Site Transparency

Complete transparency about how TaxProExchange operates

At a Glance

Domain
taxproexchange.com
Registration Status
Active & Auto-renewing
Hosting Provider
Vercel (US)
Authentication
Clerk (SOC 2 Type II)
Database
Supabase (Postgres + RLS)
Security
HTTPS, RLS, OAuth2

Infrastructure & Security

Hosting & Deployment

TaxProExchange is hosted on Vercel, a secure and reliable platform with edge network distribution. All traffic is served over HTTPS with automatic certificate management and renewal.

Database Security

We use Supabase (managed PostgreSQL) with Row Level Security (RLS)enabled on all tables. This means database-level access controls enforce who can read or write data, independent of application logic.

Authentication

User authentication is handled by Clerk, a SOC 2 Type II certified provider. We support OAuth2 sign-in via Google and LinkedIn, and all sessions are encrypted and managed server-side.

Data Practices

What We Collect

  • Minimal PII: Business name, professional contact info (email, phone if shared)
  • Credentials: License type, number, and state (verified against official registries)
  • Professional details: Specializations, service areas, firm information
  • Usage data: Login times, search queries, profile views (for platform improvements)

What We Don't Collect

  • Social Security Numbers
  • Bank account or payment information (we don't process payments)
  • Client tax documents or sensitive client data
  • Detailed financial records

Data Location

All data is stored in US-based data centers. Supabase database instances are hosted in AWS US regions. Vercel serves content from edge locations globally but all sensitive data remains in US storage.

Email Security

We send transactional emails (verification, notifications) via Resend. Email security measures include:

  • SPF (Sender Policy Framework): Enabled to prevent email spoofing
  • DKIM (DomainKeys Identified Mail): Enabled for email authentication
  • DMARC (Domain-based Message Authentication): Configured for email validation

All emails from TaxProExchange originate from verified @taxproexchange.com addresses. If you receive suspicious emails claiming to be from us, please report them immediately.

Platform Boundaries

TaxProExchange is a discovery and connection platform. We explicitly do not:

  • Process payments or financial transactions (no payment processor integration)
  • Store or transmit client tax documents (no file storage for client work)
  • Provide tax preparation software or practice management tools
  • Act as an employer, staffing agency, or referral broker

All professional engagements, contracts, and file exchanges happen outside our platform. We facilitate connections; you manage the work.

Compliance & Standards

Privacy Regulations

We comply with:

  • CCPA/CPRA (California Consumer Privacy Act / Rights Act)
  • GDPR (for any EU users, though primary audience is US-based tax professionals)
  • CAN-SPAM Act (email marketing compliance)

See our Privacy Policy for details on data rights, deletion requests, and opt-out procedures.

Professional Standards

While TaxProExchange is not a regulated tax firm, we verify professionals against official standards:

  • CPA: State Board of Accountancy verification
  • Enrolled Agent: IRS EA Public Directory
  • CTEC: California Tax Education Council registry
  • Attorney: State Bar association verification

See our Trust & Verification page for details on our verification process.

Contact & Accountability

For security concerns, privacy questions, or transparency inquiries:

Email: koen@cardifftax.com

Security issues: koen@cardifftax.com

Commitment to Transparency

We believe trust is earned through openness. If you have questions about anything on this page, we're happy to clarify. Transparency isn't just a page—it's how we operate.