Skip to main content
Security

Security for Trusted Tax AI

OPTAX keeps tax preparation reviewable: verified calculations, source-tied documents, reviewable AI recommendations, and filing control left with people.

Trusted Tax AI

Verified calculations, source-tied documents, and reviewable AI recommendations are the public control model.

Preparation evidence

Verified calculations

Prepared materials carry calculation checks, source evidence, missing-item notes, and review boundaries before use.

  • Calculation checks before generated materials are trusted.
  • Source-tied documents and review notes for the selected company-year.
  • Workflow stops when outside confirmation is missing.

Information security

Source-tied documents

Company records, generated materials, and consent evidence remain tied to the authenticated account and company workspace.

  • Authenticated access and role-aware workspace boundaries.
  • Secure transport and provider-managed infrastructure safeguards.
  • Privacy and AI Data Processing disclosures stay linked from public pages.

AI safety

Reviewable AI recommendations

Recommendations stay framed as prompts and questions, not tax advice or final signoff choices.

  • Task-scoped context for the selected company-year.
  • Assumptions, missing evidence, and owner confirmations stay visible.
  • Uploaded tax, banking, document, and chat content does not train public models.
Control boundary

What stays under human control

Before anything becomes a T2 package, the workspace keeps the boundaries visible: where data lives, who reviews it, and what remains outside OPTAX.

  1. Records stay in your account.
  2. You confirm before output.
  3. Reviewed package first; CRA submission stays with you.
  4. Records and rationale stay reviewable.
  5. Your content never trains public models.
Generate T2 preparation materials for review; CRA submission stays user-controlled until an enabled filing channel is available.
Failure handling

What happens when confirmation is missing?

OPTAX is designed for dependable access, monitored workflows, recoverable records, and a stop-before-guessing response when provider confirmation is missing.

Operating evidence

Security controls mapped to operating evidence

Treat this as a readiness preview: how access, change, data, AI, and incident controls connect to review-ready T2 work.

Public boundaryThis page describes operating controls. It is not a third-party audit report or a regulatory approval.

Control familyOperating evidence
  1. Access

    Authenticated sessions, workspace scoping, optional two-factor authentication, and admin review points protect account access.

  2. Change

    Website, app, and service changes move through documented review, automated checks, and release records before deployment.

  3. Data

    Records and generated packages stay tied to company-year data, privacy disclosures, retention rules, and provider safeguards.

  4. AI

    AI responses are constrained to reviewable prompts, source-tied context, and boundaries that keep filing authority with people.

  5. Incidents

    Response playbooks, reviewable audit trails, notification planning, and provider evidence support investigation and response.

Common questions before you upload

Plain answers to what owners ask about their financial data and AI-assisted review.

Where does my financial data go, and who can see it?
Your records stay in your account. Role-based access (Owner, Finance, CPA) limits who sees them, and data is protected in transit and with cloud-provider storage safeguards.
How is AI controlled?
AI-assisted recommendations are presented as reviewable prompts with assumptions, missing evidence, and owner confirmation points. They are not final tax advice; submission choices stay with you or your authorized representative.
How are documents tied back to sources?
In the current standard flow, generated materials reference saved company-year data, evidence status, schedules, and review notes. You or your authorized representative controls any enabled CRA filing channel.
What happens if a provider response cannot be confirmed?
If a provider confirmation is missing, OPTAX stops the workflow and asks for review instead of presenting signup, package, or AI output as successful.

Prepare T2 materials with evidence in view.

Start from the workspace, review the boundaries, and keep final filing control with the company or authorized representative.

Start T2 Preparation