Security

Built for the data CPAs are responsible for.

Client tax documents contain SSNs, EINs, W-2s, and bank data. NILA treats that data with the same seriousness as the firms we serve.

Mandatory 2FA

SMS-based 2FA enforced on first login. No exceptions.

SOC 2 in progress

Type II certification underway. Auditor engaged.

No model training

Client data never used to train any AI model. Period.

Audit trails

Every document action logged. Full traceability.

How NILA protects client data

Mandatory two-factor authentication

Every account — firm staff and clients — requires SMS-based 2FA on first login. There are no exceptions and no way to disable it. Unauthorized access requires both a password and physical device access.

Encrypted cloud storage

All client documents are stored in encrypted cloud storage. Data is encrypted in transit and at rest. Documents are never accessible without authenticated session credentials.

No model training on client data

NILA's AI runs in isolated environments. Client documents, conversations, and extracted data are never used to train any AI model — ours or any third party's. This is a hard architectural constraint, not a policy preference.

Audit trails on every action

Every document upload, access, extraction, validation, and export is logged with a timestamp and user identity. Full traceability for every client record.

SOC 2 Type II — in progress

SOC 2 Type II certification is underway. Our auditor is engaged and the observation window has begun. For firms with SOC 2 Type II as a hard procurement requirement today, we can provide our current security documentation on request. Contact us at info@with-nila.com.

Questions about security? Email info@with-nila.com or start your free trial — security documentation available on request.