Checklists that chase themselves
PrepPilot is tax practice software that turns every return into a live, client-facing checklist and central hub. For solo and small‑firm tax preparers juggling dozens of returns, it ends document chase with deadline‑aware Auto‑Chase that texts and emails until docs and e‑signatures arrive, while a dashboard keeps filings and bottlenecks visible—no spreadsheets.
Subscribe to get amazing product ideas like this one delivered daily to your inbox!
Explore this AI-generated product idea in detail. Each aspect has been thoughtfully created to inspire your next venture.
Detailed profiles of the target users who would benefit most from this product.
- 34–42; Operations/IT manager at 5–25 person tax firm - BS Accounting/IS; evaluates, implements, and maintains firm software - Stack: Drake/Lacerte, Google Workspace, DocuSign, HubSpot, SharePoint - US mid-market city; purchasing influence and admin rights
Started as tax admin, then led a painful migration that sparked an automation streak. Now owns integrations and SOPs, measured on uptime and onboarding speed. Past rollout scars drive her insistence on clear APIs and sandbox testing.
1) Native integrations with e‑sign, CRM, and DMS 2) Robust API/webhooks for custom automations 3) SSO and granular, role-based permissions
1) Double entry between siloed systems 2) Fragile CSV imports breaking schemas 3) No audit trail for changes
- Obsessed with clean, auditable data flows - Automation-first; manual steps feel wasteful - Pragmatic, prefers incremental wins over moonshots - Security-conscious; enforces least-privilege access
1) LinkedIn Groups 2) Zapier Directory 3) Reddit r/taxpros 4) Intuit App Center 5) CPAacademy CPE
- 38–55; CPA/Partner specializing in passthroughs and consolidations - Manages 80–200 entities; 300+ partners/shareholders annually - Uses ProSystem fx/UltraTax; leads 3–8 preparers - Coastal metro; fixed-fee with tiered rush pricing
Cut teeth at Big Four on PE funds; moved boutique to productize entity workflows. Burned by missed K‑1s and off-calendar years, he codified deadlines and bulk comms.
1) Bulk K‑1 auto-chase by partner lists 2) Multi-entity templates with linked dependencies 3) Fiscal-year aware deadlines and reminders
1) Missing K‑1s derail final returns 2) Partner changes not syncing everywhere 3) Off-calendar entities slipping unnoticed
- Deadline-driven; thrives in structured chaos - Precision zealot; abhors allocation discrepancies - Delegates, yet guards partner relationships - Prefers visibility over micromanagement
1) AICPA Community 2) LinkedIn Messaging 3) Checkpoint Newsstand 4) Tax Twitter 5) CCH User Group
- 40–58; CPA/CITP or firm compliance lead - 10–40 staff across locations; hybrid schedule - Background in SOC audits; owns policy and monitoring - Approves vendors; runs security training and reviews
Investigated an early-career data leak and vowed to harden processes. Now owns vendor due diligence and compliance playbooks, insisting on auditable workflows and consent tracking.
1) Immutable audit logs for actions and messages 2) Consent tracking for SMS and email 3) Granular permissions and retention policies
1) Regulators requesting precise activity timelines 2) Staff oversharing via unsecured channels 3) Unclear e‑signature identity verification
- Risk-averse; documentation over convenience - Policy-first; teaches through checklists - Trusts vendors with transparent controls - Champions client privacy and consent
1) State Board Alerts 2) LinkedIn Groups 3) CPA Journal 4) CPE Ethics 5) Vendor Trust Centers
- 33–50; partner/manager overseeing onshore and offshore staff - 6–20 preparers across 2–3 time zones; seasonal surge - Slack, Zoom, Google Drive; tax suite varies - Nationwide client base; remote-first operations
Scaled from two people by onboarding vetted offshore teams. Early chaos from unclear ownership pushed him to standardize SOPs, SLAs, and shift handoffs.
1) Assignment automation by role and shift 2) Handoff summaries with next-step clarity 3) Client-facing messages separate from internal notes
1) Overnight work lost without clear owners 2) Duplicated effort across shifts 3) Clients uneasy about offshore involvement
- Asynchronous evangelist; hates waiting on handoffs - Measures throughput and client satisfaction relentlessly - Pragmatic; favors clear roles over heroics - Values respectful, transparent offshoring
1) LinkedIn Groups 2) Slack Communities 3) Zoom Webinars 4) Upwork Enterprise 5) Twitter DM
- 29–45; CPA/EA owner expanding advisory services - 150–400 clients; mix of 1040 and SMB - QBO/Xero, Ignition, Calendly; remote-friendly - Goal: advisory revenue to 40%+ of firm total
Started as a W‑2 preparer, realized clients wanted ongoing guidance. Built forecasting packages and monthly check‑ins, but deliverables slipped amid tax-season chaos.
1) Recurring schedules for monthly/quarterly workflows 2) Engagement letters with e‑sign and payments 3) Cross-client progress views at a glance
1) Advisory tasks slipping during peak season 2) Scattered deliverables across tools 3) Slow client signoffs stall work
- Relationship-centric; sells outcomes, not hours - Efficiency nut; automates rote follow-ups - Visual thinker; craves clear dashboards - Growth-minded; experiments and iterates
1) Facebook TaxPros 2) YouTube Tutorials 3) LinkedIn Posts 4) CPA.com Webinars 5) Ignition Community
- 27–38; first-time firm owner, solo plus VA - 60–150 clients; niche in creatives or contractors - Branding-forward; Notion, Stripe, Google Workspace - Bootstrapped budget; prefers predictable pricing
Left a national chain to launch a niche, remote practice. Early client confusion about documents and scope led her to productize onboarding and education.
1) White-label portal with custom checklists 2) Self-serve intake and FAQ automations 3) SMS/email cadences for polite persistence
1) Clients unsure what to send, when 2) Scope creep without clear guardrails 3) Too many tools causing context switching
- Brand-savvy; sweats client experience details - Learns fast; prefers templates to blank pages - Friction-averse; minimizes client questions - Community-oriented; shares playbooks openly
1) Reddit r/taxpros 2) Indie CPA Slack 3) Twitter TaxPros 4) Gumroad Templates 5) Starter Story
Key capabilities that make this product valuable to its target users.
Log in on desktop by scanning a secure QR code with your phone; approve with Face ID/Touch ID to enter instantly. Eliminates passwords and SMS codes, making first-time access effortless for less techy clients and cutting support friction for every login.
Generate short‑lived, cryptographically signed QR codes on the desktop login screen that rotate every 15–30 seconds and are bound to the specific browser session. The QR payload must contain a nonce, challenge ID, and origin metadata with no PII, and be verifiable by the server to prevent tampering and replay. Codes expire immediately upon scan or timeout, enforce single use, and throttle regeneration to mitigate abuse. The desktop client maintains a secure, stateful channel (e.g., WebSocket/SSE) to receive approval status updates without page refresh, and gracefully handles timeouts, refreshes, and multiple open tabs.
Upon scanning, open a secure mobile approval screen that uses the device’s platform authenticator (Face ID/Touch ID/Android Biometrics) via WebAuthn or native APIs to cryptographically sign the server challenge. Display clear consent details (requesting firm name, domain, requesting device/browser, approximate location, and timestamp) with Approve/Deny actions, a visible expiry timer, and accessible UI. Support fallback to device screen lock (PIN/pattern) when biometrics are unavailable, enforce a maximum number of attempts, and ensure the signed response includes challenge ID, device key ID, and attestation where supported.
After mobile approval, atomically exchange the signed challenge for a desktop session tied to the originating browser instance and IP via the pending challenge context. Set HttpOnly, Secure, SameSite cookies and rotate any pre‑existing session identifiers to prevent fixation. Ensure the session can only be redeemed once, is resistant to CSRF, and that denial/timeout states are reflected to the desktop in real time. Support seamless SSO into the client portal and redirect to the intended destination while preserving deep links.
On first successful QR approval, enroll the mobile device by creating or associating a WebAuthn credential/public key and device record (nickname, last seen, platform). Allow users to view, rename, and revoke trusted devices from the client portal. For scans from unknown devices, require an additional verification step (e.g., email confirmation) before allowing approval. Support multiple devices per user, and enforce periodic re‑verification for high‑risk signals or policy changes without introducing passwords or SMS.
Implement layered defenses including rate limiting for QR generation and scan attempts, geo‑velocity and IP reputation checks, and automatic invalidation of challenges on suspicious activity. Log all events (QR created, scanned, approved/denied, device enrollment, revocations) with timestamps, device/browser metadata, and requesting origin. Provide firm‑level audit views and exports to support SOC 2 and IRS due‑diligence expectations, and surface alerts for repeated denials or anomalous patterns.
Ensure QR Tap‑In works without app installation across modern desktop browsers (Chrome, Edge, Safari, Firefox) and mobile browsers (iOS Safari/Chrome, Android Chrome/Firefox). Use standards‑based APIs and deep‑link fallbacks for camera scanners that open URLs. Deliver responsive, WCAG 2.1 AA‑compliant UI with proper contrast, keyboard navigation, screen‑reader labels, and localization for core languages. Provide clear error states for unsupported devices and guidance to alternative login options consistent with a passwordless experience.
Offer firm‑admin settings to enable/disable QR Tap‑In, configure challenge expiry and rate limits, require known devices only, and mandate re‑verification on sensitive actions. Provide secure recovery workflows that avoid passwords and SMS, such as admin‑initiated, time‑boxed magic links with identity checks, and client‑initiated device reset via verified email with audit approval. Include dashboards for adoption and success metrics (approval success rate, median time‑to‑login, failure reasons) to monitor impact and support.
Enroll a new phone or computer by approving from an already‑trusted device—no security questions or lengthy reset emails. Clients switch devices seamlessly; firms see fewer “I got a new phone” ticket spikes.
Enable enrollment of a new phone or computer by sending a secure approval request to any already-trusted device on the account. The new device initiates a handoff request; trusted devices receive a push notification and an in-app prompt gated by local biometrics/PIN. Upon approval, the server issues a short-lived enrollment token and binds the new device to the account without passwords, security questions, or email resets. Works across PrepPilot Web, iOS, Android, and desktop with consistent UX, handles offline/latent scenarios with retry and expiry, and logs the event for compliance. Benefits: near-zero friction device setup, fewer support tickets, and reduced account takeover risk.
Provision a per-device asymmetric keypair during enrollment and store only the public key and device metadata server-side. Use mutual, signed approval messages between devices to confirm handoff, and pin the new device’s public key to the account. Enforce hardware-backed secure storage where available (Secure Enclave/StrongBox) with periodic key attestation and rotation. Support revocation and re-keying, and sign all handoff links/deep links to prevent tampering. Integrates with existing auth and MFA to gate approvals. Outcome: cryptographically anchored trust in each device and resistance to phishing, SIM-swap, and email compromise.
Provide alternative approval paths when push delivery is delayed or notifications are disabled. The new device displays a time-boxed QR code and short alphanumeric code; the user scans the QR from a trusted device or enters the code in the trusted device’s PrepPilot app to approve enrollment. All codes are single-use, signed, and rate-limited with automatic expiration and replay detection. UX guidance steers users to the safest available path while maintaining continuity across platforms. Outcome: higher completion rates and fewer abandoned handoffs.
Offer a secure recovery path when no trusted device is available. Support previously issued single-use backup codes, passkeys, or verified identity checks (e.g., government ID + liveness) through an approved vendor, with firm-staff-assisted recovery as a controlled override. Impose cooling-off periods, out-of-band alerts, and granular scope (recover sign-in versus full device list) to limit blast radius. Ensure auditability, rate limiting, and regional compliance (e.g., KYC/PII handling) while providing clear UX to reduce support burden. Outcome: users regain access without security questions or email reset loops, and firms see fewer “new phone” tickets.
Evaluate device handoff requests with adaptive risk signals: IP reputation, device fingerprint changes, geo-velocity, time-of-day anomalies, and request velocity. Apply dynamic friction (e.g., require passkey or backup code) when risk is high, and silently harden when low. Implement server-side rate limits, replay protection, signed deep links, and phishing-resistant copy that never asks for codes over phone/email. Integrate with SIEM for alerting and with fraud heuristics shared across PrepPilot authentication. Outcome: lower fraud and safer handoffs without unnecessary user friction.
Provide firm-level oversight of device handoffs: a dashboard listing devices per user with enrollment time, method (push/QR/recovery), location signals, and approver device. Allow admins to revoke devices, freeze enrollments for a user or the whole firm, set policy (e.g., require push-only, enforce hardware-backed keys), and export audit logs. Send real-time notifications to admins for high-risk events, and surface metrics (approval latency, success rate, ticket deflection). Integrates with role-based access control and existing PrepPilot notifications. Outcome: operational visibility, policy enforcement, and compliance-ready evidence.
Require a fresh biometric/passkey check right before e‑signing Form 8879 or bank details. Keeps signing effortless for clients while giving firms stronger, auditable signer verification without extra portals.
Trigger a fresh WebAuthn-based biometric or passkey challenge immediately before high-risk actions (e.g., e‑signing Form 8879 or editing bank deposit details). The system generates a per-transaction challenge, prompts the signer via a modal overlay, and validates user verification (UV) using platform authenticators (Face ID, Touch ID, Windows Hello) or FIDO2 security keys. Only successful, recent assertions (e.g., within 5 minutes) unlock the action. The flow is embedded in the existing signing experience to keep it lightweight and avoids separate portals. Challenges are signed client-side and verified server-side; no biometric data is stored by PrepPilot—only public keys and attestation metadata as applicable. Includes rate limiting, error handling, and timeouts to prevent abuse, and standardizes a service endpoint usable by both the e‑signature module and banking screens.
Provide clients with an enrollment and management flow for WebAuthn authenticators to enable step-up checks. Support adding platform passkeys during onboarding, account settings, or when prompted pre‑sign, with clear guidance for iOS, Android, macOS, and Windows. Allow multiple authenticators per account, device nicknaming, and revocation of lost devices. Enable cross‑device enrollment via QR/hand‑off where supported to keep setup simple. Store only public keys and metadata; never store biometrics. Surface readiness status to Auto‑Chase and the signing flow so reminders can nudge unenrolled clients before signature deadlines.
Bind the validated step‑up assertion to the e‑signature event to strengthen non‑repudiation. On successful pre‑sign verification, attach verification metadata to the signature envelope: challenge ID/hash, assertion timestamp, user verification result (UV), authenticator type (platform or cross‑platform), AAGUID where available, client device and browser fingerprints, IP/geolocation snapshot, and verification outcome. Display a signer‑verified badge in the UI and ensure the evidence is embedded in the Form 8879 signing record and any associated filing packet. The bound data must be immutable and retrievable for audits and disputes.
Create an append‑only, tamper‑evident audit log for all step‑up events and related signatures. Capture end‑to‑end event data (who, what, when, where, how), correlate it to the client, return, and filing, and render a human‑readable timeline. Provide export options (PDF and JSON evidence pack) that include the signature envelope, verification metadata, and cryptographic checksums. Ensure retention policies and access controls meet firm and regulatory requirements and make the audit pack attachable to the case file and downloadable on demand.
Offer firm‑level controls to define when step‑up is required and what factors are allowed. Defaults: always require for Form 8879 signatures and bank account changes. Optional rules: require for refunds over a threshold, address changes, or when risk signals (new device, new IP, cross‑border access) are present. Configurable re‑auth time window (e.g., 5–10 minutes), allowed fallback factors, and enforcement modes (strict vs. permissive). Log all policy changes with who/when, and provide policy previews and sandbox testing to validate behavior before rollout.
Ensure step‑up works across modern browsers and devices (Chrome, Safari, Edge, Firefox on iOS, Android, macOS, Windows) with capability detection and graceful degradation. When WebAuthn UV is unavailable, offer secure fallback options that meet strong assurance (e.g., TOTP from an authenticator app or a registered hardware key), with clear UX and guardrails to avoid SMS where possible. Provide preflight checks and guidance in Auto‑Chase communications to help clients enroll passkeys ahead of signing. Include accessibility considerations, localized copy, and offline/poor‑network handling for a smooth, low‑friction experience.
Support separate passkeys for each spouse/partner in a household account. Each person logs in with their own biometrics, receives their own magic links, and can complete their part of the checklist or signature independently—no shared credentials, no confusion.
Implement WebAuthn/FIDO2 passkey enrollment for each household member (Primary and Partner) with support for multiple passkeys per person, cross‑device enrollment (QR/handshake), and biometric authentication on supported platforms. Store only public key credentials server‑side with proper credential IDs and counters, and provide a self‑service device management UI to add/remove passkeys. Enforce single user-to-credential binding, prevent shared credentials, and ensure graceful fallback to magic link sign-in until a passkey is registered.
Create distinct member profiles within a household account (e.g., Primary Taxpayer and Spouse/Partner), each with unique contact methods, authentication credentials, and permissions. Map each profile to tax return roles for task assignment, document access, and e‑signature routing. Ensure member-level visibility rules (e.g., who can upload/view which documents) and provide preparers with tools to invite, rename, or deactivate a member while preserving audit integrity.
Generate single‑use, time‑bound magic links per member that deep‑link directly to their checklist and actions. Bind links to the intended member identity, apply anti‑replay and throttling, and invalidate on redemption or expiration. Respect each member’s notification preferences and channels (email/SMS) and integrate with Auto‑Chase to send reminders that route each person to their own tasks. After passkey registration, offer recognition and prompt passkey use for returning sessions.
Enable task ownership at the member level so each person can independently complete their assigned checklist items (uploads, questionnaires, approvals). Integrate multi‑signer e‑signature workflows (e.g., Form 8879) that collect each member’s signature independently, enforce signing order or parallel signing, and gate e‑file readiness until all required signers have completed. Provide clear UI state showing what remains for each member and real‑time sync to the preparer dashboard.
Extend Auto‑Chase to operate at the member level with separate cadences, templates, and triggers based on each person’s outstanding items (documents, questionnaires, signatures). Support channel selection per member, quiet hours, opt‑out compliance, and escalation logic (e.g., switch channel or notify preparer after repeated non‑response). Track chase effectiveness and surface member‑specific blockers on the dashboard.
Record a detailed audit trail tied to each member identity, including authentication method (passkey vs. magic link), device metadata, timestamps, IPs, document actions, task completions, and e‑signature events. Provide immutable logs suitable for regulatory and e‑signature compliance, with export and filter capabilities by member, return, and date range. Surface key events to preparers (e.g., who signed, when) and support dispute resolution with verifiable evidence.
Offer secure recovery flows when a member loses device access: identity verification via signed magic link, secondary factor, or preparer‑assisted verification, followed by safe passkey re‑binding. Provide recovery codes and notifications for credential changes, enforce step‑up authentication for sensitive actions (PII changes, e‑file authorization), and allow preparers to temporarily suspend a member’s access if compromise is suspected without blocking the other member.
Hardened one‑tap magic links that are one‑time, short‑lived, and device‑bound with automatic detection of suspicious opens. Clients can get in fast when passkeys aren’t set up yet; PrepPilot nudges them to add a passkey after entry to reduce future friction.
Provide a backend service and APIs to create hardened, one-tap magic links for client checklist access. Links must embed a signed, scoped, and expiring token (user, checklist route, nonce, TTL) and be compatible with both email and SMS delivery. Integrate with Auto-Chase to automatically insert links into deadline-aware reminders with localized, branded templates and rate limiting. Ensure links are formatted for one-tap on mobile, support deep links, and include sender authentication (SPF/DKIM/DMARC) and safe-previews to reduce email client prefetch issues. The outcome is fast, secure access for clients without prior passkey setup while preserving PrepPilot’s chase workflow and analytics attribution.
Enforce single-use consumption of magic links and bind the first successful redemption to the accessing device. On first open, mint a short-lived session tied to a signed device token (cookie + key material) and store a hashed device identifier. Subsequent opens with a used token are rejected; opens from a different device trigger step-up (secondary verification or re-issue via Auto-Chase). Implement strict TTL, clock skew tolerance, and token revocation on use. Ensure routing lands the user on the intended client-facing checklist with a smooth handoff to a normal authenticated session.
Detect and respond to risky link activity using heuristics and signals: known email/SMS scanner user agents, link prefetch patterns, ASN/geo anomalies, rapid multi-open attempts, and device mismatches. Score each open, suppress auto-login for high-risk events, and automatically invalidate tokens while triggering a safe re-issue through Auto-Chase. Provide client-friendly interstitials explaining that a fresh link has been sent. Log all events with reasons for auditability and feed risk metrics to the dashboard.
After successful magic-link entry, present a contextual, non-blocking prompt to create a passkey (WebAuthn) with clear benefits and single-click setup. Support fallback setup paths for unsupported devices/browsers and deferment with reminder scheduling. Track conversion and drop-off metrics, and suppress nudges for users with existing passkeys. Ensure the flow works on mobile and desktop and does not disrupt the immediate checklist task.
Provide firm admins with controls to configure link TTL, device-binding strictness, retry limits, and channel defaults. Offer a real-time audit trail of link lifecycle events (issued, delivered, opened, redeemed, invalidated, re-issued) with timestamps, IP/ASN, and risk reasons. Enable manual revocation of outstanding links, bulk revocation by client or campaign, and export/webhooks for SIEM. Enforce role-based access and redact client PII where appropriate.
Ensure magic links open the correct destination on any device with minimal friction. Support app deep links (when a PrepPilot app is installed) and responsive web fallbacks otherwise. Provide graceful handling for expired or used links with a self-serve “Send me a new link” flow that rate-limits and verifies contact ownership. Localize content, meet accessibility standards, and preserve the checklist context and task progress across redirects.
