Security & Data Protection

All data in transit is protected with TLS 1.2 or higher. All data at rest is protected with AES-256 encryption. Sensitive fields (PTIN, EFIN, SSN, banking) are additionally masked at the application layer and logged on reveal.

Role-based access control (RBAC) enforces least-privilege access. Multi-tenant isolation prevents cross-tenant data exposure. All privileged operations require authenticated sessions with audit logging.

Every sensitive operation — credential reveal, document upload, compliance verification, lifecycle transition, super-admin impersonation — is logged with user, tenant, timestamp, IP, and user agent. Audit history is immutable.

We operate under IRS Publication 4557 (Safeguarding Taxpayer Data), the FTC Safeguards Rule, the Gramm-Leach-Bliley Act, and applicable state privacy laws.

We maintain a documented incident response plan. Suspected breaches will be investigated within 24 hours and notification will follow applicable law and contractual obligations.

Questions? Contact compliance@rossandassociates-protax.com · 725.201.7440 · Secure Fax 725.777.4487.