Data Handling

How client files move through PortalLess.

This page explains the file collection lifecycle from request creation through client upload, firm review, retention, and deletion planning.

Last updated: June 10, 2026

Purpose

PortalLess is designed to collect client files for a specific firm request. The product should not collect more information than the firm needs for that request.

Data handled by PortalLess

  • Firm workspace records, including firm name and authorized users.
  • Client records created by the firm, including contact details needed for requests.
  • Document request records, including requested file labels, status, year, expiration, and delivery metadata.
  • Uploaded document files and metadata, including storage path, original file name, content type, size, upload time, client, firm, and request.
  • Request events used to understand upload activity and request completion.

Upload flow

  • A firm creates a request with the files it needs from a client.
  • PortalLess creates a secure upload link for that request.
  • The client opens the link without creating an account and uploads files.
  • PortalLess stores uploaded files in private storage and records metadata for firm review.
  • The request status updates as files are received.

Retention model

  • PortalLess should retain uploaded files only as long as needed for the firm workflow and agreed service terms.
  • Firms should define their own retention expectations before using PortalLess broadly.
  • A production launch should include clear deletion, export, and retention controls.
  • Backups and operational logs may persist for a limited period after user-facing deletion.

Firm obligations

  • Firms remain responsible for professional obligations tied to client records and sensitive documents.
  • Firms should avoid requesting unnecessary sensitive information.
  • Firms should download, route, or archive files according to their own document management policy.
  • Firms should limit workspace access to staff who need it.

Launch checklist

  • Publish a support contact for deletion, export, and security questions.
  • Define retention defaults for open, completed, and expired requests.
  • Add firm-facing controls to download, delete, and route uploaded files.
  • Review these practices with legal counsel before processing real client taxpayer information at scale.