Trust & Security

Your data deserves bank-grade protection.

Tax data is some of the most sensitive information you'll ever share. Here's exactly how we protect it — the controls, the certifications, and the people behind them.

Zero

Reportable breaches in 22 years

The pillars

Six controls, layered.

Encryption everywhere

TLS 1.3 in transit, AES-256 at rest. Documents are encrypted before they touch our storage layer.

Strict access control

Role-based access enforced server-side. Every document is scoped to the owning client — even our staff need an explicit assignment.

US-based infrastructure

Data stored in SOC 2 Type II certified US data centers. No offshore processing, ever.

Multi-factor authentication

MFA available on every client portal account. Required for staff and admin accounts without exception.

Full audit trail

Every document view, download, and edit is logged. You can request your access log at any time.

Incident response

24-hour breach notification policy. Clear runbooks and a dedicated security contact.

Compliance

Frameworks we operate under.

We hold ourselves to the standards that govern banks, brokers, and federally authorized tax preparers — not the loose norms of a typical local office.

IRS Publication 4557

Safeguarding taxpayer data — full WISP on file.

Gramm-Leach-Bliley Act

Privacy and safeguards rules for financial institutions.

FTC Safeguards Rule

Updated 2023 rule for tax preparers handling consumer data.

PTIN & EFIN registered

All preparers IRS-credentialed; firm authorized for e-file.

AICPA Code of Conduct

Ethics and confidentiality standards for CPA practice.

State licensing

Florida Board of Accountancy — license details on request.

Operational practices

What we do, every day.

Annual third-party penetration testing

Background checks on all staff with client data access

Mandatory annual security training for the entire team

Encrypted, off-site, geographically-separated backups

Documented incident response and business continuity plans

Vendor risk reviews on every subprocessor we use

Automatic session timeouts in the client portal

No client data in email attachments — portal only

Report a concern

Found something that doesn't look right?

We welcome responsible disclosure from researchers and clients. Email security@meridian.tax with details and we'll respond within one business day.

Contact security

Confidence starts with control.

Talk to a strategist who treats your data with the seriousness it deserves.

Book your discovery call