Accounting & Tax Practice Client Forms

An accountant, a tax preparer, or a fiduciary holds a more complete picture of a client's life than almost any other professional. Salaries and bonuses, mortgage statements, share portfolios, foreign accounts, family trusts, business books, separation agreements, inheritance dispositions — they all flow through the same intake channel every January, every quarter, every closing. Yet for most practices that channel is still email attachments or a generic web portal whose provider can read every document before it ever reaches the file.

Schweizerform is built for that exact intake problem. Every submission — a tax-return checklist, an engagement letter, a salary certificate, a scanned business invoice — is encrypted in the client's browser before it reaches our servers. We physically cannot read it. For Swiss fiduciary offices, tax advisors, and audit-adjacent practices, that property — combined with Swiss hosting and nFADP-aligned architecture — turns the noisy, error-prone email-and-shared-drive workflow into a defensible control without forcing every client into a corporate portal login.

Why Email and Generic Portals Fail Tax & Accounting Intake

Most accounting practices accumulate client documents through three default channels: email attachments, a generic shared drive (Google Drive, OneDrive, Dropbox), or a generic form tool the firm signed up for once and never replaced. Each of those channels has the same structural property: somebody other than the client and the practice can read the documents in plain text — the email provider, the cloud-storage vendor, the form vendor's staff and integration partners, anyone who compromises any of them, and any authority that serves a lawful order on any of them.

For low-sensitivity exchanges, that's fine. For an accountant collecting a client's full tax-return packet, it creates a very specific and avoidable problem: the client's full financial life sits in plain text on at least one third-party server, typically outside Switzerland.

• A new client uploads salary certificates, bank statements, share-portfolio reports, and a separation agreement; the form vendor's database contains a readable financial profile of the entire household before the partner has opened the file
• An SME owner submits a year's worth of bookkeeping vouchers and supplier invoices through a generic intake form; suppliers, salaries, and margins are exposed in the vendor's systems and analytics
• A high-net-worth client discloses foreign accounts, trust structures, and inheritance flows for a tax declaration; that narrative — including counter-parties and amounts — lives on the provider's infrastructure
• A KYC or anti-money-laundering identification packet (passport, utility bill, source-of-funds explanation) is uploaded to a document-collection form; the file is scanned by the provider's antivirus, backed up, and often processed in US-hosted cloud storage
• A government data-access request, a tax-authority production order, or a subpoena targets the form vendor; it reaches your client's financial life without the client ever being notified

How Schweizerform Preserves Confidentiality Across the Practice Workflow

Schweizerform is a zero-knowledge end-to-end encrypted form platform. The encryption happens in the client's browser, before any data leaves their device. Only holders of the form's Access Code can decrypt submissions. We — the provider — cannot.

Concrete Tax & Accounting Intake Forms

Annual personal tax-return intake

The classic January-to-April workload: salary certificates, pension statements, bank year-end summaries, mortgage interest statements, share-portfolio reports, deductible expenses, real-estate documents, and family-status changes. A single encrypted intake form replaces the back-and-forth of dozens of email attachments and gives the client a clear checklist they can complete from any device.

Engagement letters and mandate acceptance

New mandates start with an engagement letter, scope-of-services confirmation, fee structure, and (for regulated mandates) anti-money-laundering identification. Routing this through a single encrypted form keeps signed engagement letters, copies of identity documents, and beneficial-ownership disclosures off generic email and out of the form vendor's plain-text storage.

SME bookkeeping and year-end closing intake

Quarterly VAT runs and year-end closings require receipt scans, supplier invoices, payroll exports, bank reconciliations, and management commentary. An encrypted form keeps that bundle out of generic shared drives — useful both for confidentiality and for a clean audit trail of what the client provided, in what version, on what date.

KYC, source-of-funds, and AML identification

Fiduciaries and certain tax advisors are subject to anti-money-laundering due diligence under the Swiss AMLA (Geldwäschereigesetz, GwG / LBA) when they perform regulated intermediation activities. Identification documents, beneficial-ownership statements, and source-of-wealth narratives all need to be collected, retained, and kept confidential. A zero-knowledge channel keeps that AML packet out of the vendor's read scope while still letting the practice retain it for the statutory period.

Payroll onboarding and employee data

Outsourced payroll requires AHV numbers, bank details, family allowances, salary breakdowns, and sometimes wage-garnishment orders. Encrypting the onboarding form means the practice receives the data it needs without exposing employees of the client to a third-party SaaS vendor's plain-text storage.

Cross-border and expat tax-return intake

Cross-border employees, US persons in Switzerland, and expat clients accumulate forms (W-2, 1099, P60, Form 8938, FBAR data, foreign-account statements, double-tax-treaty residency certificates) that any of three jurisdictions might one day inspect. Keeping the original intake encrypted end-to-end is the strongest position when a client may later face a residency challenge or a regulator request.

