Built by Senior SRE Engineers from Upstart, Dynascale & Fortune 500 — 25 years of production SRE experience. Meet the team →

Your clients' most sensitive data never leaves YOUR box — and you can prove it.

A single-tenant, sovereign CPA client portal on a box that's yours alone. Per-tenant isolation, off-box encryption keys, your own court-ready e-signature, and an immutable audit trail aren't features bolted on — they ARE the product.

Your own dedicated box — not a shared database
Encryption keys escrowed off-box
Court-ready e-signature you own
Immutable, auditor-ready trail

Five pillars that separate us from every SaaS alternative.

TaxDome, Canopy, and Karbon are multi-tenant SaaS products. We are a sovereign infrastructure platform. Here's what that means for your practice.

Single-tenant, not multi-tenant SaaS

Every firm gets its OWN dedicated box — not a row in a database shared with thousands of other practices. Per-tenant isolation is the compliance story and the selling point: no noisy-neighbor breach blast radius, no "we had a platform-wide incident."

  • Your own dedicated box — never a shared database
  • No cross-tenant breach blast radius
  • One command provisions a new tenant

Encryption keys live OFF the box

SSN, EIN, bank, and tax data is envelope-encrypted, and the master keys are escrowed off-box in OpenBao. "Never leaves the box" is literal — the data that does live there is ciphertext without keys.

  • SSN / EIN / bank / tax fields envelope-encrypted
  • Master keys escrowed off-box in OpenBao
  • A full server compromise still yields no plaintext

Your OWN e-signature — no third party

A real cryptographic PAdES seal (ByteRange + detached CMS signature) produces a tamper-evident PDF and a court-ready Certificate of Completion. The signed document never leaves your infrastructure.

  • Tamper-evident PAdES seal, not a third-party redirect
  • Certificate of Completion: hash, timestamp, IP, device
  • Multi-signer routing for spouse or ERO

Audit-as-a-product compliance

An append-only audit log enforced at the database level — a trigger blocks UPDATE and DELETE even from a compromised app account. Built to real standards, not vibes.

  • Append-only log enforced at the database level
  • Trigger blocks UPDATE and DELETE, even if the app is owned
  • Built to GLBA, IRS Pub 4557 / 5708, ESIGN/UETA

Built for the client, not just the CPA

Incumbents built for the back-office, so clients abandon clunky portals and fall back to insecure email. This portal is phone-first, calm, and plain-language — mined from real client complaints.

  • Phone-first, calm, plain-language UX
  • "Your 2024 Tax Return," never "engagement #4471"
  • Shaped by the things clients actually hate

The full CPA engagement loop — handled end to end

One continuous thread, from first click to next season.

Eight steps, one system, no hand-offs to other vendors. The whole engagement flows on your box — and when the season ends, it rolls straight back to the start.

  • 01

    Engage

    Client onboarding and engagement letter

  • 02

    E-Sign

    Cryptographic engagement letter signing

  • 03

    §7216 Consent

    Legally required consent workflow

  • 04

    Questionnaire

    Smart, adaptive intake form

  • 05

    Collect

    Secure document upload and checklist

  • 06

    Review

    CPA reviews and requests missing items

  • 07

    Deliver

    Secure return delivery + e-sign

  • 08

    Roll Forward

    Pre-populated intake for next season

0801next season starts pre-populated — the loop comes back around.

Why firms switching from SaaS don't go back.

Stop stitching together a portal, an e-sign vendor, an intake tool, and email. Here's what your firm can stop paying for — and stop routing client data through.

vs TaxDome, Canopy, and Karbon

They share a database with thousands of other firms.

Multi-tenant SaaS means your clients' SSNs live in the same database as every other firm's clients. One breach affects everyone. We give you your own box — isolated, dedicated, with keys stored off-site.

vs DocuSign

Stop routing signed tax returns through a third-party cloud.

Every document your clients sign through DocuSign passes through DocuSign's servers. We give you real cryptographic PAdES signing inside your own portal — court-ready Certificate of Completion, tamper-evident seal, zero third-party data routing.

vs Email + Dropbox

Bank-grade intake without becoming an IT department.

A full engagement workflow — e-sign, §7216 consent, smart questionnaire, secure document collection, review, delivery, and roll-forward — with a paper trail that satisfies your WISP. No extra software, no separate subscriptions.

When a client or the IRS asks how you protect taxpayer data, you hand them an architecture.

Off-box encryption keys. An append-only, database-enforced audit log. Per-record access control. Mandatory MFA. §7216 consent built into the engagement workflow.

Not a shrug. Not a screenshot of a SaaS vendor's trust page. An architecture your firm owns and controls.

Compliance surface covered:

  • GLBA FTC Safeguards Rule
  • IRS Publication 4557 (Safeguarding Taxpayer Data)
  • IRS Publication 5708 WISP template
  • ESIGN / UETA electronic signature law
  • §7216 disclosure consent workflow
  • State breach notification requirements
  • Append-only audit log (database-enforced)
  • Mandatory MFA for all portal access
  • Per-record authorization (anti-IDOR)

Specific compliance claims are subject to legal review before your firm publishes them. We provide the architecture; your counsel signs off on the language.

Built to SOC 2, GLBA FTC Safeguards, and IRS Pub 4557 / Pub 5708 standards. HitDirector is not itself SOC 2 certified, and this page is not legal advice. Final compliance — including your firm's Written Information Security Plan (WISP) and any §7216 consent language — depends on your own policies and counsel; we give you the architecture and controls to build on.

Simple pricing for a portal you own.

One dedicated box, priced per firm and per seat. No per-signature fees, no per-integration add-ons, no surprise overages — you always know what you owe.

Base platform

$99/month

Your dedicated, single-tenant CPA client portal — off-box keys, your own court-ready e-signature, and an immutable audit trail. Includes 25 GB of encrypted document storage.

Book a Demo
$25/ CPA seat / month

Add a licensed preparer or staff seat any time. Scale up in busy season, scale back after April 15.

$10/ 25 GB / month

Every plan includes 25 GB. Need more? Add encrypted storage in 25 GB blocks whenever you fill up.

Billed monthly. Base platform includes 25 GB of encrypted storage; additional storage and seats are prorated as you add them.

Give your clients a portal you own —and an answer for every auditor.

A sovereign, single-tenant CPA client portal — off-box keys, your own e-signature, an immutable audit trail — provisioned on a dedicated box and run by engineers who stay.