Security & Compliance: How We Protect Your Data
Your tax information is among your most sensitive personal data. At CPTax Services, we take data security and privacy seriously. Here's how we protect your information:
Data Encryption
- In Transit: All data transmission uses 256-bit SSL encryption
- At Rest: Client data is encrypted using AES-256 encryption
- Database Security: Encrypted databases with regular security updates
Secure File Transfer
- Encrypted document upload system
- Secure client portal with multi-factor authentication
- Automatic file deletion after processing
- No data stored on local devices
Access Controls
- Role-based access to client information
- Multi-factor authentication for all staff
- Regular access reviews and updates
- Audit logs for all data access
Physical Security
- Secure office locations with controlled access
- Locked filing cabinets for physical documents
- Secure document destruction procedures
- No client data stored on personal devices
Staff Training and Background Checks
- Comprehensive background checks for all employees
- Regular security training and updates
- Confidentiality agreements for all staff
- Ongoing compliance monitoring
Compliance Standards
IRS Requirements
- Compliance with IRS Publication 4557 (Safeguarding Taxpayer Data)
- Annual security assessments
- Written information security plan
- Regular staff training on data protection
Industry Standards
- Following AICPA guidelines for tax preparers
- Adherence to state privacy laws
- Regular security audits and assessments
Client Responsibilities
To help us protect your data, please:
- Use strong, unique passwords for your client portal
- Enable two-factor authentication when available
- Only share documents through secure channels
- Notify us immediately of any security concerns
- Keep your contact information updated
Data Retention and Destruction
- Client data retained according to IRS requirements (minimum 3 years)
- Secure destruction of data after retention period
- No data sold or shared with third parties
- Client data returned upon request
Incident Response
In the unlikely event of a security incident:
- Immediate containment and assessment
- Notification to affected clients within 24 hours
- Cooperation with law enforcement if necessary
- Full investigation and remediation
Your Rights
- Right to access your personal data
- Right to correct inaccurate information
- Right to request data deletion (subject to legal requirements)
- Right to data portability
- Right to opt out of certain data processing
Questions or Concerns?
If you have any questions about our data security practices or want to report a security concern, please contact us immediately at [email protected] or call us at (443) 299-5070.