An admin view to track passkey adoption, resend secure invites, revoke lost devices, and set firmwide rules (e.g., require passkeys for e‑sign). Cuts password‑reset volume, increases security, and gives Compliance a simple audit readout.
An admin dashboard within PrepPilot that visualizes firmwide passkey adoption and readiness in real time, including percentage of users enrolled, pending invites, credential counts per user, last-used timestamps, platform breakdown (iOS/Android/Windows/macOS), and team/office filters. Supports drill-downs to user profiles, bulk selection for follow-up actions, and configurable KPIs and thresholds that highlight bottlenecks before filing deadlines. Ingests authentication and registration events from the identity layer, stores minimally necessary metadata, and refreshes metrics continuously without exposing sensitive passkey material. Provides visibility that replaces spreadsheet tracking and directly links to actions like resending invites or enforcing policy.
A managed workflow to create, send, and resend passkey enrollment invites via email and SMS with expiring, single-use links bound to the intended account, including template customization, localization, rate limiting, and deduplication. Tracks invite status (sent, delivered, opened, attempted, completed, expired), supports bulk resends from filters (e.g., “not enrolled”), and allows revocation of stale or misdirected links. Integrates with PrepPilot’s user directory and client records, surfaces event outcomes in the dashboard, and logs all actions for compliance. Deep-links to native passkey prompts on supported platforms and gracefully handles cross-device enrollment.
Admin controls to view and manage registered WebAuthn credentials per account, including device nickname, last seen, platform hint, and creation date. Supports immediate revocation of a specific credential, forced re-enrollment, session invalidation, and optional user notification. Provides lost device flows that mark credentials as compromised, enforces step-up on next sign-in, and aligns with firm-configured recovery rules (e.g., secondary passkey, verified email/SMS OTP, or admin-assisted recovery) without weakening overall security. All actions are atomic, audited, and propagated to the auth layer so revoked credentials can no longer authenticate.
A policy framework that lets admins configure and enforce passkey-related rules at firm, office, team, and role levels, including requirements such as passkey required for login, minimum two registered credentials, passkey required for e-sign, grace periods, exception lists, and recovery constraints. Policies are versioned, evaluated during authentication and transaction flows, and produce actionable messages to users with inline enrollment prompts when allowed. Includes preview/simulation mode, conflict resolution, and safe rollout (e.g., staged enforcement by cohort) to minimize disruption while raising security posture.
Step-up authentication integrated into PrepPilot’s e-signature flows that validates user presence and binds the signature session to a recent passkey assertion when policy requires it. Supports cross-device signing, handles browser and native app contexts, and records attestation details needed for legal defensibility (timestamp, credential ID hash, RP ID, challenge, and outcome). Provides fallbacks permitted by policy (e.g., second passkey or approved recovery) and user guidance to complete signing without breaking filing timelines. All results appear in the audit log and on the associated return’s checklist.
An immutable, searchable audit log capturing passkey-related events—invites, registrations, authentications, revocations, policy changes, and e-sign verifications—with actor, timestamp, IP, device hints, and outcome. Provides filters, retention settings aligned to firm policy, and export options (CSV, JSON, PDF summary) with tamper-evident hashing and optional S3 delivery. Includes one-click Compliance Readout summarizing adoption rates, enforcement coverage, exceptions, and recent changes for audits. Exposes a read-only API for auditors with scoped access.
Role-based access controls that restrict the Passkey Console to authorized personnel and scope what they can view or change. Defines roles such as Owner, Security Admin, Auditor, and Support with granular permissions (e.g., view-only vs revoke, policy edit, export). Supports office/team scoping, SSO for admins, MFA requirements, just-in-time elevation with approval, and session timeouts. All privileged actions are logged and surfaced in the Compliance Readout to meet separation-of-duties requirements.
Collect and vault a client’s payment method (card or ACH) at engagement with optional deposit or pre‑authorization. Set clear “charge on 8879 sign” terms so clients know when they’ll be billed. Eliminates A/R risk up front, speeds onboarding, and prevents end‑of‑season collections work.
Securely collect and vault a client’s card or ACH payment method at engagement using processor-side tokenization, keeping PrepPilot out of PCI scope while enabling one-click future charges. Store only masked details (brand, last4, expiry) and token references; encrypt all in transit and at rest. Support multiple payment methods per client with a default selector, expiry monitoring, and an update/remove flow. For ACH, support account validation (e.g., micro‑deposits or instant verification) and capture the account holder’s authorization. Link vaulted methods to the client and engagement record, expose them to permitted roles only, and write all actions (add, set default, remove, charge) to an immutable audit log. Provide admin controls for data retention, token deletion, and revocation. Integrate with PrepPilot’s engagement templates and dashboard so staff can see payment-on-file status at a glance.
Present clear, client-facing terms at engagement that state when charges will occur (e.g., “charge on 8879 sign”), whether a deposit or pre‑authorization applies, and any cancellation or refund policy. Require explicit client consent to these terms and to storing their payment method, capturing a legally defensible authorization record (date/time, IP/device, signer identity, versioned terms). Include ACH-specific authorization language and retention requirements, and support locale/time zone awareness. Embed the terms and consent within the engagement letter and client portal flow, surface a plain‑language summary before submission, and block payment method save until consent is given. Store a PDF/HTML artifact of the agreement in the engagement’s document set and display consent status in the PrepPilot dashboard.
Allow firms to require an upfront deposit charge or place a card pre‑authorization during engagement. Support fixed or percentage amounts with caps, configurable authorization windows and expiration handling, and automatic capture or release rules tied to engagement events. For ACH, support deposits (no pre‑auth), with settlement timing clearly communicated. Handle edge cases such as partial invoices, scope changes, or auth expiration before 8879 signing; provide configurable fallbacks (re‑auth, notify client, block work). Expose settings at the template and per‑engagement level, show live status (pending, captured, released) in the dashboard, and log all actions for auditability.
Automatically capture the client’s balance due when Form 8879 (and any required co‑signers) is fully signed. Listen to e‑signature events, validate that a chargeable payment method is on file, compute the amount due (factoring in deposits/pre‑auths), and execute the charge. Provide guardrails: idempotency keys to prevent double charges, a configurable grace period, and a manual override/review step when exceptions are detected (e.g., method expired, amount change). Send confirmations to the client and internal alerts to staff, update engagement and dashboard statuses in real time, and record all artifacts (events, receipts) on the engagement timeline.
Integrate with a payment processor to tokenize methods and run deposits, pre‑authorizations, captures, voids, and refunds. Implement secure webhook endpoints for asynchronous events (charge succeeded/failed, dispute opened/closed, refund processed, authorization expired) with signature verification and replay protection. Make all charge operations idempotent using deterministic keys per engagement/invoice and queue retries with exponential backoff on transient failures. Provide sandbox/production environments, observability (structured logs, metrics, traces), alerting, and robust error categorization. Manage secrets via the platform’s secure store and support future multi‑processor abstraction.
When a deposit, pre‑authorization, or 8879-triggered charge fails, automatically create a targeted follow-up via PrepPilot’s Auto‑Chase: send branded emails/SMS with a secure link to update the payment method or re‑authorize, schedule intelligent retries based on decline reason codes, and escalate as deadlines approach. Reflect payment risk on the dashboard (e.g., “Payment Blocked”) with SLA timers for staff. Suppress messaging after success and respect messaging frequency limits. Provide analytics on recovery rate, time‑to‑payment, and common failure reasons to inform template tuning.
Issue branded receipts by email/SMS on successful charges, including amount, method (masked), and engagement reference. Support voids and partial/full refunds with policy checks and clear client communications. Maintain an internal ledger that records deposits, pre‑auths, captures, releases, refunds, and fees, and map these to the engagement’s balance. Provide a reconciliation view and CSV export, show payment history in the client portal, and allow staff to resend receipts. Ensure accurate, time zone–aware timestamps and comprehensive audit trails for compliance and end‑of‑season reporting.
Automatically finalize the invoice and charge the stored method the moment all required 8879 signatures are complete. Supports multi‑signer households, ensures the right payer is charged, and posts confirmations instantly—no manual clicks, no missed payments.
Automatically detects completion of all required Form 8879 signatures for a return, including multi-signer households (e.g., taxpayer and spouse), and immediately initiates invoice finalization followed by charging the stored payment method. Subscribes to e-signature completion events and uses idempotent job processing to prevent duplicate charges across simultaneous events (e.g., federal and state packets). Enforces gating conditions: return marked Ready to E-file, invoice present and calculable, verified payment method on file, and firm-level AutoCharge enabled for the engagement. Ensures a single charge per engagement using a unique engagement key, queues and retries transient processing steps, and records precise timestamps for SLA visibility. Integrates with the PrepPilot dashboard to surface real-time status and with Auto‑Chase to cease payment reminders once the charge succeeds.
Determines the correct party to charge based on household composition and firm policy. Supports designated payer selection (primary taxpayer, spouse, or third-party), entity vs. individual returns, and default fallbacks (e.g., primary taxpayer if no designation). Validates that payer authorization and consent are on file, respects per-return overrides, and supports firm-configurable rules (e.g., always charge the card labeled “Household Billing”). If no valid method is available for the resolved payer, halts auto-charge and triggers a secure payment link via Auto‑Chase. Ensures the payer identity is bound to the charge and reflected in all receipts, ledger entries, and audit logs.
Securely stores client payment methods using gateway tokenization (PCI DSS compliant) and associates them with the household/engagement. Supports card and ACH where available, with L2/L3 data when applicable. Performs pre-charge validations such as account verification and optional small pre-authorization near signature completion to reduce declines. Provides clients with a secure portal to add/update methods and surfaces expirations or risk flags proactively to Auto‑Chase. Ensures no sensitive PAN data is stored on PrepPilot servers and that all vaulting, encryption, and key management are handled by the payment processor.
Finalizes the invoice at the moment of charge by calculating all line items (preparation fees, e-file fees, state add-ons, discounts, taxes/surcharges) and applying firm pricing rules. Generates a final, immutable invoice version, posts a ledger entry, and locks the invoice against further changes. If adjustments are required post-charge, enforces credit/void/refund flows with proper permissions. Ensures the finalized invoice is attached to the return, included in the client portal, and available for export to connected accounting systems.
Immediately posts charge results to the PrepPilot dashboard and client portal, including payment status, payer, amount, invoice link, and receipt. Sends confirmations to the payer via email/SMS and notifies firm staff in-app and via configurable channels. Updates return status to reflect Payment Collected and stops any payment-related Auto‑Chase sequences. Emits webhooks/events for external systems (e.g., accounting/CRM) with idempotency keys to avoid duplicate downstream entries.
Handles declines and errors with configurable retry schedules (e.g., exponential backoff) and clear error categorization (hard vs. soft declines). Notifies the client with a secure link to update the payment method and alerts the firm on repeated failures or hard stops. Places the return in a Payment Required state and optionally blocks e-file release until resolved, respecting firm override permissions. Logs each attempt with reason codes, coordinates with Auto‑Chase to manage reminders, and supports one-click manual capture once the method is updated.
Maintains a complete auditable record of the auto-charge lifecycle: signature completion events, payer resolution, authorization/consent linkage, invoice versioning, charge attempt details, notifications, and outcomes with timestamps and actors. Ensures compliance with PCI DSS, e-signature regulations, and data retention policies. Provides exportable logs and receipts for disputes and regulatory audits and supports role-based access controls for sensitive payment data. Implements tamper-evident logging and consistent correlation IDs across systems for traceability.
Tie e‑file release to successful payment and any internal review gates you define (e.g., partner approval, risk flags). If payment fails, the return is safely held, the client is notified, and guided fix‑flows kick in. Keeps control while preserving zero‑touch throughput.
Block e-file submission until the return’s invoice is fully paid and payment is confirmed via provider webhooks. Support multiple payment methods (card, ACH), partial payments rules (configurable thresholds), and reconciliation against outstanding balances. On pending/failed transactions, place the return in Held state and surface actionable reasons. Handle asynchronous confirmations, idempotent checks, and race conditions with retry/backoff. Record payment authorization codes and timestamps for audit and enable configurable behavior for edge cases (e.g., chargebacks before IRS acceptance). Integrate with the client-facing checklist to show payment status and provide secure pay links.
Provide an admin UI and rules engine to define internal release gates (e.g., partner approval, identity/risk flags, complex return checklist) that must pass before e-file submission. Support condition builders (AND/OR) using return metadata, risk scores, fees, client tier, and preparer role. Assign gate tasks to roles with SLA timers, reminders, and escalation. Re-evaluate gates automatically when underlying data changes. Allow firm-level templates and per-return overrides with permissions. Persist gate outcomes and reasons, and expose them to the dashboard and API.
Automatically transition returns to a Held state when payment or review gates fail, and resume release once all gates pass. Trigger client notifications via text/email with secure links to resolve issues (e.g., pay balance, update card, retry ACH, complete e-sign). Provide guided, mobile-friendly fix-flows with real-time status updates and error messaging. Coordinate with Auto‑Chase to schedule reminders and escalate after timeouts. Support internal notifications and task reassignment. Log all actions and outcomes and prevent accidental release while in Held state.
Implement a service that evaluates all gates, performs final preflight checks (signatures present, bank info validated, e-file readiness), and submits to IRS/state gateways exactly once. Use a queue-based, idempotent design with deduplication keys to prevent duplicate filings during retries or race conditions. Manage transient errors with retry/backoff and circuit breakers. Maintain a clear state machine (Ready, Held, Releasing, Submitted, Accepted/Rejected) with roll-forward/roll-back rules. Persist submission receipts and control numbers, and expose events for downstream systems.
Capture an immutable audit trail of every gate evaluation, approval/denial, override, notification, and submission action with actor, timestamp, and context. Provide an audit viewer with filters and export. Enforce role-based access controls for approving, overriding, or bypassing gates, with optional dual-approval and MFA for sensitive actions. Generate alerts for risky patterns (e.g., repeated overrides) and maintain retention policies aligned with compliance requirements.
Extend the dashboard to show all returns blocked by guardrails with reasons, next actions, owner, age, and SLA countdown. Enable filters by reason, preparer, office, and e-file type, plus bulk actions (re-evaluate gates, resend payment link). Surface throughput metrics, time-to-release, and conversion on client fix-flows. Provide drill-down to gate history and audit entries, and export for reporting.
Split fees across spouses, partners, or entities with fixed amounts or percentages, each with their own authorization. Aligns who signs with who pays, issues separate receipts, and removes internal juggling for multi‑entity and partnership engagements.
Enable firms to configure multiple payers per engagement (spouses, partners, entities) and define fee splits by fixed amounts, percentages, or mixed rules. Support line-item level allocation, caps/floors, rounding preferences, and exclusions (e.g., do not split filing fees). Provide validations so totals reconcile to the master invoice, real-time previews of each payer’s share, and reusable templates (e.g., 50/50 joint return). Allow recalculation upon scope change with versioning and a lock once any payer has authorized. Integrate seamlessly with PrepPilot’s engagement and invoice models to keep the master invoice as the single source of truth.
Establish a secure workflow for each payer to independently review and e-sign their portion, acknowledging engagement terms and payment liability. Issue unique, expiring links; verify identity (e.g., email+SMS code); and bind the authorization to the configured split. Block charging until the relevant payer has authorized; support revocation and re-authorization with full history. Align signer roles on the tax return with who pays, ensuring that e-file signers and financial responsibility are correctly mapped within PrepPilot.
Generate separate, private invoices and receipts per payer while maintaining a consolidated master invoice for the engagement. Each payer receives their balance, due date, itemized allocation, and secure payment link; only their information is visible to them. Support branded documents, entity-specific details (e.g., EIN, legal name), and jurisdictional tax/fee treatment. Upon payment, issue separate receipts and update the master invoice in real time. Provide a client portal view that shows status by payer for authorized firm users.
Accept ACH and card payments from multiple payers, applying funds to their allocated balances with support for partial payments, scheduled payments, and retries. Automatically reconcile over/underpayments, residual cents per rounding rules, and refunds by payer. Enforce release conditions (e.g., do not e-file until minimum paid or all authorizations complete). Provide real-time dashboard status of amounts due/paid per payer, and sync ledger entries to accounting and payment processors for reconciliation.
Extend PrepPilot’s deadline-aware Auto-Chase to target payer-specific actions: authorization pending, balance due, failed payment, or expiring link. Configure cadence, channels (email/SMS), escalation rules, and quiet hours per engagement. Messages include secure deep links to the specific payer’s action. Provide pause/resume and per-payer suppression with full communication logs, so teams can see who was reminded and when.
Capture an immutable audit trail of split configurations, authorizations, invoice changes, and payments with timestamps, actor, and source (IP/device). Offer exportable evidence packets for compliance and disputes. Provide reports and dashboard widgets for outstanding balances by payer, authorization conversion rates, collection time, and bottlenecks across multi-entity engagements. Allow filters by tax year, engagement type, and payer role.
Reduce chargebacks with itemized receipts linked to e‑sign evidence (time, IP, device), engagement consent, and 8879 hash. Enable 3‑D Secure where available and auto‑assemble representment packets, improving win rates and protecting revenue with minimal staff effort.
Automatically produces itemized, tax-return–specific receipts that list services, fees, taxes, and payments, and embed deep links to a secured evidence bundle (e-sign timestamps, IP, device fingerprint, engagement consent, 3‑D Secure outcome, AVS/CVV results, and Form 8879 SHA‑256 hash). Receipts are rendered as PDF and web views, localized by firm branding and timezone, and delivered via email/SMS through Auto‑Chase. Each receipt is tied to the client’s return, payment transaction ID, and filing status in PrepPilot, ensuring a single source of truth for chargeback defense and client transparency.
Captures and stores comprehensive authorization evidence for each engagement and filing, including client consent to terms, signed engagement letter, e‑sign events (time, IP, device, geolocation, user agent), and a cryptographic hash of the final Form 8879 and submitted documents. Evidence is written to append‑only, tamper‑evident storage with versioning and retention controls, and is directly linked to returns, payments, and receipts within PrepPilot. Exportable evidence bundles support processor reason codes and compliance needs without manual gathering.
Integrates with supported payment service providers to trigger 3‑D Secure 2.x on eligible transactions, with configurable policies (always on, threshold-based, or risk-based). Captures liability‑shift indicators, authentication results, and cryptograms, persisting them alongside receipts and audit evidence. Provides regional SCA handling (EEA/UK), fallback paths for unsupported cards, and merchant controls to balance conversion and protection. All 3‑D Secure data is included in representment packets and analytics.
On dispute notifications received via PSP webhooks, automatically assembles a reason‑code–aware packet containing the itemized receipt, engagement consent, signed documents with 8879 hash, 3‑D Secure and AVS/CVV results, service delivery proof (preparer work logs, e‑file acceptance acknowledgments), and Auto‑Chase communications transcripts. Provides editable cover letters mapped to card network requirements, SLA timers, role‑based review, and one‑click submit to processors or export as a packaged PDF/ZIP. Tracks outcomes, deadlines, and evidence completeness in the PrepPilot dashboard.
Creates dispute cases in PrepPilot with real‑time alerts (dashboard, email, Slack) on first chargeback, retrieval requests, and pre‑arbitration events. Auto‑assigns owners, sets card‑network‑specific response deadlines, and provides checklists of required evidence. Integrates with the client record and return to display related receipts, documents, and communications. Supports internal notes, status transitions, and escalations, ensuring no deadline is missed and all actions are auditable.
Provides dashboards and exports for dispute rate, win rate by reason code, revenue at risk/saved, average response time, evidence completeness, and the impact of 3‑D Secure on outcomes. Segments by payment method, service type, preparer, and tax season. Surfaces trends and root causes (e.g., specific services or client cohorts driving disputes) and recommends policy or template adjustments to increase revenue retention.
Manages standardized, versioned engagement letters and refund/cancellation policies that are referenced in receipts and captured at the time of e‑sign. Supports templates per service type, multi‑language variants, and audit of which version a client accepted. Integrates with Auto‑Chase to deliver terms alongside requests and with the Evidence Vault to ensure the exact text and timestamps are included in representment evidence.
Recover failed payments automatically with network‑optimized retry schedules, card account updater, and backup method fallbacks. If action is needed, clients get one‑tap text/email prompts to refresh their payment method—no staff chasing required.
Automatically schedules and executes payment retries using issuer-informed best practices, including dynamic intervals, business-day awareness, and client local time windows. Interprets decline codes to select optimal retry timing and caps attempts to prevent spam and fee risk. Ensures idempotent retries with safe concurrency controls and suppression windows after hard declines. Integrates with PrepPilot billing to associate retries with specific returns and triggers events for dashboards and notifications. Expected outcome is higher recovery rates and reduced manual intervention.
Integrates with Visa, Mastercard, Amex, and Discover account updater services to refresh expired or reissued cards on file without client involvement. Supports nightly batch and just-in-time lookups, updating tokenized payment methods and syncing changes to client records. Provides audit logs, error handling, and fallbacks to client prompts when an account is closed or not covered by updater. Respects scheme rules and fees, and surfaces updater outcomes to the recovery dashboard. Expected outcome is fewer payment failures due to outdated card details and uninterrupted billing.
Delivers secure magic-link prompts via SMS and email that deep-link clients to a hosted, mobile-first page to update or add a payment method with minimal friction. Prefills known information, supports Apple Pay/Google Pay and 3DS/SCA when required, and enforces short link expirations with signed tokens. Captures explicit consent, localizes copy, and integrates with existing Auto‑Chase templates and throttling. Records updates back to the client’s PrepPilot profile and retriggers collection on the pending invoice. Expected outcome is rapid client self-service and reduced staff time.
