Quick answer
For a CPA or tax preparer, on-prem AI means the AI that drafts your client emails and summarizes documents runs on a machine in your own office, so client tax information stays on your network instead of traveling to a vendor's cloud. You own the hardware and the models, and a person on your team approves every message before it sends.
Every accountant we talk to asks a version of the same question before anything else: where does my client data go?It is the right instinct. The information that flows through a tax practice is not ordinary business correspondence. It is the most revealing data a person hands to anyone, and a client hands it to you because they trust you to hold it carefully. That is the lens we want to use to look at AI tools, because the answer to "where does the data go" is different depending on how the AI is built.
Why tax data is different
A retailer's inbox holds order numbers and shipping questions. A tax practice's inbox holds Social Security numbers, W-2s, K-1s, brokerage statements, mortgage details, and a complete financial picture of a household. Put together, the files on your network describe your clients more completely than almost any other record they will ever produce.
That is why confidentiality is something a firm cares about for its own reasons, long before anyone outside the firm weighs in. A client who sends you their return is trusting you with information they would not share with their neighbor or their employer. When a firm starts thinking about putting AI anywhere near that material, the first question is not "is it fast," it is "does this change who can see my clients' information." A good tool should make that question easy to answer.
Where client data goes with the usual AI tools
Most AI products you can sign up for in a browser are cloud services. When you paste a client document or forward an email into them, that content travels to servers you do not control, run by a company you have no operational visibility into. Some consumer-grade tools may use the things you type as input to improve their own models, which means your client's data could become part of a system you cannot inspect. By default, OpenAI may use content from personal ChatGPT accounts to improve its models unless you opt out; its business and enterprise tiers are excluded (OpenAI Help Center).
The risk grows when staff reach for those tools without anyone signing off. IBM found that breaches involving shadow AI, the unsanctioned AI tools employees adopt without approval, cost an average of $670,000 more in its 2025 Cost of a Data Breach Report (IBM). Smaller firms feel this acutely: Verizon's 2025 Data Breach Investigations Report found that 88% of breaches at small and midsize businesses involved ransomware (Verizon).
The deeper issue is that you cannot un-send it. Once a Social Security number or a full financial statement has left your network and reached a vendor's cloud, you are relying on that vendor's policies, settings, and good behavior. For a casual draft, that may be a tradeoff a business is willing to make. For a tax client's most private records, a lot of firms look at that and decide they want a different arrangement. We wrote a whole piece on where your client data goes when you use ordinary AI tools, if you want the longer version.
The on-prem alternative
On-prem means "on your premises." Instead of sending your data out to a service, you put the AI on a dedicated machine that sits on your own office network. The models run locally on that box. Your client documents are processed right there, in your office, by hardware you own. If you want the plain-English version of what on-prem AI means, start there.
The reason this is so different is that privacy here is a matter of physics, not policy. With a cloud tool, your data stays private because a vendor promises it will. With an on-prem setup, your client data stays in your building because there is nowhere else for it to go in the normal course of work. The default is that nothing leaves your network. This is the core of a private AI employee built for a practice that handles sensitive files.
What Paige does for a tax practice
Paige is the private AI employee we install. On the box in your office, she handles the routine pile that eats a preparer's day:
- Drafts client repliesin your firm's voice, so a status question or a document request gets a written answer in seconds instead of minutes.
- Summarizes returns, IRS notices, and long threads into a short readout, so you can see what a forty-message chain or a dense notice actually says without rereading all of it.
- Answers plain questions about your own files and gives you a citation to the source page, so you can click straight to where the answer came from and verify it yourself.
- Handles intake and data entry, pulling details off the documents clients send and putting them where they belong.
- Stops before every send. Paige drafts, then waits. A person on your team reads the draft and clicks send. She never sends on her own, and that gate is enforced by the system, not by a setting someone could quietly turn off.
Confidentiality is your duty; possession is the tool
Preparers carry real confidentiality obligations around client tax information, and the firms we work with take those obligations seriously. We want to be precise about what on-prem does and does not do here, because the honest framing matters. On-prem AI is not a rule you have to follow, and we are not telling you it makes your firm compliant with anything or that any standard requires it. W&S builds and installs software. We are not your accountant or your attorney, and Edward is not a CPA.
What on-prem gives you is possession. The data lives on hardware you own, on your network, where your own reviewer can see it. Alongside the install you get a written audit runbook, so the person on your team responsible for confidentiality can verify where the data goes and confirm for themselves that it stays inside the office. The duty is yours. The tool gives you possession of the data and a documented way to check it, so you can meet that duty on your own terms instead of taking a vendor's word for it.
What we verify at install
When we set up the box, we do not just hand you a machine and leave. We verify, and document, that the system behaves the way the pitch says it does:
- No client content leaves the network. By default, client documents and messages are processed locally on the box, and we document that they are not sent out.
- Only telemetry reaches W&S. The information we receive to keep the system healthy is operational telemetry, not your client content.
- You own everything. The hardware, the models, and the credentials are yours. If you ever stopped working with us, the box and what is on it stay with you.
- Support is 24 hour response, next business day resolution target, remote-first. We respond within 24 hours, aim to resolve by the next business day, and handle most of it remotely.
If your practice ever wants a cloud-assisted feature for something specific, that is an optional, opt-in path that we disclose and you choose. It is never the default, and it is never on without you knowing. The standing arrangement is local, with nothing leaving your network.
What it costs
We keep the pricing simple. An optional data residency assessment runs $500 to $1,500, if you want us to map where your data lives today before anything is installed. The install starts at $3,000, with hardware passed through at cost. After that, the management retainer starts at $300 per month, scaled to the size of what you are running.
If you handle tax files for a living, where that data sits is not a detail. It is the whole question. See how this works for accounting firms, or book a short walkthrough below and we will look at your real workflow together.