20% OFFCode FOUNDING20 — 20% off first year

LAUNCH OFFERApply code FOUNDING20 at checkout for 20% off your first year.Claim Offer →

GoRefer.io
PricingAffiliatesNEWMeet
Gio AI
BlogAbout
Login
Get Started Free

GoRefer Trust Center

AI Security & Governance

Updated April 2026

GoRefer's AI assistant, Gio, operates under a strict data governance framework designed specifically for the tax industry. This page explains exactly what data Gio can and cannot access, how AI interactions are isolated per tenant, and the controls that prevent data leakage.

We understand that using AI in a tax workflow requires a higher bar of trust. The details below are written for both technical reviewers and non-technical firm owners.

Tenant Isolated
PII Never Sent to AI
No Model Training
AI Audit Logs
Human Review Required

Your data is never used to train AI models

GoRefer makes a firm commitment: no customer data — including any input to Gio — is ever used to train, fine-tune, or improve any AI model. Your clients' information only flows in one direction: into your workspace. It never flows into model weights or shared learning systems.

What Is Gio?

Updated April 2026

Gio is GoRefer's built-in AI assistant. It can draft communications, surface referral insights, summarize client activity, suggest commission structures, and help preparers manage their workload. Gio is deeply integrated with firm data — which is why its data access is tightly controlled.

What Gio Can Do

  • Draft client-facing emails and referral communications

  • Summarize referral pipeline and commission trends

  • Answer questions about firm data (scoped to your firm only)

  • Suggest workflow improvements based on aggregated activity

  • Assist with document drafting and compliance checklists

  • All actions are fully audited and reversible

What Gio Cannot Do

  • Access raw SSNs, EINs, bank details, or driver's license numbers

  • Read data belonging to a different firm

  • Retain memory or context across sessions (stateless per request)

  • Autonomously save or modify client records without human approval

  • Share outputs with third parties

  • Initiate outbound communication on your behalf without explicit approval

What Data Is Sent to AI Infrastructure?

Updated April 2026

The table below documents each data category that Gio may encounter and the protection measures applied before any data leaves GoRefer's own infrastructure.

Data TypeSent to AI?How It's ProtectedSensitivity
Client SSN / EIN / Bank details
NeverPII fields are decrypted only in tightly scoped service calls; the AI layer never receives raw PIICritical
Client name
Optional — anonymizedGio workflows can receive pseudonymous references; full names are excluded by default unless explicitly included by the firmControlled
Referral workflow data
Yes — in structured contextTenant-scoped. All AI context is associated with a single firm and never mixed with other firmsStandard
Commission calculations
Yes — aggregated figuresSubmitted as structured data without personally identifying the preparer unless firm has configured otherwiseStandard
Analytics & usage patterns
Yes — aggregated onlyNo individual-level data; firm-level aggregate metrics used for insightsLow

AI Security Controls

Updated April 2026

Every AI interaction on the GoRefer platform is governed by the following technical and policy controls. All controls listed below are actively enforced — not aspirational.

ControlDescriptionStatus
Tenant isolation
Every AI request is scoped to a single tenant. Context from one firm can never appear in another firm's AI responses.Enforced
No model training on customer data
Customer data submitted to Gio is never used to train, fine-tune, or improve any AI model — including GoRefer's own systems.Enforced
PII stripping before AI calls
An automated pre-processing layer strips or masks PII fields before any data is dispatched to AI infrastructure.Enforced
AI response audit log
Every Gio interaction is logged with actor, timestamp, input summary (not full content), and response metadata. Stored for 365 days.Enforced
AI disclaimer on all outputs
Every AI-generated response includes a mandatory disclosure that the content was AI-generated and should be reviewed before use.Enforced
Human review before saving
AI outputs are presented as drafts. No Gio response is saved to a client record without explicit acceptance by a firm user.Enforced
Fallback infrastructure
If the primary AI provider is unavailable, Gio fails gracefully to a secondary provider. Customer data is not retained by either provider beyond the request lifecycle.Enforced
Prompt injection detection
Input sanitization and output validation layers are in place to detect and block prompt injection attempts that could cause unintended data exposure.Enforced

AI Credit System as a Governance Mechanism

Updated April 2026

GoRefer's AI credit system is not just a billing mechanism — it serves as a natural rate-limiting and auditability layer. Every Gio operation consumes credits, creating a one-to-one log of every AI action performed on your data.

Rate Limiting

  • Credit consumption prevents unbounded AI data access

  • Unusual spikes in credit usage trigger Security Hub alerts

  • Admins can set per-user AI credit limits

Full Auditability

  • Every credit deduction maps to a specific AI action and actor

  • Credit logs are immutable and exportable

  • 365-day credit history retained by default

Access Control

  • Credit allocations are scoped per user role

  • Admins can revoke AI access for individual users instantly

  • AI features follow the same RBAC as the rest of the platform

AI Infrastructure Isolation

Updated April 2026

AI processing uses zero-retention endpoints

GoRefer's AI infrastructure is configured to use zero data retention agreements with our AI service providers. Data submitted for AI processing is not stored, logged, or used for model improvement by those providers after the request completes.

Request Lifecycle

  • Context assembled in GoRefer's own infrastructure

    PII fields are stripped/masked before the context leaves GoRefer

  • Single-request dispatch

    AI calls are stateless — no session state is maintained between requests

  • Response validated before delivery

    AI outputs are scanned for unexpected PII or policy violations before returning to the user

  • No cross-tenant context

    The context window for each request is fully scoped to the requesting firm

Failure & Fallback Handling

  • Primary / fallback provider architecture

    If the primary AI provider is unavailable, requests route automatically to a backup provider with the same data governance requirements

  • Graceful degradation

    If both providers are unavailable, Gio fails with a clear user-facing message — no data is exposed or cached during the failure

  • Incident logging

    All AI provider failures are logged in GoRefer's internal monitoring system with full request metadata (no data content)

Prompt Injection Protection

Updated April 2026

Prompt injection is a class of attack where malicious input attempts to override AI instructions, extract data from the AI context, or cause unintended behavior. GoRefer applies multiple layers of defense against these attacks.

Input Defense

  • User inputs are sanitized before inclusion in AI prompts

  • Known injection patterns are blocked at the input validation layer

  • Client-submitted text is structurally segregated from system instructions

  • Character limits enforced on all AI input fields

Output Defense

  • AI responses are validated against expected output schema before delivery

  • Responses containing unexpected PII patterns are flagged and blocked

  • Output sanitization prevents injection artifacts being rendered to other users

  • Annual penetration testing includes AI-specific prompt injection test cases