Your return is the most sensitive thing you'll upload this year.
We treat it that way.
Encrypted at rest
All uploaded returns are encrypted at rest in Supabase Postgres with key rotation.
Row-level security
Supabase RLS enforces that only you and your assigned CPA reviewer can read your return data.
SOC 2 in progress
We're actively pursuing SOC 2 Type I attestation for 2026. Our subprocessors (Stripe, Resend, Anthropic) are SOC 2 attested today.
7-year audit log
Every action is logged with actor, IP, user agent, and timestamp. Logs are retained per IRS guidance.
Resend for transactional email
Account verification and CPA correspondence are delivered via Resend, never sold or shared.
Powered by Claude — never trained on your data
Anthropic does not train on Claude API traffic. Your return content is not used to improve any model.
Vulnerability disclosure
If you've found a security issue, please email security@taxscan.ai. We respond within one business day and pay bounties for verified reports.
Your past tax returns owe you money.
Free scan. No credit card. Findings preview in under 10 minutes.
TaxScan provides analytical insights. We are not a substitute for legal or tax advice. Findings are reviewed by licensed tax professionals before any amended return guidance is issued.