Trust

How we handle your data.

Tax documents are some of the most sensitive material a client will share with anyone. We treat them that way.

Encryption

Every document is encrypted in transit (TLS 1.2+) and at rest (AES-256). The portal does not send tax documents over email, ever. Signed PDFs are delivered only through the portal's authenticated interface.

Access controls

Each client account is scoped to that client's documents only. Preparers and account managers see the clients they're assigned to, with role-based permissions enforced at the database layer — not just in the application UI. Every access is logged.

Authentication

Sign-in uses email-and-password or magic-link via a single identity provider. Sessions expire automatically. Multi-factor authentication is available on every account.

Retention

We retain returns and supporting documents for the period required by CRA recordkeeping rules (six years from the end of the tax year the records relate to), then purge on a documented schedule. Clients can request a full export of their records at any time.

Your rights

  • Request a copy of every document we hold for you
  • Request deletion of records past the retention window
  • Receive notification of any security incident affecting your account
  • Revoke access tokens and sessions from your account settings

Privacy policy

Replace this section with the firm's full privacy policy text or link to a dedicated /privacy page. Comply with PIPEDA (and provincial equivalents — Quebec's Law 25, BC's PIPA, Alberta's PIPA). Include data controller, lawful basis, categories of data collected, and contact for access / correction requests.

Ready to work with us?

THD Tax is invite-only to keep client work private and quality high. Existing clients sign in to the secure portal; new prospects request an invitation and we'll be in touch.