Enables multiple payment methods per client and configurable fallback rules to attempt a secondary method when the primary fails after the retry window. Supports card-to-card and card-to-ACH fallback with NACHA-compliant authorization, duplicate charge prevention, and client notifications on successful fallback. Allows firm-level policies (e.g., max charge amount for ACH, method order) and per-invoice overrides. Logs each attempt with reason codes and outcomes for full traceability. Expected outcome is higher successful collections with minimal delay to filing workflows.
Normalizes processor decline codes into soft/hard categories and selects the next best action—retry, account updater, fallback, or client prompt—based on rules and learned outcomes. Applies suppression windows after hard declines, enforces max attempts per invoice, and schedules actions in the client’s time zone. Adapts timing using historical success data and issuer-specific heuristics to maximize approval odds. Stores per-attempt metadata to inform reporting and continuous improvement. Expected outcome is fewer wasted attempts and improved recovery rates with a better client experience.
Adds a Smart Retry panel to the PrepPilot dashboard showing failed payments, next scheduled action, attempt history, and recovery KPIs. Provides controls to adjust retry cadence, enable/disable account updater, set fallback order, and edit message templates per client or globally. Supports per-return context linking, CSV export, webhooks, and granular audit logs for compliance. Sends optional staff alerts on exceptions (e.g., card permanently closed, ACH revocation). Expected outcome is transparent oversight and rapid configuration without engineering involvement.
Implements PCI DSS SAQ‑A scope via hosted payment fields and tokenization, TLS 1.2+ transport, encryption at rest, and role-based access with audit trails. Captures and manages client consent for SMS/email under TCPA/CTIA and CAN‑SPAM, with opt-in/out and message throttling. Stores NACHA-compliant ACH authorizations and retains records per policy, with regional data retention and deletion controls. Adds rate limiting, anomaly detection, and incident alerting across payment recovery flows. Expected outcome is risk reduction and regulatory compliance while automating collections.
Auto‑generate invoices and receipts at charge, then sync to QuickBooks/Xero and your billing ledger. Map fees to client, matter, and tax year, and reconcile payouts automatically so finance sees a clean, real‑time A/R picture without double entry.
Automatically create an invoice and receipt in PrepPilot the moment a client payment succeeds, using provider-agnostic webhooks and idempotent processing to avoid duplicates. Generate HTML and PDF artifacts with firm-configurable numbering (prefix/suffix, per-tax-year sequences) and include line items, taxes/discounts, and tags for client, matter, and tax year. Associate documents to the client’s checklist hub and billing ledger, and expose statuses for success, partial, failed, or pending payments. Queue all work for reliability, with timezone-aware timestamps, retry/backoff, and backfill support for historical charges. Store artifacts in the client’s document repository and make them discoverable from the return dashboard.
Provide native OAuth 2.0 connectors to QuickBooks Online and Xero to push invoices, payments, and receipts from PrepPilot and maintain a clean A/R ledger without double entry. Map PrepPilot clients to accounting customers/contacts, line items to items/accounts, and matter/tax year to classes/locations/tracking categories. Ensure idempotent upserts using stable external IDs, support multi-currency and tax codes, and reflect payment status and fees accurately (gross, fees, net). Run syncs asynchronously with batched writes, rate-limit handling, and robust retry/backoff. Include a sandbox mode for connection testing, a field-mapping UI, and safeguards to prevent duplicate customers or invoices.
Introduce a configurable rules engine that maps fees and line items to client, matter, and tax year, as well as to GL accounts, items, and tracking categories used by connected accounting systems. Support default firm-level templates with per-client and per-matter overrides, precedence ordering, and versioned changes with auditability. Allow conditions based on service type (e.g., 1040, 1120S), engagement, and tax year, with live validation and a test harness to preview the resulting mappings on sample charges. Persist the resulting tags for downstream reporting, syncing, and A/R dashboards.
Automatically import processor payouts and settlement details, match them to underlying charges and invoices using transaction IDs and heuristics, and post the appropriate payment and fee entries to the billing ledger and connected accounting system. Support partial payments, multi-invoice payouts, refunds, chargebacks, and disputes with clear state transitions. Create reconciliation reports that explain net vs. gross amounts, processor fees, and timing differences, and update invoice/payment statuses accordingly. Provide exception handling workflows for unmatched items and write back final reconciliation signals to QuickBooks/Xero.
Deliver a live A/R dashboard that aggregates balances by client, matter, and tax year with standard aging buckets (0–30, 31–60, 61–90, 90+). Provide filters, search, and drill-down to invoice and payment detail, along with sync and reconciliation status indicators. Update in near real time via background events and push notifications, and offer CSV export for external analysis. Enforce role-based permissions to control who can view firm-wide vs. assigned-client A/R, and include performance safeguards for large ledgers.
Automatically attach generated invoices and receipts to e-sign envelopes and the client portal, with brandable templates and clear Paid/Unpaid indicators. Include a secure link or QR code for outstanding balances, and enable email/SMS delivery with resend and delivery status tracking. Honor firm retention settings and store access logs for compliance and support. Ensure PDF fidelity and localization of currency/date formats based on client preferences.
Provide an end-to-end audit log for all invoicing, syncing, and reconciliation events with correlation IDs, timestamps, payload summaries, and actor/system attribution. Surface a sync health panel with error queues, retry controls, and metrics (success rates, latency, backlogs). Send configurable alerts (in-app and email) on connector failures, mapping errors, or reconciliation exceptions, and allow one-click replays after fixes. Expose safe repair tools for de-duplication, remapping, and re-syncing while preserving history.
Auto-import and update your partner roster from prior-year returns, cap tables, or CRM to create name-bound profiles with ownership %, preferred channels, and roles (partner, manager, delegate). Keeps contacts current and auditable so every K‑1 recipient is tracked from day one—no spreadsheets, no misaddressed chases.
Securely connect PrepPilot to prior‑year return exports, cap table files, and CRM systems to auto‑import partner data into standardized, name‑bound profiles. Provide file and API connectors (CSV/XLSX upload, OAuth‑based CRM integrations, and cap‑table vendor templates), configurable field mapping, and normalization for names, emails, phone numbers, addresses, tax IDs, ownership percentages, roles, and entity associations. Support on‑demand and scheduled imports, preview with validation summaries, and multi‑entity mapping, ensuring clean, auditable ingestion without manual spreadsheet wrangling.
Unify records from multiple sources into a single canonical profile per person using deterministic and probabilistic matching (e.g., exact email/TIN, name + address/phone similarity). Provide merge rules, survivorship logic, and a review queue for potential matches, with the ability to unmerge and restore. Persist source cross‑references and soft‑deletes to prevent re‑creation, and ensure idempotent updates so repeated syncs never create duplicates. This guarantees that each K‑1 recipient is tracked once with correct contact routes.
Capture and maintain per‑entity, per‑tax‑year ownership percentages and participant roles (partner, manager, delegate) within each profile. Validate totals where applicable, apply rounding rules, and support effective‑dated changes. Link delegates and managers to the primary partner profile for communications and approvals. Lock historical allocations on filing and surface changes to downstream workflows (Auto‑Chase, checklists, and K‑1 distribution) to keep allocations and responsibilities accurate.
Store each contact’s preferred communication channels (email, SMS, e‑signature provider) with consent status, time‑zone, and quiet‑hour rules. Enforce Do‑Not‑Contact flags and regional compliance, define fallback channels, and expose preferences to Auto‑Chase so all reminders, requests, and e‑signature links route correctly. Provide a test‑send function and bounce/opt‑out handling to maintain deliverability and prevent misaddressed chases.
Maintain a complete, immutable audit trail for every profile and field synced or edited, including who/what/when, source job, and before/after values. Provide filterable, exportable change logs at the entity and person level, with diff views and reason codes for manual edits. Surface audit context inside Auto‑Chase and filing dashboards to support compliance reviews and rapid issue investigation.
Offer configurable sync cadences per source (manual, scheduled, and webhook‑driven) with job history, health indicators, and alerting. Validate incoming data, isolate and retry partial failures with exponential backoff, and produce human‑readable error reports with remediation guidance. Ensure idempotency and transactional updates so roster data remains consistent even across intermittent connectivity or API rate limits.
Continuously reconcile entity ownership rosters against expected K‑1 recipients to detect gaps early. Provide readiness checks that flag missing or invalid contact routes, absent e‑delivery consent, or incomplete addresses, and generate a resolution checklist per person. Prevent Auto‑Chase from initiating until prerequisites are met, and show a coverage meter on the dashboard so no recipient is missed or misaddressed.
Secure, name-bound upload links for each partner that accept K‑1 PDFs, capture “not received yet” with an expected date, or mark “no activity.” Optionally collect W‑9 updates and state residency confirmations. Converts vague emails into structured responses so you know exactly what’s missing and when to expect it.
Generate secure, partner-unique upload links bound to the partner’s name and the target return, using signed, expiring tokens. Links support magic-link access (no account creation), optional passcode, one-time or reusable modes, device and mobile-friendly UX, TLS-only transport, encrypted-at-rest storage, rate limiting, and bot protection. Ensure links are deliverable by email and SMS with deep links, and guarantee responses map to the correct client/return and tax year.
Present three clear actions on the intake page: Upload K-1 PDFs, Mark as Not Received Yet (with expected date), or Mark No Activity. Support multiple files, file-type validation, virus scanning, and comments. Automatically route uploaded files to the correct client/return and tax year, deduplicate via checksum, tag by partner, and persist a response history. Set expected-date triggers and mark No Activity as acknowledged to reduce noise.
Offer an optional W-9 update flow within the intake link. Prefill known data, validate TIN/SSN/EIN formats, collect electronic signature with consent text, and generate a finalized W-9 PDF for storage. Version changes, flag mismatches for review, and restrict visibility to appropriate staff. Allow skipping when not required and record rationale.
Provide an optional residency questionnaire to capture partner state residency and filing implications: primary state, move-in/out dates, multi-state work, and prior-year differences. Validate entries, support multi-select, and store structured responses that map to state workpapers. Include clear guidance text and allow Save for Later.
Tie intake responses into PrepPilot’s deadline-aware Auto-Chase. Schedule and send email/SMS reminders until required actions are complete. Adjust cadence based on partner-provided expected dates, pause automatically on upload, re-engage when dates lapse, and stop on confirmed No Activity if configured. Personalize messages with partner name and client context and include one-tap resume links. Honor contact preferences, quiet hours, and opt-outs.
Expose partner-level intake status on the PrepPilot dashboard: Uploaded, Expected by <date>, No Activity, and Overdue. Show timestamps, last reminder sent, and comments; provide filters by client, partner, status, and due date. Link to view documents and captured forms, and emit webhook/API events so external systems can react. Update task lists and filing readiness metrics automatically with role-based access controls and CSV export.
Record a tamper-evident audit trail for each intake link and response, including link creation metadata, delivery channel, token claims, access IP/device, timestamps, consent to e-sign, form field changes, file checksums, and malware scan results. Provide immutable, time-stamped logs with configurable retention and export. Include data deletion workflows aligned to retention policies and privacy requests.
Deadline‑aware cadences personalize nudges by partner and entity, automatically switch channels (email/SMS), and escalate to the managing partner after SLA thresholds. Includes one‑tap options to book a reminder call or trigger an extension workflow, all with an audit trail. Maintains polite persistence without staff time.
Configurable SLA thresholds at firm, partner, client, and entity levels define maximum inactivity durations before the next nudge and before escalation. Supports business hours, quiet hours, holidays, and timezone awareness. Integrates with the tax calendar to align cadences with statutory deadlines and extension dates. Provides default templates with overrides, role-based permissions, and a real-time preview of the resulting cadence timeline. Exposes normalized SLA events to the cadence engine and analytics for consistent behavior across returns.
An orchestration engine that sequences deadline-aware reminders across email and SMS, automatically switching channels when no response is detected. Personalizes content by partner, entity, and client preferences using templates and merge fields, with secure links to the client checklist. Enforces delivery windows, quiet hours, and opt-in/opt-out compliance, with rate limiting and exponential backoff to maintain polite persistence. Detects bounces and undeliverables with channel fallbacks. Automatically pauses or completes the cadence when required documents or e-signatures are received, or when an extension is triggered, with item-level and return-level state tracking.
Upon SLA breach, routes an escalation to the managing partner or designated escalatee with a consolidated summary of missing items, due dates, last contact attempts, client responsiveness, and filing risk. Supports tiered escalation, deduplication to prevent notification floods, and business-hours constraints. Provides one-click actions to send a partner-authored nudge, approve an extension trigger, or reassign tasks. Integrates with email and Slack/Teams for delivery and captures all actions and outcomes in the audit trail.
Embeds a call booking CTA in reminder messages and the checklist, offering 5/10/15-minute slots synced with staff calendars (Google/Microsoft/Calendly). Detects client timezone, respects staff availability and buffer rules, and writes the appointment to the return record. Automatically creates a follow-up task, sends confirmations and ICS invites, and records call outcomes and notes within the client thread to inform subsequent cadences.
Provides a guarded one-tap control to initiate the extension workflow when deadline risk is high. Pre-populates extension tasks, forms, fees, and signature requests; updates due dates and pipeline stage; pauses the standard chase cadence; and sends client-facing notifications with clear next steps. Requires role-based approval with reason capture and integrates with e-signature and payment collection, while maintaining a complete audit trail of the decision and subsequent actions.
Captures an immutable, timestamped log of all chase messages, escalations, approvals, call bookings, delivery statuses, client interactions, and configuration changes. Stores message content snapshots and metadata, supports search and filtering by client, return, item, and date, and allows export for compliance or dispute resolution. Enforces retention policies and surfaces relevant audit entries inline on the checklist and partner escalation views to provide transparency and accountability.
Real‑time meter shows the percent of partners ready, highlights blockers by name/state, and gates a one‑click “Ready to Allocate” action until completeness rules are met. Supports provisional estimates with captured approvals and auto‑reminders to swap in final K‑1s. Builds reviewer confidence while protecting quality and compliance.
Compute and display, in real time, the percentage of partners marked ready for allocation on a given engagement. Readiness is derived from configurable completeness rules (e.g., required documents received, data entry validated, review completed, signatures collected) mapped to each partner’s checklist. The meter updates automatically on data or status changes without page refresh, surfaces color-coded thresholds, and is embedded on the return workspace and global dashboard. Provide an API and event stream to publish readiness changes for integrations and notifications.
Present a ranked list of partners blocking allocation, showing partner name, blocker state (e.g., Missing K‑1, Pending E‑sign, Needs Reviewer Approval, Provisional Pending Final), due dates, and days-at-status. Enable drill-through to the partner’s checklist and provide quick actions (nudge, assign, comment). Expose blocker states to Auto‑Chase and the dashboard filters. Persist filters and sorting per user and return context.
Provide a one-click Ready to Allocate action that remains disabled until completeness rules are satisfied across all partners. Display unmet criteria and affected partners when the control is disabled. Support firm-configurable rule sets by return type, including hard gates and soft gates. Allow role-restricted overrides that require a reason and capture approval, with clear visual indicators when allocation proceeds under an exception.
Enable partners to be marked as Provisional with entered estimate values and scope notes when final K‑1s are not yet available. Require approval from designated roles before provisional data can satisfy gating rules. Track expiry or replacement deadlines, show provisional counts in the meter, and automatically create tasks to swap in final K‑1s. When final documents arrive, replace provisional values, re-run validations, and notify stakeholders of changes that impact allocation.
Integrate meter blockers with Auto‑Chase to initiate and manage targeted reminders via email and SMS for missing documents and signatures. Adjust cadence and tone based on proximity to filing deadlines and client communication preferences. Stop chasing automatically when the blocker clears, log all outreach to the engagement timeline, and escalate to internal assignees when external chases stall.
Capture immutable audit logs for all meter-related actions, including rule changes, approvals, overrides, gate openings, allocation timestamps, and document swaps from provisional to final. Provide role-based permissions for viewing the meter, approving provisional estimates, changing rules, and overriding gates. Offer exportable audit reports and in-app timelines to support reviews, client transparency, and regulatory inquiries.
On upload, automatically extracts key K‑1 data (partner name, TIN last4, ordinary income/loss, guaranteed payments, credits, state attachments), checks for missing pages/states, and compares against prior year expectations. Flags anomalies early so allocation work starts clean and review time drops.
Accept uploads via drag‑and‑drop, email intake, and client portal; detect and classify K‑1 documents by form type (1065, 1120‑S, 1041), tax year, and state attachments. Support PDFs and images (JPG/PNG), including multi‑page and multi‑document bundles, with automatic splitting, de‑skewing, and de‑duping via file fingerprinting. Link each detected K‑1 to the correct client/return in PrepPilot, persist source files, and prepare them for parsing with standardized metadata so downstream extraction, checks, and Auto‑Chase can run reliably.
Extract key K‑1 data using OCR plus layout analysis: partner/shareholder name, TIN last4, entity EIN, ordinary business income/loss, guaranteed payments, credits by code, ST/LT capital gains/losses, Section 199A, distributions, passive/at‑risk indicators, and state identifiers. Normalize formats (parentheses as negatives, commas, footnotes), handle rotated/skewed scans, and return a structured payload with per‑field confidence scores and source coordinates for highlight overlays. Support common federal/state variants across 1065/1120‑S/1041 and allow pattern packs to be updated without redeploying the app.
Validate completeness of uploaded K‑1s by confirming presence of required pages (federal K‑1, statements, and state K‑1s). Detect state mentions from checkboxes, line codes, or footnotes and reconcile against provided attachments. Generate a dynamic checklist of missing items and integrate with Auto‑Chase to send deadline‑aware requests to clients with secure upload links and redacted previews. Update the return status automatically when items arrive and re‑run checks to close the loop.
Match current‑year K‑1s to prior‑year partners using TIN last4 and fuzzy name normalization. Compare extracted amounts to prior‑year values and firm‑defined expectations with configurable absolute and percentage thresholds. Flag new or missing partners, TIN changes, and large deltas by category (e.g., ordinary income, guaranteed payments, credits). Present a summary of variances and expected vs. actual states to focus preparer attention early and reduce review cycles.
Apply a rule engine to surface anomalies such as unreadable TIN last4, negative guaranteed payments, state mismatch (state referenced but no attachment), credits without supporting statements, and internal sum inconsistencies. Rank severity and present a side‑by‑side review pane with image highlights tied to source coordinates. Allow users to accept, edit, or override values, add notes, assign follow‑ups, and mark issues resolved. Persist an audit trail of changes and decisions for compliance and later review.
Map structured K‑1 data to import formats for major tax suites (e.g., Lacerte, UltraTax, ProConnect, Drake) and to CSV for generic workflows. Validate required fields prior to export, show a pre‑export diff from last export, and support versioned exports with rollback. Provide API/webhook to push mapped data into the associated PrepPilot return and log export outcomes with per‑field mapping visibility for transparency.
Process individual K‑1s with an average turnaround under 30 seconds and 95th‑percentile under 90 seconds under peak loads. Implement a resilient job queue with retries, idempotency, and back‑pressure, plus batch handling up to 200 K‑1s per upload. Expose progress indicators in the return dashboard, alert on backlog thresholds, and capture metrics (latency, error rate, confidence distribution) to guide scaling and model tuning.
Allows partners to securely delegate their intake link to a bookkeeper or family office without exposing the full portal. Tracks who uploaded what and keeps the partner informed with status updates. Prevents stalls when partners rely on support staff, while preserving accountability.
Generate a secure, per-return delegation link that grants a delegate restricted access to the client’s live intake checklist and document upload area only, without exposing the full portal (billing, prior years, e-file status, or messages). Partners can label delegates, set an expiration, choose single-use or multi-use, and revoke at any time. The link enforces least-privilege by masking sensitive fields, limiting file actions to upload/replace, and blocking downloads of prior submissions. It supports multiple concurrent delegates, mobile-friendly flow, virus scanning, and file type/size enforcement, and renders a simplified checklist view tailored to delegate tasks.
Require lightweight identity verification for delegates on first access via one-time passcode (email or SMS) tied to the partner-provided contact, capture delegate name and organization, and present an attestation that they are authorized to act on the client’s behalf. Persist the verified identity and trust period (TTL), trigger re-verification on sensitive actions or TTL expiry, and record verification method details in the audit log. Support configurable enforcement (email-only, SMS-only, or both) and block access after repeated failed attempts.
Provide a configurable permission matrix for the Delegate role with firm-wide defaults and per-return overrides. Allowed actions include uploading files to specific checklist items, adding item-level comments, and marking items as provided; disallowed by default are viewing prior-year data, downloading existing documents, seeing fee information, and accessing messages. Optional toggles enable limited visibility of masked PII fields and a controlled “proxy signer” capability for non-government internal acknowledgements, requiring explicit partner approval. All permissions are enforced at API and UI layers.
Capture an immutable, exportable activity log attributing every delegate action (uploads, comments, checklist status changes, e-sign events if enabled) to the verified identity with timestamp, IP, user agent, checklist item ID, and file hash. Surface attribution in the UI (e.g., “Uploaded by Jane Lee, Delegate”) and on each file’s detail page. Provide filters by actor and action type, generate PDF/CSV audit reports per return, and include tamper-evidence via content hashing to support compliance inquiries.
Notify partners in real time when delegates complete key actions (file uploaded, item marked provided, comment added) with in-app alerts and email, with batching to avoid alert fatigue. Offer configurable daily/weekly digests summarizing progress, remaining items, and blockers, plus per-return notification preferences, quiet hours, and snooze. Include deep links back to the checklist and support Slack/webhook integrations for firms using external channels.
Deliver an admin console to create, label, resend, revoke, and expire delegate links across all returns, with visibility into last access time, verification status, and recent actions. Provide search, filtering (by partner, client, delegate, status), bulk revoke/extend, and CSV export. Expose corresponding API endpoints for bulk operations and include an audit log of admin actions taken within the console.
