IRS now requires every tax preparer to maintain a Written Information Security Plan. Most firms hide theirs. We publish ours because we want you to see it.
SSN, ITIN, DOB, address, bank account (for direct deposit), all W-2/1099/K-1 income, dependents info, prior-year AGI. Nothing else without explicit consent.
Encrypted at rest on our authorized e-file partner CloudTaxOffice (professional, licensed tax software) and GHL (CRM). Documents in GHL custom fields, encrypted via Vercel KV. No local copies on staff devices.
Currently: Michael Dellamonica (sole preparer) and Claude (operations agent. view-only on encrypted records, no decrypt access to PII). All access logged.
7 years from filing (IRS requirement). Auto-deletion runs first Monday of the following month after 7-year mark.
If we suspect a breach: client notified within 72 hours · IRS Stakeholder Liaison notified · forensic investigation begins same day · credit monitoring offered if PII confirmed exposed.
Email info@zerofusstaxes.com to: get a copy of everything we hold on you (DSAR) · request deletion · opt out of marketing · update incorrect info. We respond within 30 days.