We handle tax returns, payroll records, bank statements, ITIN documents, and sensitive financial data for US businesses every day. We treat each byte of client information with the same confidentiality a trusted law firm would — because that's the standard you deserve.
The Data Journey
From the moment you share a document to the moment it's securely archived, here is exactly what happens to your data inside Sunpact Global.
You share documents via our encrypted client portal or a designated secure file-sharing link — never via plain email attachments. All uploads are protected by 256-bit SSL/TLS encryption in transit. We do not accept sensitive documents through WhatsApp, Gmail, or any unsecured channel.
"We only accept financial documents through encrypted, access-controlled channels. No exceptions — not even for convenience."
Once received, your documents are assigned only to the specific team member(s) working on your engagement — and no one else. We operate on a strict need-to-know basis: your payroll specialist sees payroll data; your tax preparer sees tax data. No cross-access, no exceptions. Every team member must have signed an NDA before being granted any client data access.
"Your bookkeeper never sees your ITIN documents. Your payroll manager never sees your tax returns. Compartmentalization is built into our workflow by design."
All client data is stored on enterprise-grade, encrypted cloud platforms with data centers compliant with industry security standards. Files are encrypted both at rest and in transit. Automated daily backups ensure your data is never lost, and disaster recovery procedures are tested regularly to guarantee business continuity.
"We use the same caliber of cloud infrastructure trusted by Fortune 500 finance teams — not consumer-grade storage solutions."
Every access event — who opened a file, when, and from which device — is logged in our audit system. Our security team reviews these logs regularly for anomalies. If any unauthorized access attempt is detected, our incident response protocol activates immediately, with client notification within 24 hours.
"You can ask us at any time who has accessed your data and when. We maintain a full audit trail for every client engagement."
When we deliver completed work — tax returns, financial statements, payroll reports — we send them through the same encrypted portal used for intake. Clients receive a secure link requiring authentication. We never send finalized financial documents as plain email attachments, and we never use consumer file-sharing services for client deliverables.
"A completed tax return contains your most sensitive financial information. We deliver it with the same security protocols used by US financial institutions."
We retain your financial records in accordance with IRS guidelines — generally 7 years for tax-related documents. All retained data remains encrypted in access-controlled archives. Upon engagement termination or at your written request, data is securely deleted using industry-standard data destruction methods, with a certificate of deletion provided upon request.
"When our engagement ends, your data doesn't linger indefinitely on our servers. Retention follows IRS rules — and destruction follows your instructions."
Our Security Infrastructure
Every layer of our operation is designed with one principle: your financial data belongs to you, and it stays protected.
All data in transit is protected with bank-grade 256-bit encryption. We enforce HTTPS on every communication channel and reject any connection that does not meet our security standards.
Access to client data is granted only on a need-to-know basis. Permissions are role-specific, time-limited where appropriate, and revoked immediately upon project completion or staff departure.
Data resides on compliant, encrypted cloud platforms with geographically distributed backups, 99.9% uptime SLAs, and tested disaster recovery procedures — zero data loss risk.
Every employee, contractor, and vendor who may encounter client data signs a legally binding Non-Disclosure Agreement before they are granted system access. No exceptions.
A comprehensive audit trail captures every data access event — who, when, what, and from where. Logs are reviewed periodically and retained for compliance purposes.
We conduct regular internal security assessments to identify and remediate vulnerabilities. Our protocols are updated continuously as new threats emerge and best practices evolve.
Our Unconditional Promise
We do not sell, rent, trade, or otherwise monetize your financial information. Full stop. Your data exists in our systems solely to deliver the services you hired us for — nothing more.
In the unlikely event of any security incident affecting your data, we commit to notifying you within 24 hours, providing a full incident report, and executing immediate remediation — no delays, no cover-ups.
Your financial data belongs to you — always. Upon request, we will provide you with all your documents and records in a portable format, and permanently delete our copies per your instruction and applicable IRS retention rules.