Integrate delegation with Auto‑Chase so that reminder sequences for outstanding checklist items target the assigned delegate by default, with partner CC and automatic fallback to the partner if the delegate is unresponsive. Support per-item routing (delegate vs. client), configurable cadence and quiet hours, unique upload links per reminder, bounce detection, and pause/resume controls. Reflect chase status in the dashboard to prevent stalls when support staff are involved.
A consolidated view for firms managing many entities, showing K‑1 readiness across related partnerships and S‑corps in one board. Enables bulk chasing across entities, deadline filters, and identification of cross‑entity stragglers by person. Gives managers portfolio‑level control to hit September deadlines.
Model and maintain relationships between entities (partnerships, S-corps) and individuals to power the rollup. Provide a canonical person record with merged contact methods, deduplication, and identifiers (e.g., TIN) to unify the same person across multiple entities. Support relationship types (partner, shareholder, beneficiary), ownership percentages, and the current-year K-1 recipient list. Include UI to link/unlink entities to people, import prior-year relationships, and validate against existing PrepPilot client records. Expose this graph as a service the Rollup Board and Auto‑Chase can query, ensuring changes propagate in real time.
Provide a consolidated, real-time board that aggregates K‑1 readiness across selected partnerships and S‑corps. Display key columns such as entity name and type, filing deadline and extension status, K‑1s ready/total, missing documents, e‑signature status, blockers, assignee, and last chase. Enable drill‑through to the entity’s return checklist. Include grouping, sorting, saved views, and portfolio totals. Ensure the board updates from PrepPilot checklists and Auto‑Chase events without manual refresh, supports pagination for large portfolios, and performs within acceptable latency thresholds.
Allow selection of recipients across multiple entities to initiate or adjust Auto‑Chase sequences in bulk. Deduplicate recipients to avoid multiple messages in the same window, respect per‑person contact preferences, and include a combined cross‑entity context in messages listing each outstanding item by entity. Support email and SMS, scheduling, throttling, opt‑out compliance, and escalation rules. Integrate with existing Auto‑Chase templates using new rollup variables and provide delivery and response analytics at portfolio level.
Create a person‑level view that aggregates all outstanding document requests and e‑sign tasks for an individual across every related entity. Present a unified checklist with per‑item entity tags, allow combined messaging, and enable marking items complete with updates propagating back to each entity’s checklist. Surface contact info, preferred channel, and recent chase history for the person. Use the canonical person ID to ensure accuracy and prevent duplicates.
Add deadline‑aware filters and visual risk indicators to the rollup board. Filter entities and people by statutory deadlines (e.g., September 15), internal targets, extension status, and days‑to‑deadline. Compute risk scores using signals such as missing docs, last chase age, response rate, and assignee load, and display as a heatmap to highlight at‑risk filings and stragglers. Allow saving and sharing filter presets and exporting filtered views for reporting.
Introduce portfolio constructs to group entities and control access to rollup views and bulk actions. Map roles (owner, manager, staff) to portfolios, restrict visibility and Auto‑Chase scope accordingly, and mask PII where required. Provide audit logs of access and actions, enforce least‑privilege defaults, and integrate with existing PrepPilot user management and SSO. Ensure permission checks are applied consistently across the Rollup Board, Person‑Centric view, and bulk operations.
Real‑time scan cleanup that auto‑rotates, de‑skews, enhances contrast, and scores legibility as clients upload. Prompts users to re‑capture blurry or cut‑off pages before submission, preventing rescans and back‑and‑forth. Result: cleaner OCR, faster classification, and fewer support touches.
Provides client-side image preprocessing for photos and scans captured during upload, including auto-rotation, perspective correction, de-skewing, denoising, and contrast/brightness normalization with target latency under 500 ms per page on current mobile devices, and a server-side fallback where client capabilities are insufficient. Integrates with PrepPilot’s uploader to handle JPEG, PNG, HEIC, and single/multi‑page PDF while preserving page order and crop boxes. Produces consistent output dimensions and color profiles optimized for OCR, keeps processing ephemeral on device when possible to reduce data exposure, and exposes enhancement outcomes and flags to downstream services via normalized metadata.
Computes an objective 0–100 legibility score per page using blur detection, edge completeness, skew, contrast, shadowing, and cutoff heuristics, with configurable pass thresholds by document type. Generates per-signal sub-scores and human-readable reasons to drive user prompts and gating decisions, records scores and decisions as upload metadata for auditing and triage, and exposes scores to the dashboard. Calibrated on common tax document patterns and tunable via configuration without requiring app updates.
Delivers real-time, context-aware guidance when a capture is likely to fail, using on-screen framing guides, stability hints, low-light detection, and explicit reasons such as page cut off or excessive blur. Provides localized copy, accessibility support for screen readers and haptics, and live feedback of the legibility score during capture. Enables immediate re-capture, preserves prior attempts for comparison, and avoids uploading rejected images until they meet thresholds or are explicitly overridden.
Prevents submission of pages that fall below configured legibility thresholds while supporting explicit user overrides with selectable reasons and optional notes, applying only to affected pages. Supports partial acceptance, resumable uploads, background retry on network interruptions, and consistent page numbering across retries. Persists gating decisions and override reasons in the client’s case timeline so preparers can review context and minimize unnecessary follow-ups.
Produces normalized, compressed PDFs per document set with edge-preserving quality settings, embeds orientation and processing metadata, and groups pages by detected document boundaries for downstream classification. Stores the enhanced version for OCR while retaining the original capture for traceability with controlled retention, and exposes both via secure URLs to PrepPilot’s classification and extraction pipeline for faster processing and fewer manual touches.
Provides firm-level settings to enable or disable Snap Preflight, set document-type thresholds, choose default gating behavior, and manage override permissions. Includes dashboards showing submission pass rates, average legibility by source device, top failure reasons, and time-to-success metrics with filters by client, preparer, and time range. Supports CSV export, role-based access, and an audit log for configuration changes.
Detects client device capabilities, browser features, and available compute to choose the optimal processing path—on-device WebAssembly, native hardware acceleration, or server-side fallback—and adapts quality and frame rate to CPU and network conditions. Provides offline capture with deferred preflight, ensures graceful degradation on older devices, and maintains a consistent experience across web and mobile.
Automatically splits mixed PDFs into individual forms, reorders stray pages, and de‑duplicates repeated uploads across sessions. Detects page counts by form (e.g., W‑2 Copy B/C, 1099 composite) and assembles a complete, review‑ready packet. Saves staff from manual sorting while ensuring nothing is missing.
Accept mixed PDFs and images via web upload, email-in alias, and mobile scan, then normalize (deskew, de-noise, rotate, convert to PDF/A), OCR at page level, and extract barcodes to enable downstream classification. Batch files into a client/year staging area with size/type validation, virus scanning, and retry-safe uploads. Persist page-level IDs and source metadata for provenance. Seamlessly associates the intake batch with the client’s checklist item in PrepPilot so FormSet Stitcher can begin processing without manual setup.
Use OCR/NLP and template signatures to classify each page into a specific tax form and year (e.g., W‑2 Copy B/C, 1099 composite, K‑1, brokerage statements), including variant detection (federal vs. state copies). Maintain an editable rules catalog of expected page counts and required copies per form type and tax year. Support confidence scoring, fallbacks for unreadable pages, and periodic model updates without downtime. Expose a rules API/UI so admins can adjust page-count expectations when issuers change formats.
Automatically split mixed uploads into discrete form PDFs, reorder stray or rotated pages, and stitch multi-source pages into complete, per-form documents based on classification outputs, barcodes, and layout heuristics. Preserve original page sequence mapping and provide a canonical review order (e.g., government IDs, W‑2s, 1099s, K‑1s, other). Generate a single review-ready packet plus per-form files, with consistent file naming conventions and page bookmarks for quick navigation.
Detect and suppress duplicate pages and documents across uploads and sessions using content hashing (per-page and per-document), fuzzy similarity for near-duplicates, and key-field comparison (e.g., EIN, amounts) to avoid double counting. Automatically keep the latest or highest-quality copy while retaining prior versions in a collapsible history. Respect corrected/voided indicators and issuer revisions to prevent false positives. Surface a concise summary of de-dup actions in the review UI.
Validate that each assembled form meets expected page counts and required copies; flag missing pages, unreadable scans, and signature requirements. Generate structured “missing items” with form-specific details and due dates, then sync them to the client’s checklist and trigger PrepPilot Auto‑Chase (deadline‑aware emails/texts) until items arrive. Update status in real time on the client dashboard and mark items as satisfied when the needed pages are uploaded and stitched.
Provide a review workspace showing the assembled packet, per-form confidence scores, and flags for low-confidence allocations. Enable drag-and-drop page reassignment, manual split/merge, rotate, and relabeling with keyboard shortcuts and undo/redo. Display page thumbnails, side-by-side zoom, and provenance (source file, upload time, uploader). Approved changes immediately revalidate completeness rules and update the packet without full reprocessing.
Record an immutable audit log of page-level operations, classification decisions, de-dup actions, and user edits with timestamps and user IDs. Support version snapshots of the packet and per-form artifacts with rollback. Export finalized packets and per-form files to integrated DMS/tax software using consistent naming and bookmarks, and include an export manifest summarizing contents and decisions for compliance and QA.
Routes low‑confidence classifications to a focused review lane with explain‑why hints and top alternatives (e.g., 1099‑DIV vs 1099‑INT). One‑tap reclassify, merge, or split actions improve the model over time, shrinking the queue each week. Keeps automation safe while accelerating human-in‑the‑loop decisions.
Implements calibrated probability thresholds for all document and entity classifiers so that items below confidence limits are automatically routed to the Confidence Queue while high-confidence items proceed hands-free. Supports per-class and per-firm threshold overrides, idempotent routing on ingestion, and deduplication to prevent duplicate queue entries. Captures and persists model version, raw scores, confidence intervals, and a minimal feature snapshot for traceability. Integrates with PrepPilot’s checklist and Auto‑Chase so downstream tasks are paused or advanced based on routing outcomes.
For each queued item, presents the model’s top alternative classifications with scores alongside concise natural‑language rationale and highlighted evidence (tokens/regions) from the source document. Provides a side-by-side comparison view, confidence deltas, and quick filters (e.g., forms vs. statements) to accelerate review. Caches explanation artifacts for fast rendering and fallbacks gracefully if explanations are unavailable. Integrates securely with the document viewer to overlay highlights without altering the original file.
Enables immediate resolution of queued items through single-click actions: reclassify to a selected alternative, merge with an existing document thread or client return, or split multi-page uploads into correct document types. Executes atomic updates to the canonical document store, updates related checklist items and Auto‑Chase states, and records the correction as training feedback. Validates constraints (e.g., cannot merge across clients) and supports undo within a short grace period for safety.
Captures reviewer corrections with full context as labeled training data and feeds them into a scheduled retraining pipeline with automated evaluation, calibration checks, and drift detection. Supports weekly canary deployments, rollback on regression, and threshold auto‑tuning by class to target desired precision/recall. Maintains a model registry with versions, metrics, and release notes, ensuring the queue shrinks over time as accuracy improves.
Ranks queued items by filing deadlines, impact on return completion, and client priority, surfacing blockers (e.g., missing W‑2, unsigned 8879) at the top. Displays time-to-deadline badges, allows quick assignment, and supports bulk actions for high‑impact clusters. Integrates with the PrepPilot dashboard so preparers see the most urgent review tasks alongside overall firm workload.
Provides end‑to‑end audit logs of model scores, explanations shown, human decisions, timestamps, and actor identity, with exportable reports for compliance. Enforces role‑based access and optional secondary approval for sensitive changes. Applies guardrails such as minimum confidence for auto‑apply and rate‑limiters to prevent bulk misclassification, ensuring safe automation across the firm.
Delivers a performant review interface with a compact queue list and detail pane, inline PDF/image viewer, keyboard shortcuts, batch next/prev, and sub‑second interactions for common actions. Includes search, filters (client, document type, confidence band), and assignment controls. Optimized rendering and caching ensure smooth navigation across large queues without leaving the PrepPilot dashboard context.
Side‑by‑side comparison highlights year‑over‑year variances on W‑2s/1099s, calling out issuer changes, box‑level swings, and missing payors. Offers suggested reasons (job change, vesting, closed account) and one‑tap, client‑safe questions to confirm. Reduces reviewer analysis time and captures audit‑ready notes automatically.
Ingest current- and prior-year W-2/1099 data from document parsers and imports, normalize issuer names and EINs using fuzzy matching and reference mappings, align box codes across years, and compute issuer- and box-level variances. Detect new, missing, and corrected forms (e.g., W-2c, corrected 1099) and handle multiple forms per issuer, multi-state withholdings, and multi-employer scenarios. Apply configurable materiality thresholds and ignore rules at firm and client levels. Ensure idempotent recompute on data updates and expose a structured variance dataset consumable by the UI, suggestion engine, checklist, and exports.
Provide a responsive, accessible UI that renders prior vs. current forms side-by-side at issuer and box levels with color-coded variance highlights, badges for missing payors, and tooltips explaining calculations. Support filtering by form type (W-2, 1099-INT/DIV/B/MISC/NEC, etc.), materiality, and status, with grouping for multiple forms per issuer. Enable click-through to source documents, keyboard navigation, and persistent view state. Optimize performance to load clients with 50+ forms within target latency.
Generate suggested explanations for detected variances using rule-based heuristics and lightweight models leveraging signals such as new EINs (job change), Box 12 code V (RSU/vesting), large Box 1 vs. withholding deltas (bonus/withholding change), missing prior issuers (closed account), issuer rename mappings (custodian change), and new state withholdings (relocation). Provide confidence scores, rationale snippets, and allow accept/edit/dismiss actions. Record overrides for continuous improvement and ensure all processing stays within the secure environment.
Offer client-safe, prewritten question templates auto-filled with issuer names, amounts, and years, ready to send via SMS/email through Auto‑Chase with configurable cadence, quiet hours, and escalation. Include secure response flows (yes/no, multiple choice, short text), automatic PII redaction checks, and localization. Thread client responses back to the specific variance and update its status accordingly.
When an explanation is confirmed, capture an immutable note containing timestamp, actor, selected reason, client confirmation, and links to source documents. Store entries in a tamper-evident audit log and surface them in the return’s workpapers. Support exports to PDF/CSV and integrations with supported tax software. Provide search, filtering, and change history to satisfy review and audit requirements.
Create actionable variance tasks in the client-facing checklist and reflect unresolved variances on the PrepPilot dashboard. Auto-update task status as client responses arrive or explanations are accepted. Respect per-client materiality thresholds and ignore rules, and optionally block e-file readiness until material variances are resolved or waived by an authorized role. Expose counts and aging in pipeline KPIs.
Provide firm-level configuration of materiality thresholds, ignore lists, issuer mappings, and messaging cadences. Enforce role-based permissions for sending client communications and accepting explanations. Log all actions for SOC 2–aligned auditability, enforce encryption in transit and at rest, configurable retention, and PII redaction in outbound messages. Include required SMS/email opt-out handling and time zone–aware send windows.
Identifies state and locality indicators from issuer data and form boxes, infers required state attachments, and flags what’s missing versus last year. Proposes the expected state list per taxpayer and triggers targeted requests only for those states. Prevents late‑season surprises and protects state compliance.
Parse and normalize state and locality indicators from all taxpayer and entity source data (e-file imports, structured forms, PDFs, scanned images). Extract W-2 Box 15–20 data, 1099/1099-R state IDs and withholding, K-1 state-sourced income, brokerage CUSIPs and municipal fund state exposures, payroll locality codes, and address history. Apply OCR with confidence scoring, de-duplication, and canonical state/local codes. Output a unified StateSignals payload per taxpayer/entity, with provenance and confidence for each indicator. Integrates with StateScope inference, dashboard, and Auto-Chase. Ensures PII-safe processing, encryption in transit/at rest, and robust error handling with retry and partial-ingest recovery.
Transform StateSignals into an expected list of state/local filings and attachments per taxpayer/entity and tax year. Apply versioned rules for residency, part-year moves, reciprocity, statutory thresholds, nonresident sourced income, composite/withholding requirements, locality regimes (e.g., NYC UBT, OH RITA), and entity types (1040/1065/1120-S). Produce a rationale graph explaining why each state is included, which forms/e-file attachments are needed, and any IDs (state tax ID, account numbers) required. Support multi-state households and multi-entity relationships. Emit machine-readable requirements for downstream Auto-Chase, dashboard surfacing, and preflight validation.
Ingest prior-year returns and firm records to compare last year’s filed states and attachments to the current inferred set. Highlight missing carryforward states, newly inferred states, and explain deltas (e.g., address change, ceased wage source, reciprocity change, threshold not met). Provide an acknowledge/ignore mechanism with duration (this return only or persist) to suppress known false positives. Surface changes early in the season and feed results into Auto-Chase and dashboard alerts.
Generate state-specific document and data requests only for the states inferred as applicable. Auto-create checklists per state (e.g., state IDs, W-2 state copies, locality forms, withholding account letters) and drive deadline-aware email/SMS sequences. Use dynamic templates with state names and rationale, throttle to avoid spam, and stop requests when items are received or the state is acknowledged as not required. Track fulfillment status at the state level and sync to the central PrepPilot checklist.
Before e-file or paper assembly, run a state compliance preflight that validates each expected state has required attachments, IDs, signatures, payments/vouchers, and e-file eligibility met. Flag blockers versus warnings, provide remediation steps, and prevent transmission when critical requirements are missing. Integrate with the PrepPilot dashboard to show per-state readiness and with Auto-Chase to trigger last-mile requests automatically.
Allow authorized users to manually add/remove inferred states, adjust required attachments, and annotate reasons (e.g., safe harbor, de minimis, treaty/reciprocity). Persist overrides per client/tax year with role-based permissions, show their impact on Auto-Chase and preflight, and maintain an immutable audit log capturing who changed what and when, including previous inference state and justification.
Generates an expected‑documents checklist per client based on prior‑year profile and intake answers (employee, investor, gig, rental). Tracks uploads against the blueprint in real time and fires precise micro‑requests for only what’s missing. Moves the team from reactive sorting to proactive completeness control.
Implement a rules-driven engine that generates a per-client expected-documents checklist by combining prior-year return data with current intake responses. The engine must infer document categories and specific tax forms (e.g., wage, self-employment/gig, investment, rental, education, health coverage) and handle multiplicity (e.g., multiple W-2s or 1099s), optional vs. required flags, due dates, and dependencies. Output a normalized blueprint schema (item type, label, description, required/optional, frequency, due date, source, status). Support versioned, testable rule sets, filing status nuances, joint vs. single filers, dependents, and common prior-year carryforwards. Provide idempotent APIs to create and recompute blueprints, persist diffs when recalculated, and log rationale for each expected item to improve explainability and reviewer trust. Integrate with PrepPilot identity and client records so the blueprint is the canonical checklist powering Auto‑Chase and the watchlist dashboard.
Continuously synchronize blueprint expectations with intake form answers and profile updates. On any client answer change, compute a scoped impact analysis and propose a non-destructive diff (additions, removals, or modifications to expected items). Require preparer confirmation for high-impact changes (e.g., new rental activity) and auto-apply low-risk changes according to configurable thresholds. Maintain a change history with timestamps, actor, and reason codes. Provide real-time notifications to the assigned team and update related due dates and Auto‑Chase plans. Ensure recalculation is fast, idempotent, and resilient to concurrent edits across devices.
Automatically classify incoming documents (uploads, email ingestion, mobile capture) using filename heuristics, structured form detection, and OCR to identify document type and tax year. Match each file to the corresponding expected item, supporting multiple instances (e.g., multiple W‑2s), partial fulfillment, and duplicates. Apply quality checks (legibility, completeness, page count, signature presence where applicable) and flag low-confidence matches for review. Update item status in real time (satisfied, pending, needs attention) and expose a review queue with suggested matches and confidence scores. Ensure the matcher is explainable, supports human override, and logs decisions for auditability.
Generate targeted micro-requests only for missing or deficient items and deliver them via SMS, email, and client portal notifications with secure, pre-authenticated upload links. De-duplicate asks, respect client communication preferences and quiet hours, and include clear instructions and examples tied to the specific expected item. Integrate with Auto‑Chase to vary cadence and escalation as deadlines approach, pausing automatically when an item is satisfied or marked not applicable. Provide localized templates, merge fields (due dates, item name, reason), link tracking, deliverability metrics, and error handling. Expose controls for the preparer to preview, schedule, or suppress individual micro-requests.
Allow preparers to mark expected items as not applicable, waived, substituted, or satisfied by alternative documentation, with optional client confirmation. Capture a required rationale, update the blueprint state, and automatically stop related Auto‑Chase sequences. Provide granular permissions, approval workflows for sensitive overrides, full audit trail (who, what, when, why), and the ability to revert changes. Support adding custom expected items unique to the client or firm templates and propagating firm-level rule improvements back to the rule library after review.
Deliver a dashboard that surfaces per-client completeness, aging of missing items, blockers, and approaching deadlines. Provide filters (by doc type, status, entity, preparer), bulk actions (send micro-requests, assign reviewers), and deep links into a client’s blueprint view. Generate proactive alerts in-app and via email/Slack for stalled items, high-risk changes, or upcoming filing cutoffs. Support exportable reports and saved views to replace spreadsheet trackers. Ensure real-time updates from classification and intake sync, with performant pagination for firms managing dozens to hundreds of returns.
Deliver handoff packs exactly at the recipient team’s local start-of-day, respecting quiet hours, weekends, and regional holidays. Auto-select the next viable timezone and handoff owner so nothing stalls overnight, and show a countdown so senders know when the baton will land.