Audit support and special-mandate intake

Limited reviews, restricted audits, valuations, and forensic-accounting mandates all need a structured channel for the client to deliver schedules, contracts, and management responses. A per-mandate encrypted form, scoped to a single Access Code, keeps each mandate's evidence cleanly separated and out of the vendor's view.

What Clients, Vendors, and Subpoenas See

Regulatory & Professional Context: nFADP, GDPR, AMLA, Professional Secrecy

Swiss fiduciaries, accountants, and tax advisors operate under several overlapping regimes. The new Federal Act on Data Protection (nFADP / nDSG, in force since 1 September 2023) requires proportionate technical and organisational measures (Art. 8) and binds processors (Art. 9). For mandates that fall within the AMLA, identification and beneficial-ownership records must be obtained, retained for at least ten years, and kept confidential. Treuhand|Suisse, EXPERTsuisse, and EXPERTfit codes of conduct add professional-secrecy duties on top of the contractual NDAs every mandate already includes. Article 321 of the Swiss Penal Code criminalises breach of professional secrecy for certain regulated practitioners.

European clients and EU-resident dependants bring the GDPR into scope: tax and financial information about identifiable individuals is personal data, and any processor in the chain (your form vendor included) is part of the accountability surface the client's data-protection regime cares about. A zero-knowledge channel narrows that surface — the vendor never holds the data in a form it could be compelled to produce — without removing the professional and contractual duties that already bind the practice.

Features Relevant to Accounting & Tax Practices

• Zero-knowledge end-to-end encryption on every submission — no provider read access to tax returns, financial statements, or ID documents
• Encrypted document and image uploads — salary certificates, bank year-end statements, receipts, scanned passports, business invoices
• Multi-language forms (EN / DE / FR / IT) out of the box — essential for Swiss cross-cantonal practices and for cross-border mandates
• Per-form Access Codes — scope a form to a single mandate, partner, or year-end campaign
• Swiss hosting with nFADP-aligned data-processing posture — response payloads do not leave Switzerland
• Audit log of decryption events (who opened a submission, when) without exposing the underlying content
• Structured data export after decryption, for feeding into tax software, bookkeeping systems, or document-management tools
• Free tier so a single partner can pilot a tax-intake form before a firm-wide rollout

Common Objections

"Our tax software already has a client portal."

Vendor portals are well-suited to ongoing clients who already have logins. They are usually poor at first-touch intake (a prospect onboarding before they are even a client) and at one-off requests (a single document a partner needs from someone outside the portal's user base). A zero-knowledge form sits at the entry point — before a portal account exists — and complements rather than replaces the existing system.

"We already encrypt at rest. Isn't that enough?"

Encryption at rest protects against someone stealing the disk. It does not protect against the vendor's own staff, the vendor's analytics, the vendor's sub-processors, or a lawful production order served on the vendor — because the vendor still holds the keys. End-to-end zero-knowledge encryption changes that: the vendor does not hold the keys, so the data is unreadable to them regardless of who asks.

"If we lose the Access Code, we lose the submission."

Correct, and deliberate. Recommended practice is documented key custody: a sealed Access Code at the firm, split custody between two partners, or a hardware security module for larger practices. The procedure avoids single-person failure while preserving the property that the vendor cannot be compelled to produce what it cannot read.

"Our clients won't adopt yet another tool."

There is no client-side install. The client clicks a link, fills the form (in their preferred language), uploads documents, and submits. The encryption happens automatically in the browser; the client experience is the same as any web form. The practice is the only side that has to learn anything new — typically a 15-minute internal walkthrough.

"We use email plus password-protected ZIPs already."

Password-protected ZIPs are habit, but they are usually shared in a follow-up email or text message, retained in both parties' mailboxes, and indexed by the email provider's filters and antivirus. They also create a support burden every time a client mistypes the password. A branded encrypted form replaces the ad-hoc ZIP workflow with a single, auditable channel and removes the password-recovery support tickets entirely.

Rolling Out a Schweizerform Intake Channel

The Bottom Line

Tax and accounting practices already promise confidentiality in every engagement letter. The intake channel — email attachments, generic portals, ad-hoc ZIPs — typically does not match the promise. A form vendor that can read a household's full financial life, however slick its UI, is a confidentiality dependency that clients, regulators, and a future audit will increasingly question.

Schweizerform offers a direct answer: zero-knowledge end-to-end encryption on every form, Swiss hosting, and a posture aligned with nFADP and EU GDPR expectations. No paid upgrade for security. No US-cloud dependency for response data. No third-party-readable copy of a client's tax life on a server you do not control.