top of page

Instant.Tax is Building a Culture of Privacy

  • Writer: Peter Toumbourou
    Peter Toumbourou
  • Oct 30
  • 3 min read

Privacy and security are central to everything we do at Instant.Tax.


From the outset, we've invested heavily in developing our platform with care, integrity, and a relentless focus on protecting customer information. Putting people at the heart of AI begins with respecting the privacy everyone deserves. That starts with data and extends to everything we touch.


In today’s digital world, privacy is more than a compliance obligation: it’s a core value and a mark of trust. As a domain-specific AI platform serving individuals, tax professionals, and global enterprises, we know that customer confidence depends on strong, transparent privacy practices.

ree
Trust is a glass: fracture it once and it evaporates. It is the glue that bonds us together.


1.      Embedding Privacy from the Top Down

At Instant.Tax, we treat privacy and security as core principles, not optional standards. This commitment starts at the top and shapes every decision we make. It ensures that privacy is embedded in all areas of the business, from engineering and product design to customer experience and operations.


We view trust as something that must be earned through consistent action. Our privacy and compliance teams work closely with every department to make sure the safeguards our customers rely on are reflected in daily practice.


Our teams operate under clear, non-negotiable principles: no training on customer data, zero data retention, and no human review of customer information. This alignment reflects a culture where privacy is built in from the start.

2.      Making Clear and Transparent Commitments

Transparency is at the heart of any credible privacy program. Instant.Tax was among the early adopters of the Data Privacy Framework (DPF), committing to internationally recognised principles of fairness, accountability, and access.


Our Privacy Policy and Data Processing Agreement (DPA) outlines how we collect, process, and protect data. These commitments are backed by rigorous contractual obligations and independent oversight.


Every AI provider or subprocessor we work with must meet the same standards, including three key requirements:


  1. No retention of customer data. All data is processed only for the duration of a request and securely deleted afterwards.


  2. No human access to customer data. We follow an "eyes-off" policy that prevents human review.

  3. No AI training on customer data. Customer data remains the sole property of the customer.

Our approach aligns with GDPR, ISO 27701, ISO 27001, and SOC 2 Type II standards, ensuring our privacy commitments are clear, auditable, and enforceable.


3.      From Feedback to Action

Listening to our customers shapes the way we build. Instant.Tax gives customers direct control over their data. Users can set their own retention periods, as short as three hours, and delete their information at any time. We believe control and transparency are essential to trust.


Control, security and trust are critical foundations.


4.      Applying Global Privacy and AI Regulations

With a global customer base, Instant.Tax actively monitors emerging laws and standards in privacy and AI governance.


Our program aligns with major frameworks, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the UK Data Protection Act, the OECD AI Principles, the NIST AI Risk Management Framework (AI RMF), and the upcoming EU AI Act.


We follow developments in AI regulation closely, with a focus on transparency, accountability, fairness, and human oversight. Our compliance and legal teams collaborate with international experts to keep Instant.Tax ahead of global requirements and evolving best practices.


5.      Privacy as a Living Value

Privacy at Instant.Tax continues to evolve. We conduct regular reviews, red-team assessments, and cross-functional audits to keep pace with new technologies and regulatory expectations.

Our security framework includes continuous vulnerability scanning, annual third-party penetration testing, and alignment with ISO 27001, SOC 2 Type II, and the NIST Cybersecurity Framework. These practices ensure that privacy and security remain measurable, consistent, and verifiable.


Privacy is more than a policy. Its a living value.

A Living Value

Privacy is a living value that defines how we design, build, and operate our technology.

By embedding privacy into our products, processes, and people, we aim to set a new standard for tax AI.


Peter Toumbourou

on behalf of Instant.Tax

 
 
bottom of page