Security & Trust
Security & Trust
At ProTaxAdvisors, security, data integrity, and auditability are built into the core of our accounting engine — not added later. Our platform is designed for real businesses, CPAs, and investors who require confidence, transparency, and control over their financial data.
Data Isolation & Privacy
- Each business operates within its own logically isolated ledger
- Database-level Row Level Security (RLS) enforces tenant isolation
- No cross-business data access — even at the API layer
- Policies enforced directly inside PostgreSQL, not just application code
Why this matters: Even if an API request is malformed or misused, data from other businesses cannot be accessed.
Accounting Integrity
- Double-entry accounting enforced at write-time
- Trial Balance must net to zero or transactions are rejected
- Period locks prevent retroactive changes after close
- Financial records are immutable once finalized
Why this matters: Financial data cannot silently drift, be overwritten, or manipulated.
Role-Based Access Control
- Clearly defined roles: Client · Professional · Investor · Auditor · Admin
- Auditors are read-only by design
- Investors view snapshots — not live ledgers
- Permissions enforced in both UI and database policies
Why this matters: Users only see what they are explicitly authorized to see — nothing more.
Audit & Oversight
- All financial mutations are logged
- Actions are traceable by user, timestamp, and entity
- Period lock violations are recorded
- Designed for CPA review and regulatory audits
Why this matters: Every material change has a clear chain of custody.
Continuous Validation
- Automated tests enforce accounting invariants
- Balance Sheet and Trial Balance integrity validated continuously
- Reconciliation states verified before closure
- Deployments blocked if accounting rules fail
Why this matters: Errors are caught early — before they affect your books.
Compliance-Aligned by Design
- SOC 2 / ISO-aligned architecture
- Evidence-ready logging and controls
- Immutable financial snapshots for review
- Audit-safe period enforcement
Formal certifications are pursued as the platform scales.
Business Continuity & Access Security
- Secure authentication and session handling
- Encrypted connections
- No production data edits during locked periods
- Controlled access to sensitive operations
Built for Professionals
ProTaxAdvisors is designed to support:
- Small businesses
- CPAs and advisors
- Investors and portfolio owners
- Due diligence and audit reviews
If you have specific security or compliance questions, we’re happy to walk through our controls.
Questions?
Contact us anytime at support@protaxadvisorsfl.com.
Written Information Security Program (WISP)
Purpose
ProTaxAdvisors maintains a Written Information Security Program to protect taxpayer data, enforce access discipline, and reduce unauthorized exposure across all client-facing systems.
Data Classification
- Restricted: SSN, EIN, tax returns
- Confidential: client emails and financial data
- Internal: system logs
- Public: marketing content
Core Controls
- Role-based access with tenant-scoped RLS and least-privilege assignments.
- MFA enforced for privileged admin actions and no shared credentials.
- TLS 1.2+ in transit, encrypted-at-rest data controls, and secrets managed in platform environment configuration.
- Structured requestId logging, admin action trails, and no PII logs.
Access the operational WISP text in docs/security/wisp.md for the current control matrix and incident response procedure.