Implements a scheduling engine that delivers handoff packs at the recipient’s configured local start-of-day. Determines local time using user profile timezone, working hours, and daylight saving rules; calculates the next eligible window if the current day’s start has passed. Queues email/SMS notifications and assignment updates to release exactly at the computed time, and synchronizes with Auto‑Chase so first chasers align with the recipient’s workday. Provides fail-safes for clock skew and retries on transient delivery issues.
Enforces recipient-level quiet hours, weekend definitions, and regional/firm holidays to ensure handoffs land only during permissible work windows. Defers delivery to the next business start when quiet hours or holidays are in effect, with per-user and team inheritance rules. Integrates with Auto‑Chase to pause and resume message sequences. Supports custom do-not-disturb windows and locale-specific weekend patterns.
Automatically selects the next viable timezone and handoff owner when the primary assignee is outside working hours or unavailable. Uses a configurable rotation and eligibility rules (role, skills, SLA tier, capacity, and current load) to reassign ownership and adjust target delivery time accordingly. Notifies the sender of the routing decision and updates the checklist owner and dashboard lanes to prevent overnight stalls.
Displays a real-time countdown and ETA banner to the sender showing when and where the baton will land, including the recipient’s local time, timezone label, and reason for timing (start-of-day, holiday deferral, quiet hours). Surfaces in the return’s checklist header, task detail, and dashboard cards. Reacts to changes in calendars, overrides, or re-routing and recalculates instantly to keep expectations accurate.
Captures and persists every scheduling and routing decision, including selected timezone, offset and DST basis, calendar constraints applied, owner chosen, overrides invoked, and delivery timestamps. Exposes a readable activity log within the return and supports export for compliance and SLA reviews. Provides diff views when subsequent recalculations change the ETA, with reasons and actors recorded.
Provides an admin console to manage working hours, weekend rules, and regional holiday sources. Supports importing public calendars (ICS/country/state), defining firm- and client-specific blackout dates, and bulk-assigning profiles to users, teams, or clients. Automatically keeps holiday data current and validates against conflicting rules to maintain accurate scheduling across regions.
Enables authorized users to bypass quiet hours or holiday deferrals for urgent filings. Requires a justification, captures the approver, and notifies the recipient of the off-hours delivery. Offers an option to expedite to the earliest permissible window today and throttles repeated overrides to prevent abuse. All actions are recorded in the audit trail for accountability.
Auto-assemble all blockers into a clean, prioritized list with owner, severity, dependencies, and one-tap unblocking steps. Includes client-safe action links for each item, turning handoffs into ready-to-run work instead of detective hunts.
Automatically detect and consolidate blockers across each return’s workflow (missing documents, unanswered questionnaires, pending e‑signatures, unpaid invoices, prerequisite returns) into a single, prioritized Bundle per return. Ingest signals from PrepPilot tasks, Auto‑Chase queues, e‑signature status, document uploads, notes, and integrated systems; normalize blocker types; deduplicate across channels; and attach context (owner, due date, severity, dependency tags). Update in near‑real‑time on events and via scheduled scans; maintain idempotent detection rules; and persist a structured blocker schema to support reporting and automation. Provide batch creation for firm‑wide views and ensure multi‑return bundling for clients with multiple entities/years. Expose creation/closure events to downstream modules and keep the Bundle synchronized as items resolve.
Compute a consistent severity score and sort order for each blocker based on deadline proximity, statutory penalty risk, document criticality, dependency depth, dollar impact, client responsiveness, and firm SLA policies. Provide configurable weightings at the firm and return‑type levels with safe defaults. Recalculate scores on relevant events (new docs, deadline changes, client responses) and nightly to keep bundles fresh. Display severity badges and enable list sorting/filters across the Bundle and dashboard. Publish scores to Auto‑Chase to align reminder cadences and to workload routing to focus the team on the highest‑impact items.
Attach context‑aware, ready‑to‑run actions to each blocker, such as Request via Auto‑Chase, Send e‑Sign, Open Client Upload, Collect Payment, Assign to Teammate, or Mark Not Applicable. Prepopulate action templates with the correct documents, instructions, due dates, and reminder schedules. Generate client‑safe, branded action pages optimized for mobile and accessibility; support spouses/multi‑signers and multi‑factor e‑sign flows. Track click‑through and completion, and automatically transition blocker status upon success or surface precise error states. Integrate with SMS/email delivery, e‑signature providers, document storage, and PrepPilot checklists so that handoffs become runnable steps instead of manual follow‑ups.
Auto‑assign each blocker to the correct owner (Client, Preparer, Reviewer, Manager, Partner, Third‑Party) based on blocker type, workflow stage, and firm rules. Support reassignment, watchers, and role‑based permissions so clients see only client‑safe details. Trigger notifications in preferred channels, start SLA timers, and escalate when thresholds are breached. Balance workload using current capacity/availability and allow manual overrides with full audit history. Surface owner and routing status within the Bundle and propagate updates to the dashboard and notifications.
Model and visualize dependencies among blockers so users understand what must be resolved first (e.g., Review blocked by Missing K‑1 from Entity A). Prevent premature closures on dependent items, guide the next best action, and automatically reorder the Bundle as upstream blockers resolve. Support cross‑return dependencies (entity to individual) and cross‑year prerequisites. Provide an inline graph view and detail panels within the Bundle, and expose APIs to import dependency relationships from workflow templates and integrations.
Generate per‑blocker, time‑limited, single‑use, signed URLs that grant clients the minimum access required to complete the intended action (upload a specific document, sign a specific packet, answer a targeted question). Enforce scopes, link expiry, revocation, optional passcodes, rate limiting, and device/IP safeguards. Provide branded, localized pages meeting accessibility standards, and maintain a tamper‑evident audit trail of link creation, delivery, clicks, and completions with PII‑aware logging. Respect contact preferences/consents and align with data protection and tax practice security guidelines. Integrate with firm identity policies and PrepPilot’s consent management.
Add a dashboard module aggregating Blocker Bundles across the firm with filters by owner, severity, deadline, return type, and client status. Provide KPIs such as time‑to‑unblock, aged blockers, first‑response time, completion rate by action type, and Auto‑Chase effectiveness. Enable drill‑downs to the Bundle and item detail, saved views, permissioned share links, CSV export, and scheduled email reports. Guarantee fast load times for typical workloads and surface proactive alerts for approaching deadlines and SLA breaches.
Attach role-based micro-checklists to each handoff (review, prep, client chase) so the next team starts with the exact steps, not vague notes. Scripts prefill due-by times from deadlines and auto-check off as tasks complete, reducing ramp-up and rework.
Provide a library of reusable micro-checklist templates keyed by role (Prep, Review, Client Chase) and return type (e.g., 1040, 1065, state). Each template contains ordered steps with clear acceptance criteria, prerequisites, dynamic variables (client name, jurisdiction, deadline), and optional branching rules. Templates can be set as firm defaults or overridden per engagement. Include import/export, tagging, and template governance (owners, approvals) to ensure consistency. Integrates with PrepPilot’s return metadata so scripts auto-select based on entity, filing, and workflow stage.
Implement an event-driven engine that detects workflow transitions (e.g., Prep → Review, Review → Client Chase) and automatically attaches the correct script to the target assignee or role. Supports conditions (entity type, extension status, state filing), de-duplication, reassignment on ownership changes, and backfill for in-flight returns. Records script-to-return linkage and handoff metadata for traceability. Exposes admin rules to customize when and how scripts attach at each stage.
Prefill due-by timestamps for each script and step using statutory deadlines, extension dates, and firm SLAs (e.g., review within 48 hours of prep). Supports dependency offsets, time zone awareness, and holiday calendars. Automatically recalculates when upstream deadlines shift (e.g., extension filed) and cascades updated due-bys to steps. Displays countdowns and lateness badges, and emits escalation signals for dashboards and notifications.
Map script steps to system events so tasks complete automatically when evidence arrives: document uploads, e-signature completion, data extraction success, return status changes (prepared, e-filed, accepted), and Auto‑Chase responses. Implement an idempotent event bus with reliable delivery and step-level state transitions (Not Started → In Progress → Done). Support partial completion, manual override with reason codes, and audit trails for compliance.
Surface script steps in each user’s personal and role-based queues on the PrepPilot dashboard with filtering by due-by, client, return, and status. Enforce permissions so only authorized roles can edit or complete steps; allow read-only visibility for stakeholders. Support assignment to individuals, watchers, and @mentions. Provide bulk actions (defer, reassign) and mobile-friendly viewing for quick execution during busy season.
Offer a visual editor to create and modify scripts with step reordering, templates, variables, and branching conditions. Include draft/publish workflow, version history with diffs, rollback, and release notes. Define migration rules for in-flight returns (lock current version or opt-in to latest). Track who changed what and when for auditability and provide sandbox preview against sample returns before publishing.
At local morning kickoff, auto-assign handoff tasks by capacity, skills, and deadlines. Balances workload across the team, places rush items at the top, and sets clear SLAs—no manual triage before coffee.
Trigger Morning Auto-Assign automatically at each team’s local morning start time with configurable schedules per office, team, and day of week. Support multiple time zones, holiday calendars, and PTO-aware pauses. Ensure single-run idempotency with safeguards against duplicate executions and provide manual run/defer controls. Integrate with firm calendars to avoid running during maintenance windows. Emit run status and metrics to the PrepPilot dashboard and activity feed.
Maintain per-user capacity and skills metadata used by the assignment engine, including today’s available hours, current WIP, PTO/OOO, focus time blocks, and load limits. Model skills and eligibility (entity types, jurisdictions, forms, review authority, e-file permissions) with role-based access controls. Continuously sync workload from PrepPilot returns and calendar integrations, and cap assignments to remaining capacity. Provide admin UI and API for updates, audit changes, and support fallback/overflow rules when no eligible assignee exists.
Score and assign handoff tasks using a weighted model that considers statutory deadlines, client priority, SLA targets, document readiness from Auto‑Chase, dependencies, and skill fit. Evenly distribute work across capacity while honoring constraints such as sticky assignment, client–preparer pairing, conflicts of interest, and blackout tasks. Minimize context switching by batching similar work and produce per-user ordered queues with visible rationale. Rebalance at morning kickoff or on authorized manual re-run; avoid churn by respecting in-progress tasks.
Generate and assign handoff tasks at kickoff with embedded checklist context, links to client documents, SLA target times, and blocking dependencies. Update personal queues and the PrepPilot dashboard in real time. Notify assignees via in‑app, email, and optional Slack with acceptance, snooze, or decline (with reason) to enable immediate reassign. Ensure idempotent creation to prevent duplicates on re-runs and reflect acceptance status and due dates in reporting.
Provide configurable SLA templates by task type, client tier, and filing jurisdiction to set target turnaround at assignment time. Calculate task-level target timestamps, display SLA badges, and continuously monitor risk using remaining time, workload, and dependencies. Issue proactive reminders and escalate to leads when breach likelihood exceeds thresholds. Expose SLA adherence metrics on dashboards and export for reporting.
Enable authorized leads to override algorithmic decisions, lock assignments, and reassign tasks with reason codes. Record a complete audit trail including timestamps, actors, before/after assignees, and score deltas. Enforce RBAC to restrict sensitive assignments (e.g., e-file authority) and notify impacted users on changes. Surface change history at task and team levels for compliance and post‑mortems.
Offer a dry‑run mode to preview proposed assignments, capacity utilization, SLA coverage, and risk flags before applying changes. Allow parameter tuning (weights, exclusions, caps) and show expected impacts. Support one‑click apply and time‑bound rollback to the pre‑run state, ensuring no duplicate or orphaned tasks. Log simulations and applied runs for comparison and continuous improvement.
Drop a 60‑second brief into every baton: latest changes, open signatures, recent uploads, variances, and pending approvals. Links directly to documents and client-safe threads so recipients get full context without spelunking through the file.
Generate a concise, structured 60‑second context brief at each handoff (“baton”) for a tax return by aggregating latest changes, outstanding e‑signatures, recent client uploads, detected variances, and pending approvals. Compose the snapshot into clearly labeled sections with counts, timestamps, and responsible parties. Integrate with PrepPilot’s return model, checklist tasks, Auto‑Chase state, document store, and e‑signature module. Provide an on‑demand API and a background worker to precompute snapshots on key events (assignment change, status transition, new upload). Expected outcome: recipients immediately see an accurate, actionable overview without digging through folders or threads.
Tailor snapshot content and emphasis based on recipient role (preparer, reviewer, partner, admin) and firm permissions to minimize noise and prevent oversharing. Provide configurable templates per role to include/exclude sections (e.g., internal notes, client messages, financial variances) and set thresholds (e.g., show variances > $500). Respect RBAC, team assignment, and client‑safe boundaries so client‑shareable views omit internal content. Expected outcome: each recipient sees the most relevant, secure context for their job.
Embed permission‑checked deep links from each snapshot item to its target (document, e‑sign request, task, variance detail, client‑safe thread). Open links in the correct app context (modal or route) and include expiring, CSRF‑safe tokens for email delivery. Enforce RBAC at click‑time and degrade gracefully with access‑denied messaging. Support mobile‑friendly routes. Expected outcome: recipients can jump directly to the right artifact and take action with minimal navigation.
Define and implement when snapshots are created and how they are delivered: on baton creation/assignment changes, status transitions (e.g., Ready for Review), notable events (new client upload, signature returned), or on demand. Deliver in an in‑app panel pinned to the baton, plus email with responsive HTML and optional SMS summary linking back to the app. Honor user notification preferences and Auto‑Chase schedules to avoid message collisions. Track delivery outcomes and retries. Expected outcome: recipients consistently receive context at the right time and in their preferred channel.
Compare current return state to the last snapshot (or prior baton) and emphasize deltas: new uploads, status changes, unresolved signatures, variance movements beyond configurable thresholds, and approvals added/removed. Include who‑did‑what and when, with a mini activity timeline. Allow thresholds and included events to be configured per template. Expected outcome: users instantly see what’s new since they last viewed the file and what still blocks progress.
Guarantee fast snapshot availability: <1s median and <2s p95 for in‑app rendering; <5s for email assembly. Use incremental computation, caching, and precompute on change events for active batons. Paginate or collapse long sections with “show more” to keep render times low. Instrument metrics (latency, cache hit rate) and alerts. Expected outcome: consistently snappy experience that encourages adoption and reduces context‑switching cost.
Persist an immutable record of each snapshot: timestamp, recipient(s), delivery channel, content hash, included sections, and references to underlying artifacts (IDs, not raw content). Capture open/read events where available. Retain for 7 years with export to compliance archive. Ensure PII minimization and encryption at rest. Provide admin UI and API to search and retrieve historical snapshots. Expected outcome: auditable trace of what context was shared, when, and with whom for compliance and post‑mortems.
Require one-tap acknowledgment with optional ETA. If no ack within a set window, auto-escalate to a backup or the next timezone. Creates a reliable audit trail of handoff receipt and prevents silent stalls.
Acknowledge receipt of a handoff with a single tap or click from email, SMS, push, and in-app task views. Deep-linked, signed links open the specific handoff and record acknowledgment instantly when a valid secure token is present, falling back to authentication if expired. The UI presents clear states (Awaiting Ack, Acknowledged, Declined) with timestamp and actor and updates the return’s checklist item and dashboard in real time. Supports web and mobile experiences with responsive layouts and accessibility, minimizing friction and reducing time-to-acknowledgment while syncing status across PrepPilot’s dashboards.
When acknowledging, provide an optional ETA entry with quick-pick presets (e.g., Today 5pm, Tomorrow AM) and a date/time selector. The ETA is stored with the handoff, visible on the return’s checklist and team dashboard, and used to shape SLA expectations and reminder cadence. Users can edit or clear the ETA with tracked history. Conflicts with firm business hours or holidays trigger prompts to adjust or suggest the next valid time. This aligns expectations, improves forecasting, and integrates with Auto‑Chase timing to prevent competing messages.
If a handoff is not acknowledged within a configured window, automatically route it to the next recipient according to firm-defined policies (backup assignee, role-based pools, or next timezone) and notify all relevant parties. Supports multi-step cascades, per-client or per-return overrides, business-hour windows, and do-not-disturb rules. Each escalation attempt records notifications sent, delivery results, and recipient responses, and the sender can pause or trigger escalation manually. Ensures continuous coverage and prevents silent stalls across time zones.
Start an SLA countdown when a handoff is issued and send progressive reminders via email, SMS, and push to the assignee until acknowledgment or escalation occurs. Cadence respects urgency labels, provided ETAs, and business hours, pausing during off-hours when configured and canceling on acknowledgment or decline. Real-time dashboard indicators show SLA state and time remaining per handoff, surfacing risks before deadlines. This reduces missed handoffs and makes bottlenecks visible without manual follow-up.
Capture a tamper-evident event log for each handoff, including creation, notifications (channel and delivery status), acknowledgments, ETAs, edits, declines, escalations, and SLA events, all with timestamps, user IDs, and device or IP metadata, plus the policy version applied. The log is visible in the return’s timeline, filterable, and exportable for compliance and client inquiries. Entries are write-once and signed to detect alteration, providing defensible proof of receipt and action.
Provide an admin console to configure default acknowledgment windows, escalation chains, business hours and holidays per location or timezone, message templates, notification channels, and security settings for deep links and token expiration. Allow per-client and per-return overrides with validation, previews, and versioning. Include a test mode to simulate handoffs and escalations. Integrates with PrepPilot roles and Auto‑Chase templates to prevent conflicting cadences and ensure consistent firm-wide behavior.
Generate a sanitized, client-facing version of the handoff that shares status and what’s needed next with secure links—no internal notes. Schedule it to send after the internal baton lands so clients move in parallel while the team advances.
Generate a client-facing version of the return handoff that automatically strips internal notes, private comments, staff-only fields, task estimates, and internal attachments while preserving client-relevant status, deadlines, requested documents, and e-sign tasks. Provide configurable field-level redaction rules and templates per return type (e.g., 1040, 1120S) and per firm. Render as responsive HTML with versioning and a persistent snapshot so what the client sees is consistent with what was sent. Integrate with PrepPilot’s data model to map internal tasks to client-friendly checklist items and labels, ensuring no internal identifiers or sensitive metadata are exposed. Support per-engagement overrides and preview mode for staff before sending.
Deliver the client-safe mirror via unique, expiring links that require lightweight verification (email code or SMS OTP) without forcing account creation. Support configurable link expiry, single-use tokens, revocation, domain/branding, and rate limiting. Encrypt links at rest and in transit, and restrict access by recipient identity and optional IP throttling. Provide delivery via email and SMS with templated messages, fallbacks on bounce/undelivered events, and automatic re-issue on request. Log all access events and protect against enumeration by using opaque, high-entropy URLs.
Enable scheduling of the client-safe mirror to send automatically when the internal workflow reaches a defined baton point (e.g., ‘Data Review Complete’). Provide configurable triggers, delay windows, business-hours constraints, and blackout periods. Allow staff to pause, skip, or manually send from the engagement view. Queue and retry on transient failures, and surface pre-send validation (missing client contact methods, unresolved blockers). Include per-firm defaults with per-engagement overrides and an activity record linking the send to the triggering workflow event.
Keep the client-facing checklist in sync with PrepPilot’s internal status in near real time. When clients upload documents, complete e-signs, or when staff mark tasks done, reflect changes immediately with clear status badges, due dates, and next steps. Support incremental updates via webhooks or polling, surface partial completions, and suppress internal-only transitions. Handle concurrency (multiple stakeholders acting at once) and show conflicts or re-requests clearly. Provide optimistic updates on the client side and ensure server truth resolves state within seconds.
Offer customizable, brandable client-facing templates with firm logo, colors, and copy that translates internal task names into plain language. Support multi-language content, right-to-left layouts, and locale-aware dates/times. Provide merge fields for client name, tax year, deadlines, and dynamic checklist sections. Ensure responsive design and WCAG 2.1 AA accessibility (contrast, keyboard navigation, ARIA labels) for mobile and desktop. Allow per-service and per-engagement template selection with preview and test-send capabilities.
Capture a complete audit trail of mirror creation, redaction version, send events, deliveries, opens, verifications, link accesses, uploads, and e-sign completions with timestamps and actor metadata. Expose an internal timeline per engagement and a reporting view across clients showing open rates, time-to-first-action, and completion times to optimize Auto-Chase. Provide export (CSV/JSON) and retention controls aligned with firm policies. Trigger alerts on anomalous activity (multiple failed OTPs, suspicious access patterns) and integrate with the dashboard to highlight bottlenecks.
An append‑only, hash‑chained activity log that timestamps every event with independent time authority anchoring. Each action (upload, edit, sign, approval) is sealed with user, device, and context metadata, making the record provably tamper‑evident. Benefit: gives firms a defensible audit trail that satisfies regulators and reduces dispute risk without extra staff effort.
Implement a global, append-only event pipeline that records every material action in PrepPilot (document uploads and versions, edits, e-sign events, approvals, Auto‑Chase sends/replies, status transitions, user/admin changes) in strict chronological order. Each event is written once with a unique ID, per-tenant monotonic sequence, and idempotency keys to prevent duplicates, and stores only digests of sensitive payloads (e.g., document hashes) rather than content. The write path must be append-only with no update/delete operations and provide at-least-once durability with retry/backoff, per-stream ordering guarantees (client/return), and backpressure handling to avoid data loss under load. Events are immediately available to downstream components (hash chaining, viewer, alerting) via a reliable queue or log.
Create per-event hashes using a canonical serialization format and link each event to the previous event hash to form tamper-evident chains, with chains segmented per tenant and per return for scalable verification. Use SHA‑256 (algorithm-agile design) and produce periodic checkpoint summaries to accelerate verification. Provide in-app and CLI/offline verification that recomputes hashes, validates chain continuity, and emits a proof package containing event hashes, checkpoints, and metadata required to verify without platform access. Handle key rotation and schema evolution without breaking verifiability and surface chain head/anchor references for export.
