The Issue How It Works Check Exposure Pricing Free Guide Get Started

Your portal protects client data.
This helps protect you.

Compliance includes documenting two things: ▸ Credential exposure monitoring ▸ Data transmission security. Your practice software was not built for either. This covers that gap.

  • Monitor your work email and domain for breach exposure
  • Maintain monthly safeguard documentation in your firm's name
  • Protect your connections when you work away from the office
Start Protecting Your Practice
Licensed professional working from home office
The common scenario. A laptop. A login. A connection carrying client data. Nothing watching the credentials, nothing documenting the safeguards.
Trusted since 2011
Independent privacy audit · Securitum
Aligned with NIST CSF 2.0
Credential monitoring included
"Most attacks are not personal in nature and can occur on any type of network—big or small, home or business." Cybersecurity and Infrastructure Security Agency (CISA) · Home Network Security

Is your professional email already exposed? Get a free credential report by email within 24 hours.

Get My Free Report
The issue

Your practice software portal handles the client side.
Your side is still exposed.

When your practice software is accessed properly, it is designed to protect client data as it is stored and as it moves between you and your clients. But three things sit outside what any portal covers. Your own credentials, which can surface in a breach and quietly defeat every other control you have. Your connections when you work away from the office, on hotel, airport, and client-site networks you do not control. And the monthly record that proves your safeguards to a regulator, insurer, or examiner. That is the professional side, and it is where licensed professionals are most often left exposed.

60%
of small businesses close within six months of a cyberattack.
The consequence is final: the business does not exist anymore.
National Cybersecurity Alliance
4 of 6
Mega-breaches caused by stolen credentials.
All four were preventable with MFA or credential monitoring.
Identity Theft Resource Center, 2024
80%
Hacking causes the majority of breaches.
Most begin with a compromised credential.
HIPAA Journal, 2024
You're working from home, a shared office, or on the move
You log into your client systems like you always do
Sensitive data moves across a connection you didn't set up. And you don't control it.
No alert. No warning. No record.
The question no one wants to face unprepared

"What did you do to protect client data?"

Most professionals don't have a clear answer. Client Data Safeguards gives you one.

Portals like TaxDome, SmartVault, SimplePractice, and Clio handle how client data moves between you and your clients. They were never built to watch your own credentials, protect your connections when you work away from the office, or produce the monthly record an examiner asks for. That is the professional side, and it is exactly what this adds.

Credential exposure monitoring
Connections away from the office
Monthly safeguard documentation
What you get

Three components of protection.
One complete picture.

Credential monitoring and monthly documentation, with encrypted connections for when you work away from the office. One practical service.

🔍
Credential monitoring
Know before someone else uses your login.

You enroll the email and domain you use to access client systems. Each week, the monitoring you've enabled checks them against breach databases and dark web sources. A stolen credential can defeat your practice software and your MFA, so the moment yours surfaces, you see it. Team Check extends the same protection to every professional and support staff member in your practice.

Check Your Risk
📄
On-demand documentation
Ready to file the same day you sign up.

An on-demand Safeguards Attestation, prepared in your firm's name and stamped with the date of printing, ready to file with your WISP. Pull it when you need it, for an audit, a client request, or onboarding. Practice-software portals and consumer VPNs were not built to produce this. No integration required. Recommended by IRS Pub 4557. Aligned to your profession's specific regulation.

See Sample Documents
🔒
Encrypted connections
Strongest where you work away from the office.

AES-256 encrypted network access, kill switch on by default. Its value is clearest on the networks you do not control: hotel WiFi, the airport, a client office, a conference, the coffee shop. Protection that travels with you. No IT setup.

Start Now
Where this fits

The expectation is real.
The path is unclear.

Licensed professionals are increasingly expected to protect client data and document reasonable safeguards. Most cybersecurity systems were built for enterprise organizations, not for solo and small practices. Client Data Safeguards focuses on two of the five safeguard categories every compliance program must address, plus monthly documentation to help evidence the work. Here is the landscape, and where this product fits.

1
Administrative safeguards
Written policies, workforce training, risk assessments, incident response plans, and the designation of a person responsible for overseeing your program (the FTC Safeguards Rule and HIPAA Security Rule both require this designation by name).
Usually handled by: your attorney or compliance consultant for the program design, with you (or a designated team member) carrying the named-responsibility role.
2
Device and endpoint security
Operating system updates, antivirus, full-disk encryption, access controls, and password policies on individual devices.
Usually handled by: built-in OS security, antivirus software, or an MDM solution.
3
Practice systems and software
Your EHR, CRM, billing platform, document management, client portals. Their internal security, encryption at rest, MFA, audit logs.
Usually handled by: the practice software itself, with proper configuration (MFA enabled, BAA in place where required).
4
Client Data Safeguards covers this
Credential and account protection
Monitoring whether the email and domain you use to access client systems have appeared in breach databases, dark web markets, or stealer logs.
Handled here: continuous credential exposure monitoring across multiple intelligence sources, with alerts and inclusion in your monthly safeguards record.
5
Client Data Safeguards covers this
Client data transmission safeguards
Protection of the network layer between your device and any platform you reach: the metadata that reveals which sites you visit, the DNS queries that expose your activity to the local network, and the visibility risks of untrusted or shared connections.
Handled here: AES-256 encrypted network access with a kill switch, plus a monthly Privacy Practice Log that documents the protection.

