ATCS
Log in Request quote
Security + data residency

Your books, your hardware, your encryption keys.

ATCS is built for finance teams, controllers, and CPAs who cannot answer where the data lives with a shrug. Encrypted vendor TINs, role-based access, an append-only audit log, and an on-prem option that keeps your general ledger and your AI inference on hardware you physically control.

Run the pricing calculator Review infrastructure & backup

The problem

Financial data has quietly become the most leaked asset in small business technology. Bookkeeping platforms ship general ledgers, vendor lists, and payroll exports to data centers whose physical addresses are abstracted behind "regions." Residency clauses are buried on page 47 of a click-through MSA, and the boilerplate often grants the vendor a license to "use anonymized data to improve services" — language that, in 2026, has come to mean training third-party AI models on your client list.

The AI layer has made this worse, not better. Vendor TINs, beneficial ownership details, payroll registers, and bank account numbers are routinely pasted into general-purpose chat tools to draft a 1099 cover letter or summarize an aging report. Each paste is an uncontrolled disclosure. SOC 2 reports do not cover prompts your bookkeeper sent to a consumer LLM at 11pm on a Tuesday.

CPAs are now the squeezed middle. Clients hand them security questionnaires and ask for written confirmations about encryption, residency, and AI training that the underlying SaaS stack simply does not support. ATCS is built for the firms and businesses that have decided "trust us" is no longer a sufficient answer.

How it works

Encryption at rest

Vendor TINs are stored as encrypted strings using Laravel's encrypted cast, backed by AES-256 with a key derived from your application secret. The plaintext is never written to disk, never indexed in plaintext, and never appears in query logs. Database backups inherit field-level encryption and are then wrapped a second time at the volume layer — Synology snapshots and off-site copies on Backblaze B2 or Wasabi are encrypted before they leave the box. Snapshot keys are managed separately from application keys so a compromised database credential cannot decrypt a year of history.

Role-based access plus audit log

Every account belongs to a workspace, and every user inside a workspace holds exactly one of four roles: owner, admin, bookkeeper, or viewer. Permissions are evaluated server-side on every request — there is no client-trust path. Behind that, an append-only audit log records every state change in the system: who edited a vendor, who marked a 1099 as filed, who issued a W-9 token, who exported a CSV. Support-side masquerade — when an admin "logs in as" a user to reproduce an issue — is itself a logged event, with the originating admin, the impersonated user, the start time, and the end time written immutably.

Self-hosted option

For businesses that cannot, or will not, send financial data to anyone else's hardware, ATCS ships as an on-prem appliance. Configurations range from a single RTX 5090 workstation for small firms up to dual H200 nodes for firms running private AI inference across hundreds of clients. In a self-hosted deployment, the application server, the database, the backup target, and the AI model all sit inside your network. Prompts, vendor records, and document OCR never traverse a third-party AI cloud. Your data residency answer becomes a street address.

Backup posture

Backups are encrypted, off-site, and tested. The default posture is a Synology primary target inside the customer environment, replicated to a low-cost object store — Backblaze B2 or Wasabi at roughly six to seven dollars per terabyte per month — with separate credentials and immutable retention to defeat ransomware-style deletion. Restore drills are run quarterly against a clean environment, and the audit log captures each drill so you can hand evidence to an examiner without scrambling.

What you get

  • AES-encrypted vendor TIN storage with no plaintext on disk
  • Four-tier role model: owner, admin, bookkeeper, viewer
  • Append-only audit log of every create, update, delete, and export
  • Audited masquerade-as-user for support — fully attributable, time-bounded
  • Tokenized W-9 capture: single-use, time-bound links, no shared inboxes
  • Session-based authentication with optional TOTP two-factor
  • Per-business workspace isolation — no cross-tenant data paths in queries
  • On-prem hardware option from RTX 5090 to dual H200, sized to your firm
  • Private AI inference when self-hosted — prompts and documents stay on-site
  • Encrypted backups to Synology plus Backblaze B2 or Wasabi
  • Quarterly tested restores with audit-log evidence
  • CPA-ready written responses to common security questionnaires

FAQ

Where does my data live?

You choose. In our managed deployment, your workspace is hosted in a U.S. region with documented physical addresses and encrypted backups to a separate provider. In a self-hosted deployment, your data lives on the hardware you bought — typically an on-prem appliance in your office or colocation cage — and we can show you the rack.

Is the AI model trained on my data?

No. ATCS does not feed your ledger, vendor records, or documents into third-party model training pipelines. In the self-hosted configuration, AI inference runs on your local GPU, so prompts and outputs never leave your network. In the managed configuration, prompts route to inference endpoints under contractual no-training, no-retention terms.

What's encrypted vs not?

Vendor TINs are encrypted at the field level with AES. The full database is encrypted at rest at the volume layer. Backups are encrypted before leaving the primary host and again at the off-site target. Transport is TLS end-to-end. What is not "encrypted" in a meaningful sense is data your authorized users are actively viewing in their browser — that is the point of authorization.

What happens when an admin masquerades as a user?

The masquerade event is written to the append-only audit log with the admin's identity, the impersonated user's identity, the start and end timestamps, and any state-changing actions taken during the session. The impersonated user's own activity log shows the masquerade clearly so there is no ambiguity about who did what.

Can my CPA get a security questionnaire response?

Yes. We maintain written responses to the common questionnaire formats — encryption, residency, access control, backup, incident response, AI handling — and will return them under NDA. For self-hosted customers, we provide a template you can adapt with your specific physical address and retention windows.

Where to next

Stop guessing where your client data sleeps at night. Price an on-prem or managed deployment with the pricing calculator, then review the infrastructure & backup page for the exact hardware, encryption, and restore-test posture behind every ATCS workspace.

Ready to size this for your business?

The pricing calculator returns a live range based on your headcount, transaction volume, and AI usage.

Run the pricing calculator All solutions