Your clients' trust is our product.
CPA firms operate under strict confidentiality obligations. RCKN was designed from day one to earn that trust — not ask you to compromise it.
Every workspace gets its own isolated Neo4j database and Supabase row-level security policy. No cross-tenant data access is possible at the query layer.
Gmail and Outlook connections use read-only OAuth scopes by default. Send scopes are granted only when the draft feature is explicitly enabled and visible in the UI.
Email content, client names and thread context are never used to fine-tune or train AI models — neither ours nor our providers'. Draft generation uses zero-shot prompting with scoped context windows.
A single API call deletes a workspace's Neo4j nodes, Supabase rows, and OAuth tokens. For clients requesting data removal (CCPA, GDPR), the operation completes in under 30 seconds.
Every action taken by RCKN on your behalf — email read, draft sent, client extracted — is recorded in an append-only audit table with full timestamps and user attribution.
All API traffic uses TLS 1.3. Supabase encrypts data at rest with AES-256. OAuth tokens are stored with an additional application-layer encryption key rotated per deployment.
We are undergoing our first SOC 2 Type II audit with projected completion Q4 2026. Enterprise customers can request our current security questionnaire and trust report.