Attach trusted timestamps to events and/or micro-batches by requesting RFC 3161 timestamp tokens from a configured Time-Stamp Authority and persist the returned tokens alongside the chain. Implement clock-skew detection and NTP sanity checks, with clear failure handling, retries, and fallback TSAs. Optionally anchor aggregate daily chain roots to a public, independently verifiable ledger to strengthen evidence of existence. Expose verification that validates TSA signatures and proves event time bounds using the associated tokens and, when enabled, public anchor receipts.
Capture rich, standardized context for each event—user ID and role, authentication method and MFA presence, IP and coarse geolocation, device fingerprint and user agent, tenant/client/return identifiers, doc digest and e‑sign envelope IDs, API/integration source, and automation flags—while minimizing stored PII. Hash or tokenize sensitive identifiers, store digests instead of content, and encrypt selected fields at rest. Make captured fields configurable per tenant with consent and regional privacy controls, and document a canonical schema to ensure consistent ingestion and verification.
Persist log data and proof artifacts in immutable, WORM-capable storage with encryption at rest and per-tenant keys, enforcing retention policies by jurisdiction and allowing legal holds. Prevent modification or deletion through application controls and storage-level object lock, and ensure multi-tenant isolation of chains and proofs. Implement least-privilege RBAC for viewing versus exporting, maintain access audit logs, and provide safe read-only interfaces for internal services that consume the log.
Deliver an in-app viewer to filter and search events by client, return, date range, user, device, and event type, with fast pagination and keyword search. Allow selection of ranges and scopes to export as PDF/CSV/JSON packages that include chain heads, checkpoint summaries, and timestamp proofs, all signed with a platform signing key and optionally a firm-managed key. Support redaction of sensitive fields, branded templates, access entitlements for who can export, and short-lived download tokens with rate limiting.
Continuously validate chain integrity in the background, detect breaks, missing sequences, or timestamp anomalies, and mark affected chains with a visible integrity status. Generate actionable alerts via email, in-app notifications, and webhooks, and integrate with SIEMs through structured event streams. Provide operational dashboards for chain health, TSA availability, and anchoring status, along with documented runbooks and automated suppression logic for known maintenance windows.
Captures a snapshot of roles, permissions, delegations, and policy versions at the exact moment each action occurs. Reviewers can see who was authorized to do what—and why—when a change or signature happened. Benefit: resolves permission disputes instantly, strengthens internal controls, and reassures compliance reviewers with clear, immutable context.
Instrument all state-changing operations across PrepPilot to capture a precise, normalized snapshot at the exact moment an action commits. Coverage includes document uploads, e-signature requests/completions, role and group changes, delegation grants/revocations, policy version updates, return status transitions, Auto‑Chase notifications, and settings changes. Each snapshot records UTC timestamp, actor identity and auth method, client/return identifiers, action type, request origin (web/mobile/API), correlation/request IDs, affected resource references, cryptographic hashes of pre/post state where applicable, and environment (prod/sandbox). Implement transactional outbox or event-sourcing hooks to guarantee capture at commit time with at-least-once delivery and idempotency keys to avoid duplicates. Provide backfill utilities for key historical actions and health metrics/alerts for missed or delayed snapshots. Result: complete, consistent evidence for every sensitive action without adding workflow friction.
Evaluate and persist the exact authorization state that allowed each action at execution time, including effective roles, group memberships, delegation chains (with validity windows and scope), applicable policy version and rule identifiers, feature flags, and conditional ABAC attributes (e.g., office, client ownership, return year). Produce a human‑readable decision record (who could do what and why) alongside a machine‑readable policy evaluation artifact for verification. Support time‑travel evaluation for replay, deterministic results, and caching of resolved contexts during an action to avoid drift. Integrate with existing RBAC/ABAC and delegation models in PrepPilot and tag snapshots with policy/version hashes. Outcome: instant, defensible answers to permission disputes with clear rationale.
Persist snapshots in a tamper‑evident, append‑only ledger that cryptographically chains entries (hash of previous + current) and signs bundles with managed keys. Store raw snapshots in durable storage (e.g., S3) with object‑lock/WORM and index ledger pointers in the primary datastore for fast retrieval by return, client, actor, action type, and time window. Provide periodic anchor checkpoints (e.g., daily) and exportable proofs for external verification. Implement rotation and retention policies aligned to tax compliance requirements, with selective redaction/tombstoning controls for lawful deletion without breaking chain integrity (e.g., redact payload, retain headers and hash). Include integrity verification jobs, alerts on detection of inconsistencies, and disaster recovery procedures. Outcome: high‑trust evidence that detects and deters tampering.
Add a timeline UI to each return, client, and firm activity view that lists actions with filters (date range, actor, action type, outcome), search, and pagination. Each event opens a detail panel showing the snapshot, authorization reasoning, and related entities. Provide side‑by‑side diffs for before/after states where applicable (e.g., role changes, policy edits), with highlighting of changed fields. Include quick copy of event IDs and hash proofs, deep links to share within the firm, and export to CSV/PDF from the view. Ensure performance via server‑side pagination and indexed queries; support accessibility and responsive layouts. Outcome: fast, intuitive investigation and review of who did what, when, and under which permissions.
Provide one‑click generation of an audit pack for a selected return, client, or time window that bundles timeline summaries, full snapshot records, authorization explanations, and cryptographic chain proofs. Output as a signed PDF report plus a companion JSON archive for machine verification. Include configurable scopes (e.g., include e‑sign events, Auto‑Chase messages) and redact sensitive fields per policy. Support scheduled exports, watermarked reviewer links with expiration, and evidence hashes in the report header/footer. Integrate with PrepPilot messaging to securely share downloads with external reviewers. Outcome: rapid, standardized responses to audit and compliance requests without manual assembly.
Enforce least‑privilege access to snapshot content with fine‑grained entitlements (by firm role, client ownership, return, action type) and field‑level redaction of PII/financial data by default. Provide admin policies to configure what is fully visible, masked, or excluded in UI and exports, with context‑aware overrides for designated compliance roles. Log and snapshot all access to snapshots themselves for a full audit of viewing/sharing. Apply watermarks and secure‑view modes for shared links. Ensure that redaction does not break cryptographic verification by separating payload from headers and hashing both. Outcome: secure, privacy‑aware visibility that meets regulatory and client expectations.
Seals proof of consented communications per message, including opt‑in source, channel, content hash, timestamps, and unsubscribe history. Works across email/SMS and client portal messages. Benefit: demonstrates compliant outreach during audits, lowers legal exposure under consent rules, and keeps outreach flowing without second‑guessing.
Implements an immutable, per-message seal created at send-time that bundles opt-in source, channel, content hash, canonicalization method, relevant timestamps (opt-in obtained, message queued, sent, delivered), unsubscribe state at send, transport vendor message ID, and sending actor. The service signs the seal (HMAC or asymmetric) and writes it to append-only storage with strong consistency and idempotency to prevent duplicate seals on retries. The seal ID is attached to message metadata across email, SMS, and portal messages and is retrievable for audits and exports. Supports bulk sends and automated Auto‑Chase communications without requiring manual steps by staff.
Integrates the sealing service with all outbound channels (email, SMS, client portal) and providers, invoking seal creation before dispatch and enriching seals with provider webhooks for delivery, bounce, and unsubscribe events. Normalizes event payloads, preserves correlation via message IDs, and ensures end-to-end traceability from PrepPilot workflows (including Auto‑Chase) to the final sealed record. Guarantees idempotent processing and multi-tenant isolation, with retries and dead-letter handling for webhook failures.
Maintains an authoritative, versioned ledger of client consent and preference changes per channel, including opt-in proofs (source, screen path, checkbox, IP/device, timestamp), double opt-in status for SMS, jurisdiction-aware legal basis, and unsubscribe history. Provides a low-latency query interface for send-time checks and writes a snapshot of effective consent state into each seal for future evidentiary verification. Supports merges for duplicate contacts, full audit logs, and recovery of prior states.
Adds a pre-dispatch validator that evaluates the target channel, content classification, and current consent status before any message is sent. Blocks or queues messages lacking valid consent, records the decision and rationale inside the resulting seal (including override metadata when permitted), and provides actionable feedback to users and automations. Integrates with Auto‑Chase to ensure deadline-aware reminders only proceed when compliant, and supports jurisdictional rules such as quiet hours and frequency limits for SMS.
Delivers an in-product inspector that displays each seal’s fields, verifies the content hash against stored message content or canonical form, and allows secure export of signed evidence as JSON or PDF. Generates multi-message audit packets filtered by client, date range, or channel, with optional redactions for PII while preserving cryptographic integrity. Provides a public verification link or QR code for third parties to validate signatures without accessing the full PrepPilot account.
Exposes secure APIs and admin tools to search and retrieve seals by client, channel, date, message ID, or workflow, with pagination, filtering, and rate limiting. Supports scheduled, encrypted bulk exports to cloud storage and includes detached signatures or checksums for tamper evidence. Enforces role-based access control, least-privilege scopes, and comprehensive access logging to meet SOC 2 and legal audit requirements.
Provides configurable retention policies by channel and jurisdiction, scheduled purge jobs, and selective minimization that retains cryptographic hashes while removing raw message content and sensitive identifiers when permitted. Implements encryption at rest and in transit, regional data residency options, and detailed audit logs of access and deletion events. Ensures that evidentiary value of seals is preserved while aligning with privacy regulations and client expectations.
Bundles e‑signature evidence—step‑up verification, passkey/biometric attestation, IP/device fingerprint, signer order, and document hash—into the timeline entry for each signed form (e.g., 8879). Benefit: compresses signature due diligence into a single, court‑ready record, speeding approvals while reducing the chance of contested signatures.
Consolidate all signature-related artifacts for each signed form (e.g., IRS 8879) into a single timeline entry within the client return: identity verification results, passkey/biometric attestation, IP/device fingerprint, signer order events, and document hash with timestamps. The entry must be immutable, time-ordered, and linkable from the dashboard. It should support multiple signers and versions of the same form, display a human-readable summary, and allow drill-down to raw evidence. Data is stored with the return record and exposed via API for downstream workflows and reporting.
Provide configurable step-up verification for signers prior to e-sign, including SMS/email OTP, knowledge-based questions, and optional government ID check via third-party. Trigger step-up automatically based on risk rules (e.g., high refund amount, new client, IP geolocation mismatch) or per-engagement override. Persist verification outcomes and evidence in the timeline entry, and ensure flows meet ESIGN/UETA and IRS e-file guidelines for Form 8879 identity verification. Integrate with Auto-Chase to request missing verification steps before signature.
Enable signers to attest using FIDO2/WebAuthn passkeys or platform biometrics (e.g., Face ID, Touch ID) as a high-assurance factor during e-sign. Capture and store the attestation statement, credential ID (hashed), authenticator type, and challenge/response metadata, linking them to the signed document and signer identity. Provide graceful fallback to OTP for unsupported devices while clearly labeling assurance levels in the timeline. Ensure cross-browser support on desktop and mobile and privacy-preserving storage of attestation data.
Record IP address, geolocation (city/region, not precise), user agent, OS/browser versions, and a privacy-preserving device fingerprint (hashed) at key events: verification start, document open, signature, and completion. Compute a risk score based on anomalies (e.g., TOR/VPN, geo distance from client profile, rapid device changes) and display it in the timeline entry. Store fingerprints and IPs in accordance with privacy policies, allow opt-outs where required, and surface discrepancies on the dashboard for review.
Support ordered multi-signer workflows with blocking rules (e.g., taxpayer must sign before spouse) and conditional steps (e.g., preparer countersign after both). Integrate with Auto-Chase to send deadline-aware reminders for each pending signer and pause/advance based on completion. Log each routing event, notification, open, and sign action into the unified timeline entry. Allow reassignment of a signer with justification, preserving the chain of custody.
Compute and store SHA‑256 hashes for every document version presented for signature and the final signed artifact, with RFC 3339 timestamps and server time sync. Maintain an immutable, append-only audit log of events (verification, opens, signatures, IP/device snapshots) linked to the timeline entry. Validate hashes on download/view to detect tampering and clearly flag mismatches. Provide optional integration with a trusted timestamp authority for stronger non-repudiation when enabled by the firm.
Generate a single, shareable evidence package (PDF/A with embedded attachments or ZIP) that includes the signed document, certificate page, full event timeline, verification results, passkey attestation metadata, IP/device records, signer order trace, and all hashes with verification instructions. Support firm branding, case reference fields, selective redaction of sensitive PII, and a secure public link with expiry for external reviewers. Ensure exports are reproducible from stored data and logged in the audit trail.
One‑click export of a sealed, shareable audit packet (PDF + JSON manifest) containing the event timeline, role snapshots, consent proofs, and e‑sign evidence. Includes a cryptographic manifest and optional password protection. Benefit: turns multi‑hour audit prep into minutes and gives banks, regulators, or clients everything they need in a single, trusted file.
Adds a prominent Export AuditPack action on return and client dashboards that compiles all required artifacts into a sealed package with minimal user input, applying defaults for file naming, date stamping, and versioning. Orchestrates data retrieval, packaging, and handoff to rendering and sealing services, displaying progress and success or failure notifications. Integrates with role-based permissions to ensure only authorized users can export and writes an immutable audit log of exporter identity, timestamp, return ID, and configuration used.
Collects and normalizes all audit-relevant events and artifacts for a return, including document requests, uploads, Auto‑Chase email and SMS communications with delivery status, consent records, knowledge-based authentication and e‑signature events, role assignments and snapshots, and filing milestones. Ensures canonical time ordering with timezone normalization, de-duplication, and immutability guarantees, while redacting fields not needed for audit. Assigns stable identifiers and cross-references for each artifact to enable consistent linkage between the PDF summary and the JSON manifest.
Generates a human-readable PDF that summarizes key metadata, the event timeline, role snapshots, consent proofs, and e‑sign evidence, including certificate details and permissible IP and device data. Supports a table of contents, bookmarks, firm branding, accessibility tags, and high-fidelity printing. Embeds the manifest fingerprint within the PDF for cross-validation with the JSON, and includes a first-page brief explaining contents, data scope, and verification steps.
Builds a JSON manifest enumerating every included artifact with SHA‑256 hashes, byte sizes, and metadata, constructs a Merkle tree to derive a root hash, and signs the root using an organizational or PrepPilot signing key to create a tamper‑evident seal. Embeds signature algorithm, key ID, and certificate chain details, and versions the schema for backward compatibility. Persists a server-side copy of manifest metadata to support later verification and chain-of-custody audits.
Optionally encrypts the exported packet using strong encryption (e.g., AES‑256) with a user-provided passphrase, enforcing strength checks and warning about recovery limitations. Signs the inner manifest before encryption to preserve verifiability. Integrates with sharing workflows to transmit passwords via a separate channel and supports policy controls to require encryption for external shares.
Provides recipient-friendly verification options, including a lightweight offline verifier and a web page that validates uploaded packets by checking hashes and signatures against the embedded manifest. Implements privacy-preserving local verification where possible and offers clear, non-technical instructions via a QR code and link in the PDF. Requires no login and returns unambiguous pass or fail results with reasons.
Supports direct download, expiring share links, and uploads to connected storage providers with optional watermarking and file naming conventions. Enforces organization policies and role-based access control for who can create external shares, sets auto-expiry and revoke options, and records access logs including timestamp, IP, and user agent where permissible. Sends notifications to the exporter when shared packets are accessed or expired.
A read‑only verification page where third parties can validate AuditPack authenticity by checking hashes, time anchors, and signatures—no PrepPilot login required. Includes QR code and short‑link on exports for instant verification. Benefit: builds instant confidence with examiners and reduces back‑and‑forth over provenance.
Expose a read-only, publicly accessible verification page reachable via a capability URL (short-link) without requiring a PrepPilot login. The endpoint accepts a verification token embedded in the URL, retrieves the corresponding immutable AuditPack snapshot, and displays verification outcomes while redacting non-essential PII. It enforces HTTPS, noindex/nofollow headers, and content security policies to prevent data leakage. The endpoint must be highly available, responsive on mobile and desktop, and resilient to direct-link sharing. It integrates with PrepPilot’s storage to fetch sealed artifacts and with the validation engine to compute and render results. Expected outcome: third parties can instantly validate authenticity and integrity without onboarding friction.
Implement a server-side validation service that recomputes content hashes (e.g., SHA-256) for the AuditPack and manifest, verifies digital signatures and certificate chains, and checks time anchors (e.g., RFC 3161 TSA and optional blockchain anchor) against trusted roots. The service must surface clear pass/fail states, error reasons, and a human-readable summary with underlying technical details on demand. It should handle versioned artifacts, multi-file manifests, detached signatures, and revocation/expiry via OCSP/CRL. Provide deterministic canonicalization of inputs to avoid false negatives and cache results for repeated requests. Expected outcome: authoritative, transparent authenticity checks with defensible cryptographic evidence.
Automatically generate a unique, capability-based short URL and a high-contrast, print-safe QR code for every exported AuditPack (PDF/ZIP) and embed it on the cover page and export metadata. Ensure QR readability at common print sizes (300 DPI), include alt text and a human-readable short link fallback, and prevent PII leakage in the URL. Regenerate links for new versions and mark prior links as superseded or redirect per policy. Provide firm branding options, UTM tagging for analytics, and link health monitoring. Expected outcome: recipients can scan or type a simple link to reach the verification page instantly.
Design a streamlined results page that shows an overall status badge (Valid, Invalid, Revoked, Expired, Superseded) with detailed checks for hash, signature, and time anchor. Include a document manifest, chain-of-custody timeline, signer identity details, and clear remediation hints for failures. Support one-click download of a sealed Verification Report (PDF) containing the results, timestamps, identifiers, and verification metadata. Ensure WCAG 2.1 AA accessibility, responsive layout, and sub-2-second perceived load for typical cases. Expected outcome: examiners get concise assurance at a glance and a portable record for case files.
Provide controls to set link expiration, revoke active links, and supersede old versions automatically when new exports are published. Implement rate limiting, IP throttling, and bot protection, with a soft CAPTCHA challenge after abuse thresholds. Enforce HSTS, TLS 1.2+, and strict CSP headers; log access attempts with privacy-conscious masking. Support firm-level policies (default expiry, require manual publish, allowlist domains for referrers) and audit logs of lifecycle events. Expected outcome: public verification remains secure, privacy-preserving, and resilient to misuse without adding friction for legitimate users.
Capture structured logs and metrics for verification events, including timestamp, link ID, result state, version, and high-level visitor metadata (e.g., country, user agent) without storing PII. Surface aggregated analytics in an admin dashboard and provide exports (CSV) and webhooks to notify preparers when an AuditPack is verified or fails validation. Configure retention policies and alerting thresholds. Expected outcome: teams gain visibility into verification activity and can respond quickly to failures or anomalous access patterns.
Integrate ProofCheck with AuditPack generation so that each export is sealed with a deterministic manifest, content hash, and signature at the time of creation. Store per-version immutable metadata and maintain a mapping from verification links to exact artifact versions. When a new version is exported, mark older links as superseded while preserving their verification history. Ensure compatibility with existing Auto‑Chase outputs and document storage, and provide APIs for internal services to request verification data. Expected outcome: consistent, tamper-evident artifacts with clear version lineage and predictable verification behavior.
Selective disclosure that lets teams hide sensitive fields (e.g., full TINs, payment amounts) while retaining verifiable integrity via partial‑proof hashes. Redactions are logged as their own sealed events. Benefit: share only what’s necessary to prove compliance, protecting privacy without weakening the audit trail.
A robust, configurable rules engine to define which data elements are redacted at field level across tax documents and workflow artifacts. Supports selectors by form field ID, label, regex, metadata key, and OCR zones; built-in presets for sensitive types (SSN/TIN, bank account, routing, DOB, payment amounts) with partial masking options (last 4, ranged digits, value bands). Policies are versioned, testable in sandbox, and reusable per document type, return type, and recipient. Integrates with PrepPilot’s document pipeline so redactions are applied before sharing, e‑sign, Auto‑Chase emails, and portal downloads. Emits structured metadata for each redaction to feed proofs and audit. Provides safe defaults while allowing firm-level overrides.
Implement per-field cryptographic commitments that preserve verifiable integrity of redacted values without revealing them. For each redacted element, compute a salted hash and include it in a document-level Merkle tree, producing a root hash stored on the redaction event. Generate a machine-readable proof manifest (field identifier, salt/nonce, hash algorithm, Merkle path) to enable third parties to verify claims (e.g., “the hidden amount equals $X”) without accessing the original value. Use modern algorithms (SHA‑256/BLAKE3) with tenant-scoped key derivation for salts and deterministic, versioned hashing to ensure stable verification across exports. Backward-compatible with existing document storage and export flows.
Create an append-only, tamper-evident ledger that records each redaction as its own sealed event with timestamp, actor, policy version, affected fields, document version, and proof root hash. Events are hash-chained and signed with the tenant’s system key to detect alteration. Provide retention controls and exportable audit packages (JSON/CSV/PDF) for regulators and internal QA. Integrate with PrepPilot’s dashboard to surface disclosure activity, exceptions, and policy drift. Support search and filters by client, return, field type, actor, and date range.
An interactive document viewer that previews before/after redactions with overlays, callouts, and diff mode. Highlights detected sensitive content, shows applied policies, and warns about unredacted risk. Allows one-click apply/undo, granular overrides, and saving reviewed settings as templates. Supports bulk application across selected returns and recipients. Accessible and responsive, integrated directly into the return’s checklist hub, with pre-flight checks at share/send time.
