Core provider
Google Cloud
Cloud infrastructure for the product workspace.
Trust model
Trust, before you upload records
Verify how OPTAX handles company records, AI-assisted review, service providers, and filing boundaries before the workspace holds sensitive data.
The trust contract
These are the promises a visitor should be able to check before uploading records.
Your records stay scoped
Company records stay tied to the authenticated account, company, role, and selected tax year.
AI stays reviewable
Recommendations appear with assumptions, missing evidence, and confirmation points instead of final tax advice.
Outputs stay traceable
Prepared materials are tied back to records, schedules, source evidence, and review notes.
Authority stays human
The owner, authorized representative, or CPA reviewer keeps control over signoff and any CRA submission path.
Boundaries visible before upload
The same supported boundary model appears across the site: account-scoped records, human review, separate CRA filing authority, reviewable audit trails, and no public model training on customer content.
- Records stay in your account.
- You confirm before output.
- Reviewed package first; CRA submission stays with you.
- Records and rationale stay reviewable.
- Your content never trains public models.
Core service providers
These providers support hosting, payments, and bank connections. This is a core-provider map, not the complete provider list.
For AI/data-processing providers and analytics, read the Privacy and AI Data Processing pages.
Core provider
Stripe
Payment processing and billing records.
Core provider
Plaid
Bank connection infrastructure when you choose to connect accounts.
Scope
These providers support hosting, payments, and bank connections. This is a core-provider map, not the complete provider list.
Fuller disclosure
For AI/data-processing providers and analytics, read the Privacy and AI Data Processing pages.
Trust boundary
What we can say, and what we cannot yet claim
Security controls roadmap in progress
- Third-party audit and regulatory status appear only when formal evidence is available.
- Tax-efficiency signals are review prompts, not promised savings or final tax advice.
- Filing control and professional judgment stay with the owner, authorized representative, or CPA.
What people ask before trusting us
Honest answers, with no certifications or numbers we have not earned.
- Do you have third-party security certifications yet?
- Not yet, and we will not claim assurances we have not completed. Our security controls roadmap is in progress, and every public statement stays conservative.
- Which core service providers do you name?
- We name our core providers for hosting, payments, and bank connections — Google Cloud, Stripe, and Plaid. AI and data-processing providers, plus analytics, are covered in our Privacy and AI Data Processing pages.
- Do you sell or train on my financial data?
- No. Our privacy program follows Canadian privacy principles, and your content is never sold or used to train public AI models.
- Where does OPTAX stop, and where do my CPA and the CRA come in?
- OPTAX prepares an owner-reviewed, review-ready package. Bring a CPA in for review or handoff when a return is complex; you or your authorized representative submit to the CRA.
Review the trust boundary before you start.
Start with a scoped company-year workspace and keep the evidence, AI recommendations, and filing authority visible.
Start T2 Preparation