Skip to content
Tax & Accounting · IRC §7216

Use ChatGPT and Claude on Your Firm's Returns — Without Triggering §7216

PortEden replaces SSNs, EINs, ITINs, and tax-return detail with placeholders before your prompt reaches OpenAI or Anthropic. Use any AI on tax-season work; the model never sees the underlying return.

See pricing

Free for solo CPAs · No credit card · §7216-aligned consent log built in

Maps to
IRC §7216
FTC Safeguards
GDPR
SOC 2
CCPA
The Risk

What Goes Wrong Without PortEden

You Paste a K-1 Into ChatGPT to Explain a Pass-Through Adjustment

The K-1 holds the partner's name, EIN, ownership share, and basis detail — every field §7216 calls tax return information. Sending it to OpenAI without a Rev. Proc. 2013-14 consent on file is exactly the disclosure §7216 criminalizes.

Your Staff Uses Claude to Reconcile a Client's QuickBooks Export

The export carries vendor lists, payroll detail, and the owner's SSN on the W-9 row. Claude's context window now holds the cleanest copy of the books — kept under Anthropic's retention policy, not your firm's.

You Connect Outlook to an AI Assistant During Tax Season

Subject lines like "Smith — final K-1 with SSN" and attached returns leak more than you think. Most AI assistants log email metadata for as long as their retention allows; one breach turns into a §6713 civil penalty per disclosure.

How PortEden Protects Your Firm

Tax Return Information, Redacted Before It Reaches the Model.

PortEden inspects every field your AI is about to see. SSNs, EINs, K-1 detail, and free-text return content are replaced with placeholders at the boundary — never sent to OpenAI or Anthropic.

Your data
PortEdenRedact
Your AI
Claude
ChatGPT
Copilot
Gemini
Grok
Safe
Sensitive
Redacted
Compliance Reality

What §7216 Actually Requires When Your Firm Uses ChatGPT or Claude

  • IRC §7216 makes it a misdemeanor to disclose tax return information without specific written consent. Pasting return content into a third-party AI without Rev. Proc. 2013-14-compliant consent can trigger criminal liability and civil penalties under §6713.
  • Rev. Proc. 2013-14 sets the consent format, retention rules, and disclosure language. "My engagement letter mentions AI" is not the same as a §7216-compliant consent.
  • The FTC Safeguards Rule (16 CFR §314) requires a written information security program (WISP), encryption, MFA, and a designated qualified individual. Sending unredacted client data to OpenAI without those controls in place is exactly the gap the FTC has been citing in enforcement.
  • AICPA professional standards expect due care over client confidentiality and a defensible record of how technology was used. AI vendors that log prompts for training or moderation make that record harder to produce, not easier.
IRC §7216 Information Center (IRS)
The Solution

Built For CPAs

Tax-Return-Aware Redaction in Gmail and Outlook

Replaces 50+ identifier types — SSNs, EINs, ITINs, account numbers, K-1 detail, and free-text return content — with placeholders in under 200 ms before the prompt leaves your perimeter. The AI receives only the redacted version; the underlying return never reaches OpenAI or Anthropic.

Rev. Proc. 2013-14-Aligned Consent and Disclosure Log

Configure per-client AI rules at engagement. Every prompt that touches return information is logged, timestamped, and tied to the client's signed §7216 consent — exportable as the kind of record the IRS or a state board expects when they ask how AI was used.

FTC Safeguards Rule Controls Out of the Box

Encryption in transit and at rest, MFA, role-based access, retention controls, and a designated administrator. PortEden ships the technical controls 16 CFR §314 expects, with audit evidence ready for your WISP.

Works With Claude, ChatGPT, and Copilot — No Tax Software Replacement

Keep using Lacerte, UltraTax, Drake, or ProSeries. PortEden sits in front of any AI tool — no plugin to install in your tax engine, no per-staff browser extension to roll out. Solo CPA to mid-firm in days, not months.

