Security & trust

Built for SINs and T-slips.

Client tax data is hosted in Canada, encrypted, role-scoped, and logged. We'll go deeper under NDA, with the documents your reviewer needs.

Foundation

Residency, encryption, access, audit.

Hosted in Canada

AWS Canada (Central), with encrypted backups and no US-region replication.

Encrypted

TLS 1.3 in transit, AES-256 at rest.

Role-based access

Owner, manager, support, auditor, reviewer, each scoped, enforced server-side.

Audit trail

Key actions recorded with actor and timestamp, queryable by the firm owner.

Nothing is filed or finalised by AI.

TaxGrit reads documents and flags what's unclear. Your preparer reviews and approves every figure before anything leaves the platform. It's a pre-filing layer; it does not file to the CRA.

Available under NDA

What your reviewer can ask for.

SOC 2 Type II report

Provided under NDA. (A report, not a marketing badge.)

Sub-processor list

Every vendor that touches data or metadata, with its role.

Data-residency detail

Region, backups, retention, and deletion path, in writing.

How we operate

Day-to-day discipline.

Least-privilege access

Time-bound production access with mandatory code review.

Vendor diligence

Sub-processors assessed for residency and handling before integration.

Data ownership

Firm and client data belongs to the firm, exportable, with a defined deletion path.

Incident response

Documented procedures to detect, contain, and notify.

Get started

Questions about security?

Request the security brief, or bring your reviewer to a scoping call.