Enable assignment of redaction policies by recipient type and channel (client portal, email, lender, IRS/state, e‑sign provider). Provide default firm policies with per-recipient overrides and expirations, including time-bound links, watermarking, and download restrictions. Auto-select the correct policy when sharing from PrepPilot or when Auto‑Chase requests documents, ensuring minimum necessary disclosure. Log policy chosen and rationale into the redaction event.
Ensure redactions are irreversible in exported artifacts while remaining compatible with e‑signature workflows. For PDFs, flatten redaction overlays into non-recoverable content, preserve e‑sign anchor tags, and embed a proof manifest attachment and QR/link to the verification portal. Support PDF/A for archiving and provide internal, non-flattened previews for ongoing work. Maintain consistent file naming and linkage to the return in PrepPilot. Validate outputs against DocuSign and Adobe Sign to prevent signature breakage.
Provide a minimal, rate-limited API and read-only web portal for recipients to verify redacted claims using the proof manifest. Users can input a proposed value for a hidden field and receive a yes/no verification plus field metadata, without revealing PII. No account required; access is gated by signed, expiring links. Include SDK snippets and documentation for lenders and partners. Log verifications as view events in the ledger without storing submitted PII or values.
Per‑spouse Auto‑Chase that sets individual schedules, quiet hours, and preferred channels. Adapts to response patterns so the right spouse gets the right nudge at the right time—speeding 8879 completion while reducing nag fatigue and support pings.
Model each spouse as a distinct contact within a joint return, storing role (taxpayer or spouse), verified phone(s) and email(s), preferred channel order (e.g., SMS then email), language, and do-not-contact flags. Provide validation (email syntax, SMS deliverability, landline detection), merge/deduplicate logic, and APIs so Auto-Chase selects the right recipient and channel per touch. Allow firm- and return-level defaults with per-spouse overrides, and carry profiles from intake/CRM into PrepPilot so Duo Cadence can tailor outreach and reduce misrouted messages.
Enable quiet hours per spouse, including days of week, time windows, and holiday observance, with automatic time-zone detection from address or carrier lookup and manual override. Enforce scheduling so outbound nudges never send during quiet hours; defer to the next available window and log deferrals. Provide emergency override with explicit confirmation for deadline-critical filings. Support account-level defaults, per-return overrides, and auditable scheduling decisions to minimize nag fatigue and compliance risks.
Adjust nudge timing, channel, and frequency per spouse based on observed response patterns (opens, clicks, replies, e-sign completions) and historical effectiveness. Compute best time-of-day and preferred channel per spouse with guardrails (daily/weekly caps, minimum gaps) and fall back to a standard schedule when data is sparse. Integrate with Auto-Chase to dynamically reschedule touches, support A/B testing, and provide switches to enable/disable adaptation per return. Store only necessary engagement metadata, expire stale signals, and ensure performance at scale for concurrent returns.
Identify which spouse must act for each task (e.g., e-sign Form 8879, upload W-2) and route requests accordingly with correct name, salutation, and secure links. Support cross-spouse assists (e.g., ask the responsive spouse to prompt the other) without exposing the other spouse’s PII or links. Track per-signer status so the cadence pauses for completed signers while escalating for the outstanding signer, avoiding duplicate or misaddressed nudges. Handle joint vs. separate filings and edge cases like shared email addresses with secure identity confirmation.
Capture and enforce per-spouse consent for SMS and email, including opt-in source and timestamp, OPT-OUT/STOP handling, unsubscribe links, and suppression lists. Apply channel-specific legal requirements (e.g., TCPA, CAN-SPAM) and regional quiet-hour rules, blocking sends when consent is missing or revoked. Provide audit trails for each message, bounce/invalid detection, rate limits, and required disclosures in templates. Expose consent status to the scheduler so noncompliant sends are prevented and alternative channels or manual outreach are suggested.
Add a per-return view showing each spouse’s chase status, last response, next scheduled touch, channel, quiet hours, and consent state. Provide controls to pause/resume, snooze, change channel, send now, or reset cadence for a specific spouse with an auditable reason. Surface risk indicators (deadline approaching, message cap reached, high deferrals) and enable bulk actions across returns. Integrate into PrepPilot’s main dashboard filters (e.g., stuck signers) and enforce role-based access to protect contact details while enabling staff to intervene efficiently.
Each spouse sees only their tasks, documents, and signatures with a shared progress bar for the return. Clear “what’s left for you” guidance eliminates confusion, preserves privacy, and cuts back‑and‑forth about who needs to sign next.
Issue unique, expiring portal invitations to each spouse with separate identities linked to a single tax return. Enforce identity verification via email/SMS OTP and optional TOTP-based 2FA. Prevent cross-session data leakage by scoping session tokens, API queries, and cache keys to the spouse identity. Support account linking for returning clients while preserving spouse-level separation. Integrate with Auto‑Chase to deliver spouse-specific links and reminders. Log authentication and access events for audit and compliance.
Introduce spouse roles (Taxpayer/Spouse) and assign each checklist item, questionnaire section, and document request to one or both roles. Render a personalized task list and a clear "What’s left for you" panel showing only items assigned to the logged-in spouse, with due dates, blockers, and Auto‑Chase status. Support shared items visible to both with de-duplication rules and conflict handling when both upload or complete the same item. Allow preparers to reassign task ownership between spouses and persist assignments in the data model.
Display a single, shared progress bar for the return that aggregates completion across both spouses while maintaining privacy. Compute overall completion from task, document, and signature states with weighted rules and per-form requirements. Show neutral blockers (e.g., "Awaiting partner’s signature") without exposing private details. Update in real time on task completion, uploads, and signatures via WebSocket or SSE. Provide tooltip breakdowns of categories completed and remaining, scoped appropriately for each spouse’s view.
Implement fine-grained access control lists for uploaded and requested documents, tagging each file as spouse-specific or shared. Ensure the portal surfaces only documents permitted for the logged-in spouse, including previews, downloads, and version history. Provide secure upload links, virus scanning, encryption at rest/in transit, and watermarking. Enable preparers to mark requests as shared or reassign ownership. Maintain complete audit logs of access, upload, download, and reassignment events for compliance.
Model per-form signature requirements (e.g., IRS Form 8879) and configure signing order rules (sequential or parallel) per jurisdiction. Present an in-portal banner and checklist item indicating who signs next and what remains. Integrate with the e-sign provider to fetch status, lock completed signatures from being viewed by the other spouse, and trigger targeted reminders. Handle edge cases such as revoke/re-sign, identity verification for signers, and simultaneous signing when permitted. Update shared progress upon signature completion.
Provide preparers with an admin console to view both spouse contexts side-by-side for troubleshooting, reassign tasks/documents, resend invitations, update spouse contact info, and unlock/expire sessions. Include impersonation with explicit banners and full audit trails. Offer bulk actions for multi-return management (e.g., resend all outstanding spouse invites). Respect privacy by preventing preparers from exposing one spouse’s private documents to the other during support actions.
Smart assignment routes each form and signature field to the correct person (both for 8879, account holder for bank consent, etc.). Prevents wrong‑signer loops, reduces rescinds, and shortens time to e‑file by keeping actions precise.
Automatically determines the correct signer for each form and signature field using a rule-driven mapping of roles (e.g., Taxpayer, Spouse for MFJ, Authorized Representative, Business Officer, Bank Account Holder). On return creation and whenever forms or filing status change, it generates and maintains an assignment map that links each field to a specific person from the client’s contacts. Supports individual, business, and multi-party returns, handling edge cases such as multiple bank account holders or POA scenarios. Produces a canonical recipient ID used by e-sign, Auto‑Chase, and dashboard progress, and prompts for missing data when a role cannot be resolved. Expected outcome: fewer rescinds and faster e‑file readiness via precise, automatic targeting.
Provides a versioned, machine‑readable schema for supported forms (e.g., IRS 8879, bank consent, POA/2848, state analogs, engagement letters) with field‑level identifiers, conditional requirements, and signer role tags. A parser detects included forms and determines which signatures are required given context (e.g., MFJ vs Single, entity type, state/jurisdiction, e‑file vs paper). Schemas are extensible to new forms and editions, with validation tests to prevent regression. Integrates with the return profile so assignments reflect current return settings and jurisdictional variants. Expected outcome: consistent, accurate targeting across form versions and locales.
Routes each targeted request to the correct person via their verified contact channels (email and/or SMS) with secure magic links and per‑recipient portals that expose only assigned items. Honors user contact preferences and time zones, consolidates multiple tasks for the same recipient, and implements throttling and fallbacks if a channel bounces or fails. Handles shared contact scenarios (e.g., taxpayer and spouse sharing an email) without cross‑exposing content. Integrates with Auto‑Chase to schedule reminders per recipient, and with the client‑facing checklist to reflect individualized tasks. Expected outcome: higher completion rates and reduced confusion for signers.
Validates assignments before send to catch missing or conflicting information (e.g., spouse required for MFJ, bank account holder mismatch, duplicate recipients). Surfaces clear blockers and inline fixes, such as selecting from known household contacts or collecting missing consent data. Prevents wrong‑signer loops by locking signed fields, requiring explicit rescind with reason, and re‑validating assignments when profile data changes. Displays issues and required actions on the PrepPilot dashboard and blocks e‑file readiness until resolved. Expected outcome: fewer rescinds, fewer re‑requests, and cleaner pipelines.
Provides a Form Targeting panel where preparers can review the per‑field assignment map, preview exactly what each recipient will see, and make overrides with guardrails. Supports batch edits (per form or per role), per‑field reassignment, risk warnings when compliance could be impacted, and one‑click revert to defaults. Includes a recipient‑view simulator for email/SMS flows and e‑signature frames. All changes are audited and reflected immediately in Auto‑Chase and the dashboard. Expected outcome: faster resolution of edge cases without compromising compliance or clarity for signers.
Captures end‑to‑end evidence for targeted forms and signatures, including assignment map versions, delivery attempts, opens, IP and user agent, timestamps, identity checks, and e‑signature certificates. Records who made overrides and why, and stores tamper‑evident logs with retention controls aligned to IRS and bank requirements. Generates an exportable evidence pack (PDF/JSON) attached to the return and surfaces a timeline summary in the case view. Expected outcome: defensible compliance posture and simplified audits for 8879, bank consent, and related documents.
Configurable sequential or parallel signing rules with optional holds (e.g., primary must sign first). Auto‑handles edge cases—timeouts, travel, or name mismatches—and updates the chase flow accordingly, maintaining compliance without manual triage.
Configurable rule builder to define sequential or parallel signer flows per return, including role-based steps (primary, spouse, preparer) and optional holds (e.g., primary must sign before spouse). Supports reusable templates by return type and jurisdiction, conditional steps, optional signers, and validation to prevent circular or invalid dependencies. Provides both UI and API for creation, preview, simulation, and versioning of rules so teams can standardize compliant signing paths and apply them at scale with minimal setup.
Automated detection and resolution policies for signing anomalies such as timeouts, extended travel/unavailability, bounced emails, expired links, and name discrepancies. Listens to e-sign provider webhooks and internal events to pause, reroute, or reschedule steps according to policy while preserving compliance constraints. Applies deadline-aware rules, temporarily lifts parallelization when allowed, and triggers alternate verification or reassignment flows. All state transitions are idempotent, auditable, and retriable to prevent duplicate actions and ensure reliable recovery.
Tight integration between SignOrder state and PrepPilot’s Auto‑Chase to adapt message content, cadence, and channel based on who has signed, who is blocked by holds, and proximity to deadlines. Prevents reminders to completed signers, personalizes prompts with remaining actions, respects opt‑in/opt‑out and quiet hours by recipient timezone, and escalates intelligently when SLAs are breached. Provides configurable templates and throttling to reduce noise while maintaining compliance with consent and record‑keeping requirements.
Immutable, exportable record of signing order configuration and execution, including rule versions, consent artifacts, timestamps, IP/user agents, envelope IDs, identity checks, notification logs, and state changes. Stores evidence in tamper‑evident storage with retention policies that meet IRS/state e‑signature guidance and firm policy, plus role‑based redaction for internal viewing. Supports one‑click export to PDF/JSON for regulators and clients and integrates with firm‑wide compliance reporting.
Self‑service and admin‑assisted flows to resolve name discrepancies or verify identity when signer‑presented information differs from the return. Provides options such as KBA, government ID upload, SSN4/DOB checks, and alias mapping with justification, all logged to the audit trail. On success, updates signer records and proceeds with signing; on failure, routes to a review queue for reassignment or documentation upload (e.g., name change proof), with Auto‑Chase messaging updated accordingly.
Real‑time dashboard modules that surface per‑return signing progress, dependencies, holds, expected completion ETA, and deadline risk. Offers actionable controls to resend, pause, or override sequence steps with required compliance justification, plus SLA timers and alerts for overdue signers. Provides filters for blocked returns, deep links to envelopes, and summary metrics to help small firms prioritize work and reduce manual follow‑ups.
Learns which channel each spouse responds to fastest (email vs SMS) and switches automatically with consented, secure links. Boosts signature conversion and shortens cycle time while respecting quiet hours and opt‑outs.
Learns per-recipient and per-action channel responsiveness by ingesting events (delivered, opened, clicked, replied, uploaded, e-signed) across PrepPilot’s Auto‑Chase flows and the client checklist. Produces a real‑time channel score and confidence per spouse and per message type (document request, reminder, e‑sign), with recency decay and fallback heuristics when data is sparse. Supports exploration versus exploitation by occasionally testing the non‑preferred channel to avoid stale bias. Ensures tenant isolation with no cross‑firm data sharing. Exposes a simple API to the Auto‑Chase orchestrator to request the best channel now and recommended fallbacks when deliverability issues occur.
Runtime logic that selects the initial channel based on the learning engine, sends the message, and automatically switches channels when an SLA window passes without the target action, stopping the sequence immediately when the client completes it. Includes deduplication to avoid sending the same reminder on both channels within a suppression window, deliverability-aware fallbacks for SMS undeliverable or email bounces, and per‑spouse routing for joint returns. Integrates with Auto‑Chase schedules, respects quiet hours and opt‑outs, and writes detailed events to the activity timeline for auditability.
Central service to collect, store, and enforce per-recipient consent for SMS and email, including timestamp, source, language, and IP/device where applicable. Honors STOP/UNSUBSCRIBE and other opt-out keywords immediately, manages do‑not‑contact lists, and ensures footer content and sender identity meet applicable regulations such as TCPA and CAN‑SPAM. Surfaces consent status on each client profile and blocks sends when consent is missing. Emits auditable logs and exports for compliance reviews and exposes hooks so Auto‑Chase and Channel Optimizer can verify contactability before scheduling or switching channels.
Generates per-recipient, short, expiring, tamper‑evident links for actions such as e‑signature and document upload, bound to the intended email address or phone number and the return/spouse role. Detects risky forwards or device changes and can require step‑up verification such as OTP before granting access. Supports deep links for mobile SMS, branded link domains, and analytics parameters. Feeds click, open, and completion events back to the learning engine and activity timeline and integrates with existing e‑sign and checklist modules without altering their core flows.
Determines each recipient’s timezone from profile, area code, or geolocation signals with manual override and enforces configurable quiet hours and blackout periods at firm and client levels. Queues messages for the next allowable window, applies frequency caps, and merges adjacent reminders to reduce noise. Provides a preview of the next send time in the case record and ensures Channel Optimizer’s auto‑switch logic schedules retries only within allowed windows and holidays.
Admin interface and APIs to configure Channel Optimizer behavior, including enabling or disabling SMS or email per firm or client, default switching thresholds and SLA windows by message type, frequency caps, quiet hour windows, and per‑channel message templates with merge fields. Implements role‑based access, change history, and environment-specific configuration. Supports per‑case overrides and a manual lock‑channel option when legally required or requested by the client.
Dashboard and exports that report time‑to‑action, response rates, and conversion by channel, spouse, message type, and time of day, with baselines to quantify lift from Channel Optimizer. Supports A/B testing of templates and scheduling windows, shows deliverability health, and highlights clients stuck in bottlenecks. Provides alerting when KPIs regress and feeds aggregate insights back to default configuration recommendations.
Secure delegation for households where a spouse authorizes a proxy (e.g., POA) to sign specific forms. Scope‑limited permissions, step‑up verification, and an audit trail integrate with SignProof Stack, keeping momentum without risking compliance.
Provide an end‑to‑end flow for principals (e.g., spouse or taxpayer) to invite a proxy and capture explicit consent for scope‑limited signing. The flow issues secure email/SMS links, presents ESIGN/UETA disclosures, explains permitted actions and forms, and collects an authorization e‑signature from the principal and acceptance from the proxy. Supports attaching existing POA documentation (e.g., IRS 2848) and selecting effective dates and expiration. Integrates with PrepPilot’s Auto‑Chase to nudge both parties until consent is complete, and with the dashboard to show pending invites and blockers. Stores all artifacts in the SignProof Stack, linking the authorization to the specific return and forms so subsequent routing and signing respect the granted scope.
Implement a fine‑grained permission engine that constrains proxies to specific actions (view, upload, approve, sign) and specific artifacts (form types like 8879, state equivalents, engagement letters) at the return, household, and tax‑year levels. Permissions must be time‑bound, revocable, and auditable, with inheritance rules for multi‑year renewals and overrides at the form instance level. Expose APIs and UI controls for preparers to configure presets (e.g., “Sign 8879 only”) and for principals to review/confirm scopes. Enforce checks at every critical operation—access, routing, and signature application—so only authorized proxies can proceed. Persist scopes in SignProof Stack to drive signer assignment and audit lineage across the product.
Add adaptive identity verification for principals and proxies during authorization and at signature time. Support OTP (SMS/email), knowledge‑based verification, and document ID capture with liveness as configurable tiers. Automatically trigger step‑up based on risk signals (high refund amount, new device, cross‑border IP, first‑time proxy) and record verification outcomes, evidence, and device fingerprints in the SignProof Stack. Provide admin policies to set required assurance levels per form type (e.g., higher for 8879) and jurisdiction. Fail‑safe behavior must block signing and notify stakeholders while preserving a retriable path via Auto‑Chase.
Create form‑aware logic that determines eligible signers and routes signature requests only to authorized parties based on scope, POA presence, and jurisdictional rules. Validate prerequisites (e.g., IRS 2848 on file before allowing a proxy to sign 8879), set signer roles, and apply smart field tagging so signatures land in correct locations. Support federal and state variants, handle multi‑signer sequences, and block execution when constraints are unmet. Integrate with Auto‑Chase to sequence reminders per signer and with the dashboard to surface bottlenecks (e.g., “Awaiting principal consent to enable proxy on 8879”). Store routing decisions and validations in the SignProof Stack for auditability.
Generate a tamper‑evident audit trail for every proxy authorization and signature event, including timestamps, signer identity evidence, IP/device metadata, geo signals, document hashes, and permission checks passed. Bind audit entries to a cryptographic receipt and store within the SignProof Stack with exportable audit packages (PDF/JSON) for regulators and clients. Surface inline evidence in the return’s timeline and enable one‑click retrieval during disputes or IRS/state inquiries. Apply retention policies aligned to tax recordkeeping requirements and provide integrity verification upon export.
Provide tools for principals and preparers to view, pause, revoke, or renew proxy delegations. Support scheduled expirations, auto‑renew prompts ahead of new tax years, and immediate revocation that cancels outstanding signing requests and prevents future access. Notify affected parties and update routing accordingly. Maintain a historical ledger of delegation states and reasons, and reflect active/inactive badges across PrepPilot’s dashboard and checklists. Ensure changes propagate to Auto‑Chase so reminders align with current delegation status.
Embed a configurable rules engine that enforces federal/state e‑signature and representation requirements (ESIGN/UETA acceptance, IRS 8879, 2848/8821, state POA equivalents). The engine evaluates return context, signer roles, and verification levels to allow, warn, or block actions, offering an exception workflow with required rationale and additional verification when permitted. Keep jurisdictional rules versioned with effective dates, expose policy summaries in‑app for transparency, and log every policy decision to the SignProof Stack. Provide periodic ruleset updates and a test harness so firms can validate policies before deployment.
Innovative concepts that could enhance this product's value proposition.
Clients sign in with passkeys or instant magic links—no passwords. One‑tap Face ID login slashes portal friction and support tickets.
Capture a card at engagement, auto‑charge when 8879 signs, then release e‑file. Eliminates A/R chases and ties payment to signature.
Entity dashboard that tracks every partner’s K‑1, bulk‑chases stragglers by name, and shows a one‑click 'Ready to Allocate' tally.
Uploads auto‑classify by form and year, detect missing pages, and request gaps automatically. Flags W‑2/1099 mismatches against last year.
Scheduled handoff summaries bundle blockers, next steps, and client‑safe links, then auto‑assign morning tasks to the next time zone.
Cryptographically sealed activity log with role snapshots and exportable audit packet. Satisfies consented‑communications and e‑sign requirements during reviews.
Separate spouse signing flows with individual Auto‑Chase cadences and channels. Tracks who’s signed, who hasn’t, and nudges the right person automatically.
Imagined press coverage for this groundbreaking product concept.
