Security & trust
Built for SINs and T-slips.
Client tax data is hosted in Canada, encrypted, role-scoped, and logged. We'll go deeper under NDA, with the documents your reviewer needs.
Foundation
Residency, encryption, access, audit.
Hosted in Canada
AWS Canada (Central), with encrypted backups and no US-region replication.
Encrypted
TLS 1.3 in transit, AES-256 at rest.
Role-based access
Owner, manager, support, auditor, reviewer, each scoped, enforced server-side.
Audit trail
Key actions recorded with actor and timestamp, queryable by the firm owner.
Nothing is filed or finalised by AI.
TaxGrit reads documents and flags what's unclear. Your preparer reviews and approves every figure before anything leaves the platform. It's a pre-filing layer; it does not file to the CRA.
Available under NDA
What your reviewer can ask for.
SOC 2 Type II report
Provided under NDA. (A report, not a marketing badge.)
Sub-processor list
Every vendor that touches data or metadata, with its role.
Data-residency detail
Region, backups, retention, and deletion path, in writing.
How we operate
Day-to-day discipline.
Least-privilege access
Time-bound production access with mandatory code review.
Vendor diligence
Sub-processors assessed for residency and handling before integration.
Data ownership
Firm and client data belongs to the firm, exportable, with a defined deletion path.
Incident response
Documented procedures to detect, contain, and notify.
Get started
Questions about security?
Request the security brief, or bring your reviewer to a scoping call.