Where Your Clients' Data Sleeps The one-sentence answer every firm should be able to give — and why it's a property of architecture, not paperwork.

There's a question coming for every tax practice, and most of us aren't ready for it. It doesn't arrive in a security audit or a compliance review. It arrives across the desk, in plain language, from a client who just watched you scan their W-2 into something: "Where does my information actually go?"

I got that question a couple of seasons ago. And I did what most of us would do — I reached for the reassuring answer. The data's encrypted. The vendor's certified. It's in the cloud. All true, all technically responsive, and all completely beside the point. Because she didn't ask whether her data was encrypted. She asked where it lives. And the honest answer was: on a server I have never seen, run by a company she's never heard of, under terms that can change with thirty days' notice.

I couldn't say that in a way that built trust. So I said the encrypted-cloud thing, and we moved on. But the question stuck with me, because I realized it was going to become the question.

Why this question is about to matter more

For thirty years, "where does the data go" was a question nobody asked because nobody had to. You bought tax software, it lived on your desktop or in a vendor's cloud, and that was simply how it worked. The architecture was invisible, so the question was invisible.

Two things changed that. First, breaches became routine enough that ordinary clients now know to ask. Second — and this is the big one — AI entered tax prep. The moment a tool says it uses AI to "read" a return, a sophisticated client's next thought is: read it where? With whose model? On whose servers? And who else can see it?

That instinct is correct. When a document gets processed by AI, it generally has to go somewhere to be processed. The entire question of taxpayer privacy in the AI era reduces to a single architectural fact: does the data leave the firm's environment to be processed, or not?

Most tools send it out. That's not a scandal — it's just the default. Shared-cloud software was the cheapest, fastest way to build for two decades, so that's what got built. But the default has a cost that's invisible until a client asks the question: you can't answer it in one clean sentence.

The two architectures, plainly

Strip away the marketing and there are really only two answers a firm can give.

Privacy by policy. Your clients' data is processed on infrastructure you don't control, and it's protected by a contract — a privacy policy, a terms-of-service, a data-processing agreement. These documents are real and often well-written. But they share one structural weakness: they can change. Nearly every one contains a clause that lets the vendor revise its terms with thirty days' notice, where continued use constitutes acceptance. Read that as a practitioner. The protections covering your clients' data today can quietly become different protections next month, and your only leverage is to stop using the tool — after the data is already there.

Privacy by architecture. Your clients' data is processed inside an environment you already control — your own cloud tenant — and it never leaves. There's no vendor-side copy to govern with a paragraph, because there's no vendor-side copy. The protection isn't a promise about what someone won't do with your data. It's a fact about where the data physically sits.

The difference between these isn't a difference in how careful the vendor is. It's a difference in what has to be true for your client's data to be exposed. With policy, you're trusting an entity to keep a promise. With architecture, there's no promise to keep — the data simply isn't anywhere it could be exposed from.

The one-sentence test

Here's a test you can run on any tool your firm uses, today, without calling a salesperson. Ask: if a client asked me right now where their data physically lives during processing, could I answer in one sentence — and would the answer build trust or require an apology?

If the honest answer is "it's on a server I've never seen, under a policy that can change," you don't have a one-sentence answer. You have a paragraph, and the paragraph is a hedge.

If the honest answer is "it never leaves my own firm's environment," you have something a per-return tool with a faster engine can't copy. You have a sentence that ends the conversation instead of starting an uncomfortable one.

That sentence is becoming a competitive asset. Speed gets commoditized — every tool will be fast soon. Trust compounds. The practitioner who can look a client in the eye and say "your information never leaves my house" is building the one thing that doesn't show up on a feature comparison and doesn't erode when the next tool ships a quicker model.

What this looks like in practice

I'll be concrete, because abstractions are easy and architecture is specific.

It's possible to build tax automation that runs inside the firm's own cloud workspace — the same environment that already holds the firm's email, documents, and calendars. The documents get processed there. The results get written back there. The most sensitive field on the whole return, the Social Security number, never sits in the open working file at all — it's held in a dedicated secret store and referenced by a pointer, so a casual export can't spill it. And none of it leaves the tenant the firm already controls and already trusts.

That's not a more careful version of the shared-cloud model. It's a different answer to the client's question. It's the difference between "we protect your data" and "your data is in a place only you can reach."

It also happens to make the compliance story simpler. §7216 — the rule restricting how preparers handle taxpayer information — stops being a policy you maintain and becomes a property of where the data lives. You're not promising to satisfy a disclosure restriction. You're structurally unable to violate it, because the data never went anywhere it could be improperly disclosed from.

The question isn't going away

The next few years are going to sort our profession by how firms answer one question, and it won't be "how fast is your software." It'll be "where does my data go." Clients will ask it more, regulators will ask it more — the IRS is consolidating its oversight of preparers this year, and professional responsibility is getting more scrutiny, not less — and the firms that thrive will be the ones who can answer plainly, without reaching for the policy PDF.

So I'd offer the question back to you, the way it was offered to me across that desk: if a client asked today where their information sleeps tonight, what would you actually say?

If you don't love the answer, the good news is it's fixable. Not with a better privacy policy. With a better place to put the data.