Your clients' most sensitive data never leaves YOUR box — and you can prove it.
A single-tenant, sovereign CPA client portal on a box that's yours alone. Per-tenant isolation, off-box encryption keys, your own court-ready e-signature, and an immutable audit trail aren't features bolted on — they ARE the product.
Five pillars that separate us from every SaaS alternative.
TaxDome, Canopy, and Karbon are multi-tenant SaaS products. We are a sovereign infrastructure platform. Here's what that means for your practice.
Single-tenant, not multi-tenant SaaS
Every firm gets its OWN dedicated box — not a row in a database shared with thousands of other practices. Per-tenant isolation is the compliance story and the selling point: no noisy-neighbor breach blast radius, no "we had a platform-wide incident."
- Your own dedicated box — never a shared database
- No cross-tenant breach blast radius
- One command provisions a new tenant
Encryption keys live OFF the box
SSN, EIN, bank, and tax data is envelope-encrypted, and the master keys are escrowed off-box in OpenBao. "Never leaves the box" is literal — the data that does live there is ciphertext without keys.
- SSN / EIN / bank / tax fields envelope-encrypted
- Master keys escrowed off-box in OpenBao
- A full server compromise still yields no plaintext
Your OWN e-signature — no third party
A real cryptographic PAdES seal (ByteRange + detached CMS signature) produces a tamper-evident PDF and a court-ready Certificate of Completion. The signed document never leaves your infrastructure.
- Tamper-evident PAdES seal, not a third-party redirect
- Certificate of Completion: hash, timestamp, IP, device
- Multi-signer routing for spouse or ERO
Audit-as-a-product compliance
An append-only audit log enforced at the database level — a trigger blocks UPDATE and DELETE even from a compromised app account. Built to real standards, not vibes.
- Append-only log enforced at the database level
- Trigger blocks UPDATE and DELETE, even if the app is owned
- Built to GLBA, IRS Pub 4557 / 5708, ESIGN/UETA
Built for the client, not just the CPA
Incumbents built for the back-office, so clients abandon clunky portals and fall back to insecure email. This portal is phone-first, calm, and plain-language — mined from real client complaints.
- Phone-first, calm, plain-language UX
- "Your 2024 Tax Return," never "engagement #4471"
- Shaped by the things clients actually hate
The full CPA engagement loop — handled end to end
One continuous thread, from first click to next season.
Eight steps, one system, no hand-offs to other vendors. The whole engagement flows on your box — and when the season ends, it rolls straight back to the start.
Engage
Client onboarding and engagement letter
E-Sign
Cryptographic engagement letter signing
§7216 Consent
Legally required consent workflow
Questionnaire
Smart, adaptive intake form
Collect
Secure document upload and checklist
Review
CPA reviews and requests missing items
Deliver
Secure return delivery + e-sign
Roll Forward
Pre-populated intake for next season
- 01
Engage
Client onboarding and engagement letter
- 02
E-Sign
Cryptographic engagement letter signing
- 03
§7216 Consent
Legally required consent workflow
- 04
Questionnaire
Smart, adaptive intake form
- 05
Collect
Secure document upload and checklist
- 06
Review
CPA reviews and requests missing items
- 07
Deliver
Secure return delivery + e-sign
- 08
Roll Forward
Pre-populated intake for next season
Why firms switching from SaaS don't go back.
Stop stitching together a portal, an e-sign vendor, an intake tool, and email. Here's what your firm can stop paying for — and stop routing client data through.
They share a database with thousands of other firms.
Multi-tenant SaaS means your clients' SSNs live in the same database as every other firm's clients. One breach affects everyone. We give you your own box — isolated, dedicated, with keys stored off-site.
Stop routing signed tax returns through a third-party cloud.
Every document your clients sign through DocuSign passes through DocuSign's servers. We give you real cryptographic PAdES signing inside your own portal — court-ready Certificate of Completion, tamper-evident seal, zero third-party data routing.
Bank-grade intake without becoming an IT department.
A full engagement workflow — e-sign, §7216 consent, smart questionnaire, secure document collection, review, delivery, and roll-forward — with a paper trail that satisfies your WISP. No extra software, no separate subscriptions.
When a client or the IRS asks how you protect taxpayer data, you hand them an architecture.
Off-box encryption keys. An append-only, database-enforced audit log. Per-record access control. Mandatory MFA. §7216 consent built into the engagement workflow.
Not a shrug. Not a screenshot of a SaaS vendor's trust page. An architecture your firm owns and controls.
Compliance surface covered:
- GLBA FTC Safeguards Rule
- IRS Publication 4557 (Safeguarding Taxpayer Data)
- IRS Publication 5708 WISP template
- ESIGN / UETA electronic signature law
- §7216 disclosure consent workflow
- State breach notification requirements
- Append-only audit log (database-enforced)
- Mandatory MFA for all portal access
- Per-record authorization (anti-IDOR)
Specific compliance claims are subject to legal review before your firm publishes them. We provide the architecture; your counsel signs off on the language.
The rules your firm must meet — and how we help you meet them.
Tax and accounting firms that handle taxpayer data are legally required to safeguard it. These are the actual obligations — the laws, rules, and IRS publications that define what “reasonable security” means for your practice.
- IRS Publication 4557 — Safeguarding Taxpayer DataThe IRS baseline for how tax pros must protect client data.
- IRS Publication 5708 — Creating a Written Information Security Plan (WISP)The template and structure for the WISP the IRS requires you to have.
- IRS Publication 1345 — Authorized IRS e-file Providers (security)Security and privacy rules for anyone e-filing returns.
- “Protect Your Clients; Protect Yourself” (Security Six)The IRS's core set of six protections every practice should run.
- IRC §7216 — Consent to disclose / use taxpayer infoYou must capture explicit client consent before using or sharing their data.
- FTC Safeguards Rule — what your business needs to knowThe FTC's plain-language guide to the security program you owe clients.
- 16 CFR Part 314 — the Safeguards Rule textThe actual regulation, element by element (§314.4).
- Gramm-Leach-Bliley Act (GLBA)The federal law that makes tax preparers “financial institutions.”
A WISP is required by the IRS (Pub 5708) to obtain or renew your PTIN, and the FTC Safeguards Rule (under GLBA) applies to tax preparers as “financial institutions.”
Not legal advice — confirm your obligations with counsel.
Built to SOC 2, GLBA FTC Safeguards, and IRS Pub 4557 / Pub 5708 standards. HitDirector is not itself SOC 2 certified, and this page is not legal advice. Final compliance — including your firm's Written Information Security Plan (WISP) and any §7216 consent language — depends on your own policies and counsel; we give you the architecture and controls to build on.
Simple pricing for a portal you own.
One dedicated box, priced per firm and per seat. No per-signature fees, no per-integration add-ons, no surprise overages — you always know what you owe.
Base platform
Your dedicated, single-tenant CPA client portal — off-box keys, your own court-ready e-signature, and an immutable audit trail. Includes 25 GB of encrypted document storage.
Book a DemoAdd a licensed preparer or staff seat any time. Scale up in busy season, scale back after April 15.
Every plan includes 25 GB. Need more? Add encrypted storage in 25 GB blocks whenever you fill up.
Billed monthly. Base platform includes 25 GB of encrypted storage; additional storage and seats are prorated as you add them.
Give your clients a portal you own —
and an answer for every auditor.
A sovereign, single-tenant CPA client portal — off-box keys, your own e-signature, an immutable audit trail — provisioned on a dedicated box and run by engineers who stay.