Each layer matters. Full-service IT and compliance providers (MSPs and large compliance platforms) typically handle all five at significantly higher cost. Most independent practices already address layers 2 and 3 through their existing practice software. Client Data Safeguards is built for the two practical areas most often overlooked: protecting client data in transit (layer 5) and monitoring credential exposure (layer 4), with monthly documentation that helps evidence the work across all five. Your secure portal already covers how client data reaches your clients. These two layers cover your side: the connections you use when you work away from the office and the credentials that protect them.

The deliverable

Your compliance tools. In your hands.

Two tools live in your Safeguards Dashboard. You generate the Service-Provider Safeguards Attestation on demand, stamped with the date of printing. You schedule the Privacy Practice Log to arrive in your inbox on the day and time that suits your compliance calendar. Practice-software portals and consumer VPNs were not built to produce these. We give you documents that file alongside your existing compliance paperwork.

What you file
The Attestation. Stamped today.

A Service-Provider Safeguards Attestation, prepared in your firm's name and stamped with the date of printing. Structured around the NIST Cybersecurity Framework 2.0 and mapped to your profession's specific regulation. Recommended by IRS Pub 4557. Generated on demand: pull it the moment you need it, for an audit, a client request, or onboarding.

SERVICE-PROVIDER SAFEGUARDS ATTESTATION Client Data Safeguards · Issued under CactusVPN audited privacy infrastructure PAGE 1 OF 7 Cover & Attestation Summary PREPARED FOR Mitchell Counseling PLLC Dr. Sarah Mitchell, LCSW · Owner & Licensed Practitioner Profession: Healthcare Practitioner · Applicable rule: HIPAA Security Rule Document Control DOCUMENT ID CPP-ATT-6D9E9C2C DATE OF PRINTING May 28, 2026 COVERAGE PERIOD May 28, 2026 — Jun 28, 2026 FRAMEWORK NIST CSF 2.0 SERVICE PROVIDER CactusVPN AUDIT REFERENCE Securitum · published Attestation Summary This document attests to the technical safeguards in place for the practice named above during the coverage period stated. It is structured around the six functions of the NIST Cybersecurity Framework 2.0 and mapped to the applicable profession-specific regulation. NIST CSF 2.0 FUNCTIONS COVERED IN THIS ATTESTATION GOVERN IDENTIFY PROTECT DETECT RESPOND RECOVER Contents of this Attestation Page 1 Cover & Attestation Summary Page 2 Govern & Identify — scope, roles, asset inventory Page 3 Protect — AES-256 encryption in transit, access control Page 4 Detect — credential monitoring (XposedOrNot · xonPlus) Page 5 Respond & Recover — alerting, incident workflow Page 6 HIPAA Security Rule mapping — transmission security §164.312(e) Page 7 Signatures, no-logs audit reference, filing instructions FILING INSTRUCTION File this Attestation alongside your existing WISP, HIPAA Risk Assessment, or Reg S-P documentation. Valid for one month from date of printing. Issued by Client Data Safeguards · CPP-ATT-6D9E9C2C · clientprivacyprotection.com

Sample · Healthcare variant · Cover page (1 of 7). Built on NIST CSF 2.0. The remaining six pages contain your firm's full safeguards attestation. No integration required. It files alongside your existing compliance documentation. Nothing to install, configure, or connect.

How you operate it
Two tools. Both in your Safeguards Dashboard.

Sign in, select the tool. The Attestation generator builds your PDF on demand. The Privacy Practice Log scheduler delivers your monthly credential-monitoring record by email on a day and time you choose. You stay in control of when, how often, and to which inbox.

On-demand Attestation generator
Safeguards Dashboard · Pro Tools Service Provider Attestation Generate a profession-specific Service Provider Safeguards Attestation — a 7-page compliance certificate covering encryption, audit verification, and breach monitoring. Generate Attestation Fill in your practice details to generate a PDF attestation Profession Type Healthcare Practitioner Practice / Firm Name Mitchell Counseling PLLC Email to Check (optional) [email protected] Practitioner Name Dr. Sarah Mitchell, LCSW Title Owner & Licensed Practitioner Coverage period: valid for 1 month from the date of generation. Generate Attestation PDF

You select your profession, name your firm, and click Generate Attestation PDF. The document is yours within seconds, stamped with today's date.