Imagined Press Article
San Francisco, CA — August 31, 2025 — PrepPilot, the live checklist and client hub built for solo and small‑firm tax preparers, today introduced the PayGate Suite: an integrated set of payments and release controls that links engagement consent, 8879 signatures, and e‑file authorization to guaranteed payment. By automating charge capture and gating e‑file release until funds clear, firms can eliminate end‑of‑season receivables, protect revenue, and keep throughput moving without manual collections. For owner‑operators and 2–10 person practices juggling dozens or hundreds of returns, the PayGate Suite turns administrative risk into a zero‑touch flow. Clients store a card or ACH at engagement with clear, upfront terms; invoices finalize automatically when required 8879 signatures complete; and returns only release when payment and internal approvals are satisfied. The PayGate Suite includes: - EngageHold Capture: Vaults card or ACH at engagement, with optional deposit or pre‑authorization and transparent “charge on 8879 sign” terms. - 8879 AutoCharge: Auto‑finalizes the invoice and charges the stored method the moment all required signatures complete, supporting multi‑signer households. - Release Guardrails: Ties e‑file release to successful payment and any internal review gates (partner approval, risk flags), with smart client fix‑flows on payment failure. - SplitPay Partners: Splits fees across spouses, partners, or entities with fixed amounts or percentages, each with their own authorization and receipt. - Dispute Shield: Reduces chargebacks with itemized receipts linked to e‑sign evidence and consent records; auto‑assembles representment packets when needed. - Smart Retry & Updater: Recovers failed payments with network‑optimized retry schedules, card updater, and backup method fallbacks—client prompts fire only when action is needed. - LedgerSync Receipts: Auto‑generates invoices and receipts at charge and syncs to QuickBooks/Xero and the firm’s ledger for clean, real‑time reconciliation. “Firms shouldn’t have to choose between moving fast in March and getting paid in May,” said Lena Ortiz, CEO of PrepPilot. “By linking payment to signature and release, the PayGate Suite removes the A/R drag that small firms have accepted as the cost of doing business. This is revenue protection built into the workflow, not a bolt‑on task.” The new release meets small‑firm realities: households with multiple signers, multi‑entity engagements where different partners pay different shares, and compliance rules that demand clear consent and auditable signer verification. PrepPilot’s Step‑Up Sign and SignProof evidence integrate natively, so every charge can be backed by verifiable authorization, device and IP context, and a tamper‑evident timeline. “For our two‑partner shop, tax season used to end with a 30‑day collections sprint,” said Ava Jones, CPA and owner of Indigo Advisory, a pilot customer. “Now we engage with transparent terms, clients sign 8879, and payment clears automatically. We closed our season with near‑zero A/R and no awkward chases.” How it works in practice: - At engagement, clients agree to terms and add a preferred payment method. For multi‑party returns, SplitPay Partners allocates amounts by person or entity. - PrepPilot’s client‑facing checklist guides document collection and signatures. Duo Cadence and Channel Optimizer ensure the right person gets the right nudge at the right time. - Once all required 8879 signatures are complete, 8879 AutoCharge finalizes the invoice and charges the stored method. If a charge fails, Smart Retry & Updater quietly resolves it; if client action is needed, one‑tap prompts keep momentum without staff intervention. - Release Guardrails verify payment and any internal approvals before e‑file is authorized. Clients receive confirmations and receipts instantly, and LedgerSync pushes records to the firm’s accounting system. Beyond dollars collected, the PayGate Suite is designed to lower risk. Dispute Shield links itemized receipts to signer evidence and consent records; Release Guardrails prevent premature filing; and AuditPack Export packages the entire chain of consent, signatures, and payments into a single, shareable file for lenders, regulators, or internal QA. “Collections is the least strategic work a tax professional can do,” said Raj Mehta, Chief Product Officer at PrepPilot. “The PayGate Suite gives solos and small‑firm managers an always‑on revenue engine that respects clients’ time, enforces clear consent, and lets the team focus on tax work.” Availability and pricing - The PayGate Suite is available today to all PrepPilot firms in the United States. ACH and major card brands are supported at launch. - Release Guardrails, 8879 AutoCharge, and EngageHold Capture are included on Growth and above; SplitPay Partners, Dispute Shield, Smart Retry & Updater, and LedgerSync Receipts are available as add‑ons or included in the PayGate bundle. - Existing customers can enable the bundle from Settings → Payments or contact their customer success manager. Who benefits - Solo Sprint Preparers eliminate manual invoicing and end‑of‑season chases. - Small‑Firm Workload Orchestrators tie payment and approvals to release across a team. - Client Care Coordinators configure clear payment comms and fix‑flows without leaving the dashboard. About PrepPilot PrepPilot turns every tax return into a live, client‑facing checklist and central hub. For solo and small‑firm preparers juggling dozens of returns, it ends document chase with deadline‑aware Auto‑Chase, while a dashboard keeps filings and bottlenecks visible—no spreadsheets. Media contact - Name: Maya Patel, Communications Lead, PrepPilot - Email: press@preppilot.io - Phone: +1 (415) 555‑0137 - Website: www.preppilot.io/press
Imagined Press Article
San Francisco, CA — August 31, 2025 — PrepPilot, the live checklist and client hub for small tax practices, today launched a passkey‑first access experience and step‑up signing workflows that together make client logins effortless and e‑signatures verifiably secure. The new access stack combines QR Tap‑In, Device Handoff, SafeLink Magic, Household Passkeys, Step‑Up Sign, and a firm‑wide Passkey Console to eliminate passwords and SMS codes while raising the bar on signer verification. For firms serving households and busy professionals, the login is often the first friction point. Forgotten passwords and one‑time codes snowball into support tickets and stalled returns. PrepPilot’s passkey approach swaps passwords for Face ID, Touch ID, or hardware keys—while preserving a friendly fallback that nudges clients to adopt passkeys after a one‑tap link. What’s new today - QR Tap‑In: Clients on desktop scan a secure QR with their phone and approve with biometrics. First‑time access becomes a 2‑second step. - Device Handoff: When clients switch phones or computers, a trusted device authorizes the new one—no security questions or reset emails. - SafeLink Magic: Hardened one‑tap magic links that are one‑time, short‑lived, and device‑bound, with suspicious‑open detection and gentle passkey prompts. - Household Passkeys: Each spouse/partner in a shared account has their own passkey, magic links, and checklist view—no shared credentials, no confusion. - Step‑Up Sign: A fresh biometric/passkey check right before signing sensitive forms (e.g., 8879 or bank details) for auditable signer assurance. - Passkey Console: An admin view to track adoption, resend secure invites, revoke lost devices, and enforce firm rules (e.g., passkeys required for e‑sign). “Client portals live or die on first‑try success,” said Daniel Cho, CTO of PrepPilot. “By making the easiest path also the most secure path, we turn the login into a non‑event and give firms a higher integrity signal at the moment of signature.” The release was designed for real‑world edge cases: spouses who split tasks, clients who change phones mid‑season, and signers who need a secure fallback when away from their primary device. Household Passkeys ensures each person sees only their own tasks, while SplitView Portal clarifies what’s left for each signer. When a signature is required, Step‑Up Sign asks for a fresh biometric, and SignProof Stack records the attestation along with device and IP context. “For our firm, passkeys solved both sides of the equation: fewer helpdesk pings and stronger e‑sign evidence,” said Grace Park, Risk & Compliance Manager at Crescent Tax. “We cut password resets by 80% during the pilot and can answer examiner questions with a single timeline entry.” Security by design - Passkey secrets never leave the user’s device; PrepPilot relies on public‑key cryptography to verify possession. - SafeLink Magic binds one‑time links to device fingerprints and short time windows; suspicious activity triggers expiration and a secure re‑issue path. - Step‑Up Sign integrates with Consent Seals and ChainLock Log so each signature has a sealed trail of consent and device‑verified proof. Impact for small practices - Solo Sprint Preparers avoid account lockouts and keep clients moving through checklists. - Small‑Firm Workload Orchestrators get a clear view of passkey adoption and can set firmwide policies without heavy change management. - Client Care Coordinators spend less time resetting passwords and more time supporting document collection. “Security defaults matter,” added Lena Ortiz, CEO of PrepPilot. “We’re bringing a consumer‑grade login to professional workflows, so small firms can deliver a polished experience without hiring an IT team.” Availability and configuration - Passkey‑first access, QR Tap‑In, Device Handoff, and SafeLink Magic are available today for all PrepPilot plans in supported browsers and devices. - Step‑Up Sign and the Passkey Console are available on Growth and above; firms can require passkeys for signatures with a single toggle. - Household Passkeys and SplitView Portal are included for household accounts and support spouse‑specific reminders through Duo Cadence and Channel Optimizer. Evidence that scales Every access and signing event feeds into PrepPilot’s tamper‑evident ChainLock Log, with RoleFrame Snapshots capturing who had permission to do what at the time of action. With AuditPack Export, firms can share a sealed evidence packet (PDF + JSON manifest) with banks, regulators, or internal auditors, and recipients can verify authenticity via the ProofCheck Portal without a PrepPilot login. About PrepPilot PrepPilot turns every tax return into a live, client‑facing checklist and central hub. For solo and small‑firm preparers juggling dozens of returns, it ends document chase with deadline‑aware Auto‑Chase, while a dashboard keeps filings and bottlenecks visible—no spreadsheets. Media contact - Name: Maya Patel, Communications Lead, PrepPilot - Email: press@preppilot.io - Phone: +1 (415) 555‑0137 - Website: www.preppilot.io/press
Imagined Press Article
New York, NY — August 31, 2025 — PrepPilot today unveiled the K‑1 Herding Board, a purpose‑built command center that turns multi‑entity partner chases into a visible, deadline‑aware flow. Designed for firms wrangling partnerships, S‑corps, and consolidations, the board consolidates every partner’s readiness across entities, automates personalized nudges, and gates allocations until completeness rules are satisfied. Multi‑entity seasons are uniquely complex: K‑1s trickle in, partner rosters change, and managers lose time reconciling spreadsheets while deadlines loom. The K‑1 Herding Board replaces ad‑hoc lists with an integrated system that knows who is missing what, when to expect it, and how to escalate politely but persistently. What’s inside the K‑1 Herding Board - Partner RosterSync: Auto‑imports and updates partner profiles from prior‑year returns, cap tables, or CRM, capturing ownership %, preferred channels, and roles. - Smart Intake Links: Secure, name‑bound links for each partner to upload K‑1 PDFs, report “not received yet” with expected dates, or mark “no activity,” with optional W‑9 and state residency updates. - Escalate Auto‑Chase: Deadline‑aware cadences that personalize nudges by partner and entity, switch channels (email/SMS), and escalate to a managing partner when SLAs slip. - K‑1 SnapParse: Automatic extraction of key K‑1 data and detection of missing pages/states, comparing against prior‑year expectations to flag anomalies early. - Ready Gate Meter: A real‑time readiness meter that highlights blockers by name/state and gates a one‑click Ready to Allocate action until rules are met. - Delegate Relay: Secure delegation so partners can authorize a bookkeeper or family office to submit on their behalf, with full accountability. - Multi‑Entity Rollup: A consolidated view of readiness across related partnerships and S‑corps, enabling bulk chasing, deadline filters, and identification of cross‑entity stragglers. “September is won or lost in July and August,” said Marco Alvarez, CPA and Managing Partner at NorthPoint Advisors, a beta user. “PrepPilot’s board gives us the live picture—who’s green, who’s red, and why—and the system chases so my team doesn’t have to. Our allocation work starts clean, and review time drops.” The K‑1 Herding Board is built to align with firm risk and review standards. Ready Gate Meter enforces completeness rules before allocations proceed, and SnapParse flags anomalies—like missing state attachments or unexpected swings—so preparers investigate early. Reviewers gain confidence in the inputs and spend less time on detective work. “Partnership teams can finally stop reconciling conflicting lists,” said Raj Mehta, Chief Product Officer at PrepPilot. “RosterSync keeps contacts current. Smart Intake Links convert vague emails into structured responses. And the Rollup view gives managers a portfolio‑level picture so they can protect September deadlines.” End‑to‑end visibility extends to clients and delegates. Client‑safe status mirrors show partners exactly what remains, with secure links to upload or confirm. Delegate Relay preserves accountability by tracking who submitted what and keeping the partner informed. Who benefits - Multi‑Entity Marco‑type leaders managing complex calendars gain a single source of truth and a reliable path to allocations. - Small‑Firm Workload Orchestrators coordinate across preparers and reviewers with clear gating. - Client Care Coordinators manage polite persistence without manual juggling. Compliance and audit readiness are built in. Every intake action, delegation, and chase is captured in the tamper‑evident ChainLock Log with RoleFrame Snapshots. If an examiner or lender asks for proof, AuditPack Export assembles the event timeline, consent evidence, and document hashes into a sealed packet. Recipients can validate authenticity via the ProofCheck Portal without a PrepPilot login. Availability and setup - The K‑1 Herding Board is available today for PrepPilot Growth plans and above in the United States. - Firms can enable Partner RosterSync via CSV import or CRM integration and issue Smart Intake Links in bulk within minutes. - SnapParse supports common K‑1 formats at launch, with continuous learning via the Confidence Queue. About PrepPilot PrepPilot turns every tax return into a live, client‑facing checklist and central hub. For solo and small‑firm preparers juggling dozens of returns, it ends document chase with deadline‑aware Auto‑Chase, while a dashboard keeps filings and bottlenecks visible—no spreadsheets. Media contact - Name: Maya Patel, Communications Lead, PrepPilot - Email: press@preppilot.io - Phone: +1 (415) 555‑0137 - Website: www.preppilot.io/press
Imagined Press Article
Austin, TX — August 31, 2025 — PrepPilot today released a follow‑the‑sun orchestration suite that transforms how small tax firms hand off work across people, shifts, and time zones. With Timezone Waves, Morning Auto‑Assign, Blocker Bundles, Next‑Step Scripts, Context Snapshot, Handoff Ack, and Client‑Safe Mirror, teams get crisp transitions, balanced workloads, and client progress that continues even while someone sleeps. For seasonal teams, offshore collaborators, and remote reviewers, the space between handoffs is where work stalls. PrepPilot’s new suite replaces vague notes and inbox archaeology with a predictable cadence: the right packet, to the right person, at the right local time, with the exact steps to move forward. What ships today - Timezone Waves: Deliver handoff packs at the recipient’s local start‑of‑day, respecting quiet hours, weekends, and regional holidays, and auto‑select the next viable owner. - Morning Auto‑Assign: At morning kickoff, auto‑assign handoff tasks by capacity, skills, and deadlines so rush items float to the top without manual triage. - Blocker Bundles: Auto‑assemble all blockers into a prioritized list with owner, severity, dependencies, and one‑tap unblocking steps, including client‑safe action links. - Next‑Step Scripts: Role‑based micro‑checklists attached to each baton (review, prep, client chase) with due‑by times that auto‑complete as tasks finish. - Context Snapshot: A 60‑second brief in every baton—latest changes, open signatures, recent uploads, variances, and pending approvals—with direct links. - Handoff Ack: Require one‑tap acknowledgment with optional ETA; if no ack, auto‑escalate to a backup or the next timezone. - Client‑Safe Mirror: A sanitized, client‑facing update that shares status and what’s needed next with secure links, scheduled after the internal baton lands. “We run a follow‑the‑sun rhythm with a small onshore team and a trusted offshore partner,” said Omar Rahman, Partner at Lumen Tax and an early adopter. “Timezone Waves and Morning Auto‑Assign mean no one starts their day hunting for what to do. The baton lands with instructions, context, and a clock—we just move.” This release pairs operational rigor with client‑friendly communication. Client‑Safe Mirror sends a status snapshot and precise asks—aligned with Watchlist Blueprints—so clients advance in parallel with internal work. Duo Cadence and Channel Optimizer ensure the right person receives the right nudge at the right time, accelerating signatures and document collection without nag fatigue. “Great orchestration is clarity, not volume,” said Lena Ortiz, CEO of PrepPilot. “We’re giving small firms the same control and tempo as global teams—with automation that respects quiet hours, skill sets, and compliance.” Quality control and audit needs are first‑class citizens. Next‑Step Scripts embed firm standards into every handoff; Context Snapshot highlights variances with Delta Explain and state requirements via StateScope; and Handoff Ack builds a reliable audit trail of receipt. The tamper‑evident ChainLock Log records each transition, while RoleFrame Snapshots capture who had permission to act at the time. Results from pilot firms - Faster cycle time: Teams reported up to a 25% reduction in idle time between prep and review. - Fewer stalls: Ack and escalation reduced unacknowledged handoffs by 60%. - Happier clients: Client‑Safe Mirror cut “what’s my status?” emails by half during peak weeks. Who benefits - Small‑Firm Workload Orchestrators get portfolio‑level balance and deadline protection without spreadsheet gymnastics. - Seasonal Staff Preparers and Remote Reviewer CPAs receive clear steps and context, reducing rework and training time. - Client Care Coordinators send precise, client‑safe updates without rewriting internal notes. Availability and setup - The orchestration suite is available today on Growth and above for firms in the United States and Canada. - Admins can enable Timezone Waves and Morning Auto‑Assign from Settings → Workflow; templates for Next‑Step Scripts ship with common roles and can be customized. - Client‑Safe Mirror can be scheduled per pipeline stage and respects Consent Seals for compliant outreach. About PrepPilot PrepPilot turns every tax return into a live, client‑facing checklist and central hub. For solo and small‑firm preparers juggling dozens of returns, it ends document chase with deadline‑aware Auto‑Chase, while a dashboard keeps filings and bottlenecks visible—no spreadsheets. Media contact - Name: Maya Patel, Communications Lead, PrepPilot - Email: press@preppilot.io - Phone: +1 (415) 555‑0137 - Website: www.preppilot.io/press
Imagined Press Article
Chicago, IL — August 31, 2025 — PrepPilot today announced a comprehensive compliance evidence stack that makes every client action, signature, and communication cryptographically verifiable. Anchored by ChainLock Log and AuditPack Export—and complemented by RoleFrame Snapshots, Consent Seals, SignProof Stack, ProofCheck Portal, and Smart Redact—the release compresses audit prep from hours to minutes and strengthens firms’ defenses against disputes and regulatory scrutiny. Small firms carry the same compliance burden as large ones, but without the staff. PrepPilot’s approach is to make the most defensible record also the easiest to produce, by recording events as they happen and packaging them into a sealed, shareable format that examiners can validate independently. Key components - ChainLock Log: An append‑only, hash‑chained activity log that timestamps every event (upload, edit, sign, approval) with user, device, and context metadata, anchored to an external time authority. - RoleFrame Snapshots: Captures a snapshot of roles, permissions, delegations, and policy versions at the moment of each action, answering “who was authorized to do what—and why.” - Consent Seals: Sealed proof of consented communications per message (opt‑in source, channel, content hash, timestamps, unsubscribe history) across email/SMS and portal. - SignProof Stack: Bundled e‑signature evidence—step‑up verification, passkey/biometric attestation, IP/device fingerprint, signer order, and document hash—for each form (e.g., 8879). - AuditPack Export: One‑click export of a sealed packet (PDF + JSON manifest) with the timeline, role snapshots, consent proofs, and e‑sign evidence, plus optional password protection. - ProofCheck Portal: A read‑only public verification page where third parties can validate AuditPack authenticity by checking hashes, time anchors, and signatures—no login required. - Smart Redact: Selective disclosure that hides sensitive fields while preserving verifiable integrity via partial‑proof hashes; redactions are sealed as first‑class events. “Compliance is not a file cabinet you assemble after the fact,” said Grace Chen, Director of Risk & Compliance at PrepPilot. “It’s a living record. With ChainLock and RoleFrame, small firms can show not only what happened, but who was allowed to make it happen—without extra clicks.” The stack is designed to intersect with real tax workflows. Step‑Up Sign ensures a fresh biometric check before 8879, and SignProof attaches verification to that signature. Consent Seals connect outreach to explicit opt‑in, satisfying consent rules while keeping Auto‑Chase moving. When a bank or regulator asks for proof, AuditPack Export gathers the evidence into a single file with a cryptographic manifest; the recipient scans a QR or visits a short link to independently validate the packet in ProofCheck Portal. “In a lender review, we provided an AuditPack, and the questions stopped,” said Marco Alvarez, CPA and Managing Partner at NorthPoint Advisors, a pilot customer. “They could see timestamps, device info, consent, and signatures, all sealed. It turned a half‑day back‑and‑forth into five minutes.” For dispute defense, Dispute Shield pairs with SignProof and ChainLock to auto‑assemble representment packets for chargebacks, linking itemized receipts to signer evidence and consent records. Release Guardrails ensure returns only e‑file after payment clears and internal approvals are met, preserving control without sacrificing speed. “Firms deserve enterprise‑grade assurance without enterprise overhead,” said Lena Ortiz, CEO of PrepPilot. “We built a defensible record that assembles itself as a byproduct of everyday work. When the stakes are high, the evidence is already there.” Operational benefits - Faster audits: Export a complete, sealed packet in one click—the evidence the reviewer actually wants. - Fewer disputes: Verifiable signatures and consent lower chargeback risk and resolve signer challenges quickly. - Stronger controls: Role‑aware snapshots eliminate ambiguity about who could act when, reducing internal friction and review time. Availability and controls - ChainLock Log, RoleFrame Snapshots, Consent Seals, and SignProof Stack are available today on all paid plans. - AuditPack Export, ProofCheck Portal, Smart Redact, and Dispute Shield are available on Growth and above or included in the Compliance bundle. - Admins can customize retention, export policies, and redaction defaults firmwide. About PrepPilot PrepPilot turns every tax return into a live, client‑facing checklist and central hub. For solo and small‑firm preparers juggling dozens of returns, it ends document chase with deadline‑aware Auto‑Chase, while a dashboard keeps filings and bottlenecks visible—no spreadsheets. Media contact - Name: Maya Patel, Communications Lead, PrepPilot - Email: press@preppilot.io - Phone: +1 (415) 555‑0137 - Website: www.preppilot.io/press
Subscribe to receive a fresh, AI-generated product idea in your inbox every day. It's completely free, and you might just discover your next big thing!
Full.CX effortlessly brings product visions to life.
This product was entirely generated using our AI and advanced algorithms. When you upgrade, you'll gain access to detailed product requirements, user personas, and feature specifications just like what you see below.