Tax Paperwork

Security posture

No cloud return database by default

The paper MVP is built around browser-local packet generation, narrow validation gates, and encrypted project files instead of a server-side tax-return database.

Operational draft This page describes the intended architecture. Production controls and vendor claims need security review before launch.

Local Generation

The current app downloads the source IRS PDF from the app server, fills the supported fields in the browser, appends support documents, and downloads the final paper packet to the user's device.

Project Files

Users can export a local encrypted project file for save/resume. The current implementation uses PBKDF2-SHA256 and AES-256-GCM through browser WebCrypto.

  • The passphrase is not stored by the app.
  • Lost passphrases cannot be recovered by the app.
  • Plain JSON export exists for testing and should not be used for production without warning copy.

Data Minimization

The intended paid paper workflow should store payment metadata, product version, and non-sensitive operational records, not SSNs, donee addresses, gift details, or generated return PDFs.

Not Included Yet

The product does not yet include production identity controls, incident response procedures, security monitoring, vendor DPAs, SOC 2 evidence, or a formal retention/deletion workflow.

Address Services

Third-party address autocomplete is intentionally not enabled by default. If added later, it should be opt-in, disclosed before typing, and reviewed as a sensitive-data subprocessor.