Every uploaded document and database row is encrypted on disk. SSNs are encrypted at the field level and masked in the UI.
All traffic between your browser, our servers, and our storage layer uses modern TLS only.
MFA via TOTP authenticator apps or email codes is required for client and preparer accounts.
Clients, preparers, reviewers, and admins each see only what they need — enforced server-side.
Every login, document access, message, and status change is logged with timestamp and IP for forensic review.
Direct-to-storage uploads, signed URLs with expiry, and per-document access scoping.
Daily encrypted backups with documented retention and restore drills.
Documented incident-response playbook covering detection, containment, notification, and post-mortem.
Written Information Security Plan
As required by IRS Publication 4557 and the FTC Safeguards Rule, Connecting Minds maintains a Written Information Security Plan (WISP) covering administrative, technical, and physical safeguards. Available to enterprise clients and auditors on request.