Works With What You Already Use
Gmail
Gmail
Inbox-side redaction for AI replies and tax-season triage
Outlook
Outlook
Microsoft 365 inbox-side redaction
Outlook Calendar
Outlook Calendar
Strip client names from review meeting titles
Teams
Teams
Microsoft 365 chat redaction for staff coordination
With and Without PortEden

The Same Workflow, Two Very Different Outcomes

Drafting a Client Email About a K-1 With ChatGPT
Without
Partner name, EIN, basis, and K-1 detail sent to OpenAI in plain text — a §7216 unauthorized disclosure with no Rev. Proc. 2013-14 consent on file.
With
Identifiers and return detail replaced with placeholders before the request leaves your network. The AI drafts the email; PortEden re-hydrates the names locally.
Reconciling a QuickBooks Export With Claude
Without
Vendor lists, payroll, and owner SSNs sent to Anthropic in the clear. Retained per Anthropic's policy, not your engagement letter.
With
Numeric detail reaches the model; SSNs, EINs, and account numbers are placeholders. The AI proposes the entries without seeing whose books.
Inbox Search With Copilot or Gemini During Tax Season
Without
Every matching email — return attachments, SSNs, K-1s — sent to the AI in plain text. Includes returns the search ultimately discards.
With
Email content reaches the model with SSNs, EINs, and return data replaced by placeholders. The AI ranks results without seeing the underlying return.
FTC Safeguards Rule Audit or IRS Inquiry
Without
No record of which client returns went to which AI. Reconstructing it from screenshots and vendor portals is the WISP gap the FTC keeps citing.
With
Per-client, per-engagement audit log of every prompt, exportable on demand for the IRS, the FTC, or your state board.
Multi-Preparer Rollout to Staff and Seasonal Hires
Without
Each preparer follows AI policy by hand; one paste-and-prompt is a firm-wide §7216 problem.
With
Firm-wide redaction defaults; per-client and per-engagement overrides flow from your tax software or practice management system.
Try It Before Tax Season

Five-Minute Setup. Free for Solo CPAs.

Connect Gmail or Outlook via OAuth. Pick the §7216 + FTC Safeguards profile. Keep using ChatGPT or Claude exactly the way you do today — with return information protected by default.

See pricing

Frequently Asked Questions

Does using ChatGPT or Claude with PortEden count as a §7216 disclosure of tax return information?
PortEden replaces tax return information with placeholders before the prompt leaves your perimeter. The third-party AI receives only the redacted version, so the underlying return information isn't disclosed in the clear. You still owe the usual §7216 obligations — engagement-letter consent for everything that does flow, due care, supervision — but the disclosure pathway §7216 criminalizes is closed at the boundary.
How does PortEden help with the FTC Safeguards Rule?
PortEden ships the technical controls 16 CFR §314 expects — encryption in transit and at rest, MFA, role-based access, retention controls, and a designated administrator console — with audit evidence ready to drop into your WISP. We also ship a sample WISP template tuned for a small CPA firm.
Will PortEden change my workflow during tax season?
No. You keep using Lacerte, UltraTax, Drake, ProSeries, or whatever tax engine your firm runs on, and your staff keep using ChatGPT, Claude, or Copilot. PortEden sits in front of the AI; redaction happens between the inbox/return content and the model, with no plugin or browser extension to install.
Can my staff and seasonal preparers use it without per-client reconfiguration?
Yes. Set firm-wide §7216 + Safeguards defaults once; per-client and per-engagement overrides flow from your tax software or practice management system. A long-time advisory client can ride a stricter profile while a seasonal 1040 follows the firm default — no preparer touches a config.
What about state-level rules — California, New York, Massachusetts?
PortEden's policies layer state-level overrides onto the federal §7216 + Safeguards defaults. California's CPA rules and the NY DFS Part 500 program both expect documented controls over third-party data flows; PortEden's audit log is the same evidence base for both.
What does it cost and how long does setup take?
There's a free tier for solo CPAs. Firm pricing scales by preparer — full pricing is on the pricing page. Setup is under 5 minutes for a solo CPA on Gmail + ChatGPT or Claude. Mid-size firms typically take a half-day for SSO and tax-software integration.

Keep Exploring

Ready to Use AI on Returns Without §7216 Liability?

Five-minute setup. Free for solo CPAs. §7216-aligned consent log and FTC Safeguards-ready audit trail from day one.

See pricing

Top-100 firm or multi-state practice? Talk to sales →