ItsAllDone handles sensitive client financial data. The architecture is built around two commitments: numbers you can defend, and data that never leaves the boundary in the clear.
Every figure on the accounts and the CT600 is deterministic Python applying explicit UK tax rules, reproducible and auditable. No number is generated by a language model.
The engine and the AI work from a token, not your client's name. Every prompt to a model passes a PII-safety check before it is sent, so real client names and identifiers don't reach the AI.
The company name and identifying details live in the application, not in the files the engine works from. The engine computes from a short token, and the AI is the one place where a PII-safety check guards every request.
The engine surfaces each judgement it detects as a decision gate. The partner confirms or amends it, and the engine's recommendation, the partner's choice, the reason, who decided and when are all written to an append-only audit log.
That register is carried into the senior review pack, so a reviewer can scan every decision in one place and drill down where a number looks wrong.
Client financial data is handled with controls designed in from the start, not added later.
Encryption at rest and in transit. TLS enforced everywhere.
Multi-factor authentication required for every user account.
Per-role access with row-level isolation between firms. No wildcard permissions.
Uploads scanned on the way in; account-level threat detection.
Application and infrastructure audit trails retained and reviewable.
Regular vulnerability scanning and testing; managed services kept current.
ItsAllDone runs in a dedicated, isolated UK/EU cloud environment with its own keys and access controls.
We're happy to walk your IT or compliance lead through the architecture and data handling.