N
NoticeInbox

Built for the data CPAs handle

You handle some of the most sensitive financial data there is. NoticeInbox is designed so that data is protected at every step — and so the AI never sees what it doesn't need to.

PII stripped before AI

SSNs, EINs, phone numbers, email addresses, dollar amounts, street addresses, ZIP codes and names are removed before a single character reaches the AI classifier.

Row-level data isolation

Every table enforces PostgreSQL Row-Level Security keyed to your organization. A query from one firm physically cannot return another firm's rows.

Human-in-the-loop

AI-extracted deadlines are always saved as drafts. A CPA must confirm before a deadline becomes active. The AI never acts on its own.

No raw PII at rest

We never store raw email bodies containing personal information in plain text. Only the notice classification and dates are retained.

See it for yourself

What the AI actually receives

The classifier only needs the notice type and dates. Everything that identifies your client is redacted first — here's the same notice before and after.

Original notice textContains name, SSN, EIN and amounts
Date of this notice: January 15, 2025
Taxpayer: Jonathan Marsh
SSN: 412-55-8901   EIN: 47-3829104
Amount due: $4,218.60
Notice: CP2000 — proposed changes to your 2023 return.
Respond within 30 days.
Sent to the AIEvery identifier replaced with a placeholder
Date of this notice: January 15, 2025
Taxpayer: [NAME]
SSN: [SSN]   EIN: [EIN]
Amount due: [AMOUNT]
Notice: CP2000 — proposed changes to your 2023 return.
Respond within 30 days.

Redaction is deterministic and runs on our server before any external API call. The AI receives the classification it needs and nothing that could identify a taxpayer.

Your firm's data is walled off at the database

Isolation isn't a setting we remember to apply — it's enforced by PostgreSQL itself. Every table carries an organization ID, and Row-Level Security policies ensure each query is automatically scoped to the firm that made it.

  • RLS enabled on every table that holds firm data
  • Notices, clients and deadlines scoped to your org ID
  • No application bug can leak data across firms
  • Tested: a user in one firm cannot read another firm's rows
A
Firm A
Sees only Firm A rows
B
Firm B
Isolated
C
Firm C
Isolated

Each firm queries the same database — and only ever sees its own rows.

We deliberately stay out of the risky parts

NoticeInbox is a tracking and reminder tool — not a compliance engine. That boundary is what keeps it safe and simple.

No e-filing

We never submit anything to the IRS on your behalf.

No compliance guarantees

You remain the professional of record on every deadline.

No PII to third parties

Identifying data is stripped before any external service.

Security you can hand to your clients

Start a free trial and forward a real notice — the redaction and isolation are working from the very first email.

Start free trialRead the privacy policy