Skip to content
SealedReturn
Start your return

Security architecture

Built on real cryptography. Not security theater.

Every other consumer tax service can read your W-2, your SSN, your bank account number. They don't, in normal operation — but they architecturally can. We can't. Here's exactly how.

The flow

How a W-2 photo becomes a 1040 — without our servers ever reading it.

YOUR BROWSER W-2.jpg photo libsodium XChaCha20 + Argon2id 🔒 ciphertext SEALEDRETURN B2 Object Storage 🔒 opaque blob Claude Vision in transient RAM only form fields (re-encrypted) YOUR BROWSER Form 1040 Line 1: $84,000 Line 2a: $0 Line 9: $84,000 PDF ready ↓

crypto_secretstream_xchacha20poly1305 · key derived from your password via Argon2id · server stores ciphertext only

Building blocks

What's in the box.

libsodium-wrappers (npm)

The audited gold standard for cryptography in JavaScript. Originally Frank Denis's NaCl/sodium port; used by Signal, ProtonMail, and the Tor Browser. We use the crypto_secretstream_xchacha20poly1305 primitive for streaming authenticated encryption.

Source: libsodium docs

Argon2id (key derivation)

Winner of the Password Hashing Competition (PHC). Memory-hard (resistant to GPU and ASIC attacks) and side-channel-aware. We use Argon2id with parameters tuned to ~750ms on a modern laptop CPU — enough to make brute-forcing your password infeasible.

Source: phc-winner-argon2

XChaCha20-Poly1305 (AEAD)

Authenticated encryption with associated data. ChaCha20 is a modern stream cipher (faster than AES on phones without hardware AES). The "X" extends the nonce to 192 bits so we can use random nonces safely. Poly1305 is the message authentication code (MAC) — tampering is detected.

Source: RFC 8439 + XChaCha draft

Backblaze B2 (object storage)

Your encrypted document blobs are stored in Backblaze B2 (S3-compatible). B2 sees opaque ciphertext only. Even with a B2 employee insider, a state-actor warrant served on B2, or a B2 breach — your tax data is unreadable.

SOC 2 Type II + ISO 27001 certified at the storage-provider level. Belt-and-suspenders.

Zero-knowledge by design

What we know vs what we don't.

What we DO know

  • • Your email address (so we can email you)
  • • Your tier and payment status (Stripe-managed)
  • • Approximate document counts (for capacity planning)
  • • Your IP address at login (for fraud detection — kept 30 days, then dropped)
  • • Anonymous usage events (which pages you visited — opt-out available)

What we DON'T know

  • • Your SSN, your spouse's SSN, your dependents' SSNs
  • • The contents of any W-2, 1099, 1098, K-1, or receipt you upload
  • • Your wages, refund amount, or tax owed
  • • Your bank account, routing number, or refund destination
  • • Your password (we only store its Argon2id hash, salted, never reversible)
  • • The encryption key for your data (it never leaves your browser)

If we received a court order or subpoena

We could hand over the ciphertext blobs. They would be useless without your password. We could hand over your email and IP — that's it. We are designed so that even we cannot decrypt your tax data — and so that a state actor compelling us cannot either.

Compare to TurboTax / H&R Block: their privacy policy says "we may share with affiliates" because they technically can. They have to. They hold the key.

Audit roadmap

Trust, on a public timeline.

We are launching Path A lean (no SOC 2 prelaunch, no Trail of Bits prelaunch — those are 2027 once revenue funds them). The trust artifacts at launch are: open-source encryption layer, WISP, tech E&O insurance, founder identity, Refund Match. Here's the full timeline.

At launch (now)
  • Open-source the encryption layer on GitHub (MIT) — anyone can verify "SealedReturn cannot read my data"
  • WISP (IRS Pub 4557 Written Information Security Plan) published
  • Tech E&O + Cyber insurance (Insureon minimum tier, ~$3K/yr)
  • Founder identity + face on About page
  • Per-field decryption transparency log (built into product)
Year 1 (post 100+ paying customers)
  • Trail of Bits / Cure53 / Doyensec security audit ($15-25K)
  • Public bug bounty program (HackerOne or self-hosted)
  • Audit report published on /security
Year 2 (post first tax season MRR)
  • SOC 2 Type II observation window starts (Vanta)
  • Annual penetration test (Cobalt or NetSPI)
  • ISO 27001 evaluation

Threat model

What we protect against, and what we don't.

In scope (we defend against)

  • • SealedReturn database breach (attackers see ciphertext only)
  • • Backblaze B2 breach (same)
  • • Network MITM during upload (TLS 1.3 + already-encrypted payload)
  • • SealedReturn employee insider read (no key, no plaintext)
  • • Court-order compelled disclosure (we have ciphertext only)
  • • AI vision provider (Anthropic) data retention (request scoped to single transaction, no logging — see Anthropic Privacy)

Out of scope (you defend against)

  • • Compromise of your device (malware on your laptop)
  • • Weak password (we recommend a passphrase manager — 1Password, Bitwarden)
  • • Sharing your password with someone you shouldn't trust
  • • Forgetting your password (we cannot recover — by design)
  • • Exporting the PDF and emailing it unencrypted to your CPA

See encryption in action — try the demo.

The /demo page lets you encrypt a sample W-2 and watch the network DevTools. No signup, no payment.

Try the live demo → See pricing