for High-Stakes IRS Work

LLM Execution: Amazon Bedrock (Claude, Titan)-FedRAMP High (GovCloud), SOC 2 Type II
Document Storage: Amazon S3-FedRAMP Moderate, encryption at rest & in transit
Vector Retrieval: Pinecone-SOC 2 Type II, ISO 27001, HIPAA-capable
Orchestration & App Logic: Calstudio.com-Role-based access, zero data reuse, session level encryption

SOC 2 Type II: Underlying services (Bedrock, S3, Pinecone)
FedRAMP: Moderate (S3), High (Bedrock in GovCloud)
FISMA & DIACAP: Aligned via NIST SP 800-53 controls
FedRAMP for Pinecone: Not yet authorized-compensated by ISO 27001 & HIPAA safeguards

No Model Training on Your Data - All prompts and documents are processed within AWS; no external API exposure
Encryption Everywhere - TLS in transit; AES-256 at rest
Masking/Redaction: Sensitive fields are redacted before any processing step
Context Clearing: Conversation context is purged immediately after redaction to prevent retention
Session isolation: PII is never shared across sessions or clients
PII Shield - Proprietary protective layer that halts processing when PII is detected, clears the chat context, and restarts with a clean slate. This feature supports a GLBA-compliant Written Information Security Program (WISP) and undergoes regular penetration testing to validate safeguards

Compartmentalization: Isolated compute environments per client/project
Session isolation: No cross-session data sharing; logs retained only per retention policy

Built by a former IRS Agent & Appeals Officer, our AI tax assistants combine IRS-grade methodology with enterprise security:

For detailed SOC 2 or FedRAMP reports on underlying services, visit:

Designed for compliance teams, EAs, CPA firms, and high-trust environments