Security and Privacy at K1Finder
Your tax documents contain highly sensitive financial data. Here is exactly how K1Finder protects them.
Encryption and Transport Security
- All data in transit is encrypted via TLS 1.2+
- Database credentials and API keys are stored as environment secrets, never in code
- Uploaded PDFs are processed in memory and not written to permanent disk storage
Authentication
- Google OAuth 2.0 and Microsoft OAuth 2.0 sign-in — no passwords stored
- Magic link email authentication as an alternative
- Session tokens are rotated on each authentication event
Third-Party Access (Google Drive and Outlook)
- Read-only OAuth scopes — K1Finder can read files but cannot modify or delete them
- Access tokens are stored encrypted and can be revoked at any time from your account settings
- OAuth connections can be removed instantly from the Dashboard
CPA Access and Audit Logging
- Every document view and export by a CPA is logged with user ID, timestamp, and action
- Clients can revoke CPA access at any time
- Audit logs are immutable and cannot be modified by users