The Standard in Secure Tax AI

Black Ore delivers SOC 2–compliant, U.S.-based infrastructure trusted by leading CPA firms — ensuring client data is always protected

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Platform

Data Security & Infrastructure

Black Ore is built on secure cloud infrastructure — designed to meet the demands of high-volume, sensitive tax workflows

01
AES-256 encryption at rest and TLS 1.2+ in transit
02
All data stored in U.S.-based, SOC 2-audited data centers
03
Secure multi-tenant data separation
04
Real-time monitoring, threat detection, and recovery
05
No data is shared with or sold to third parties — ever
DATA

Client Data Protection

Our platform is built from day one with strict controls to ensure data privacy, confidentiality, and firm-level protections

No Outsourced Access

Your client data is never handled by offshore or third-party teams. All processing stays within Black Ore’s secure, closed-loop platform

Encrypted Processing

All processing occurs in encrypted, access-controlled environments—ensuring sensitive information is never exposed or mishandled

Secure by Design

Built with security at the core, Black Ore ensures data never leaves the firm’s secure context—and safeguards every step of the workflow

Full Data Ownership

Your firm retains full control and ownership of its data. Black Ore never uses client documents for model training or cross-firm optimization

Data Lifecycle Control

Export, redact, or delete data anytime—ensuring full lifecycle control and compliance

Independent Validation

SOC 2–compliant and independently audited, Black Ore’s infrastructure and controls meet the highest standards for enterprise-grade security

Access

Access Controls & Permissions

We provide granular, role-based access controls that let firms manage security and compliance across users, teams, and offices

Role-Based Permissions

Define user roles with precision. Granular access controls for preparers, reviewers, managers, and partners ensure each team member sees only what they need—no more, no less

Multi-Level Security

Enforce protections at every layer. Apply return-level, document-level, and even field-level access rules to match your firm’s internal structure and workflow

Enterprise Authentication

Single Sign-On (SSO), Multi-Factor Authentication (MFA), and session management

Policy & Workflow Controls

Customize permissions to reflect your firm’s governance. Configure override policies, review stages, and sign-off rules to mirror internal processes

Complete Audit Logging

Maintain full visibility. Every user action, data change, and workflow event is recorded and timestamped for compliance, oversight, and traceability

Standards

Compliance & Certifications

Black Ore’s security and operations are governed by internal policies aligned with the AICPA Trust Services Criteria for Security, Availability, and Confidentiality — the foundation of our SOC 2 Type II compliance

SOC 2 Type II Compliance
Audited annually against rigorous controls for infrastructure, data access, and system security
01
U.S.-based data residency
All data is stored and processed in secure, U.S.-based data centers—meeting jurisdictional and client privacy requirements
02
Quarterly Security Reviews
We continuously test and update our security posture through internal risk assessments and independent audits
03
Granular Infrastructure Controls
Every layer—from platform services to data pipelines—is governed by policies that restrict unauthorized access and enforce least-privilege design
04
Operational Safeguards
All systems follow strict deployment, monitoring, and incident response protocols—ensuring resilience and rapid mitigation if required
05
Our Approach

Security Is Foundational to Black Ore

From day one, Black Ore was built to protect sensitive tax data at every level — from encrypted infrastructure and SOC 2 compliance to rigorous access controls and audit logging. We constantly validate and improve our defenses, ensuring firms can automate with confidence while maintaining the highest standards of privacy and compliance

Faqs

FAQ — Security

How does Black Ore ensure data security and compliance?

Black Ore is SOC 2 Type II compliant and follows the AICPA Trust Services Criteria for Security, Availability, and Confidentiality. Our infrastructure includes enterprise-grade encryption (AES-256 at rest, TLS 1.2+ in transit), continuous monitoring, and strict access controls to keep your data protected at every layer.

Is client data used for AI training or shared with third parties?

No. Black Ore does not use sensitive client data to train models or share it with third-party services. Your data remains encrypted, protected and is never repurposed.

Where is client data stored and processed?

All client data is stored exclusively in U.S.-based, SOC 2-audited data centers. We do not offshore or outsource processing—your documents and extracted data never leave Black Ore’s secure environment.

Can firms manage user roles and permissions?

Yes. Firms can set granular, role-based permissions across preparers, reviewers, managers, and partners—along with return-level, document-level, and field-level access policies.

Do you support enterprise authentication and session security?

Yes. Black Ore supports Single Sign-On (SSO), Multi-Factor Authentication (MFA), and customizable session management. Firms can enforce org-wide policies to meet internal IT and compliance requirements.

Get in touch

Join the Nation's Leading Firms. Transform Your Tax Practice.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.