Privacy Practice Log scheduler
Safeguards Dashboard · Pro Tools Automated Monthly Privacy Practice Log Documents credential monitoring activity for the prior month. Does not track connection usage, devices, or locations, consistent with our independently audited no-logs policy. Practice / Firm Name Mitchell Counseling PLLC Email to Monitor [email protected] Practitioner Name Dr. Sarah Mitchell, LCSW Title Owner Day of Month 1 Time 9 :00 Timezone America / New_York Enable automated monthly delivery Next scheduled: Jun 1, 2026 · 9:00 AM · America/New_York Save Automation Settings

You pick the day, the time, the timezone, the inbox. The Log arrives every month, automatically, on your compliance calendar.

What keeps arriving
The Log, every month. The Alert, when it matters.

The Privacy Practice Log documents your credential-monitoring activity for the prior month, citable in your HIPAA risk assessment and Reg S-P WISP. The monitoring you've enabled also sends a credential exposure alert the moment something surfaces: calm, specific, and with exactly what to do next.

Monthly Privacy Practice Log
PRIVACY PRACTICE LOG Client Data Safeguards · Credential Monitoring Record PRACTICE Mitchell Counseling PLLC PRACTITIONER Dr. Sarah Mitchell, LCSW COVERAGE PERIOD April 1, 2026 – April 30, 2026 DOCUMENT ID CPP-LOG-DA76D8A6 GENERATED May 26, 2026 LOG TYPE Monthly · Automated No-logs policy: CactusVPN operates independently audited no-logs infrastructure. This log documents credential monitoring activity only, not connection usage, device activity, or network locations. Credential Monitoring Summary Email monitored [email protected] Checks completed this period 4 Public breach database checks (XposedOrNot) 4 checks · weekly schedule New exposures detected during period 0 — Clear Activity Log DATE EVENT STATUS Apr 28, 2026 Credential exposure check completed No exposures found Apr 21, 2026 Credential exposure check completed No exposures found Apr 14, 2026 Credential exposure check completed No exposures found

Arrives on your schedule. Exportable. Citable in your HIPAA risk assessment and Reg S-P WISP by name.

Credential Alert · What You Receive
Credential Exposure Alert · Client Data Safeguards Client Data Safeguards Credential Watch · Weekly Scan Report May 3, 2026 ⚠ Exposure Detected Your email address appeared in a newly documented data breach. This is an early alert. Take action before your credentials are used. Dr. Mitchell, WHAT WAS FOUND Breach name: LinkedInDB-2024 Data exposed: Email address, hashed password Your email: [email protected] WHAT TO DO NOW ① Change your password on LinkedIn immediately ② Check if you used this password on your EHR or client portal ③ Enable two-factor authentication if not already active This alert is included in your May Privacy Practice Log · clientprivacyprotection.com

Calm, specific, actionable. When monitoring you've enabled surfaces an exposure, you see it immediately, with exactly what to do next.

How this works

Your portal stays.
Three gaps get covered.

Your secure portal already handles the client side, and nothing here changes that. What changes is the professional side. The three things that sit outside any portal, your credentials, your connections away from the office, and your monthly documentation, move from unguarded and undocumented to covered and on record.

WITHOUT THIS WITH CLIENT DATA SAFEGUARDS Your secure portal TaxDome · SmartVault · SimplePractice · Clio Handles the client side. Keep it. Your secure portal Unchanged. Same portal, same workflow. Still handles the client side = Your credentials A breached email or domain can quietly defeat your portal and your MFA. UNMONITORED Credential monitoring Your email and domain checked weekly against breach and dark web sources. COVERED · ON RECORD Your connections away from the office Hotel WiFi, the airport, a client office, networks you do not control. EXPOSED Encrypted connections AES-256 with a kill switch. Protection that travels with you. COVERED · ON RECORD Your documentation An examiner audits paperwork, not your router. With a portal alone, there is none. NO RECORD Monthly documentation A Safeguards Attestation in your firm's name, NIST CSF 2.0 mapped, audit-ready. COVERED · ON RECORD Your secure portal Handles the client side. Unchanged. Keep it exactly as is. WHAT THE PORTAL DOES NOT COVER Credential monitoring Your email and domain checked weekly. WITHOUT THIS: A breached login can quietly defeat your portal and your MFA. Unmonitored. NOW: Covered and on record. Encrypted connections Protection that travels with you. WITHOUT THIS: Hotel WiFi, airports, client offices: networks you do not control. Exposed. NOW: Covered and on record. Monthly documentation A Safeguards Attestation in your name. WITHOUT THIS: An examiner audits paperwork, not your router. A portal alone leaves no record. NOW: NIST CSF 2.0 mapped, audit-ready. The portal stays. Your side gets covered.
What this gives you, in practice

Most tools protect.
This one also tells you what's already gone wrong.

Peace of mind

You're not wondering if you missed something. Client Data Safeguards runs quietly, protecting every connection, every day.

A clear answer

When clients or regulators ask how you protect their data, you have a specific, documented response, not a guess.

Early warning

Know about credential exposure before it becomes a problem. Weekly scans of breach databases and active dark web markets.

Documentation handled

No scrambling to explain your setup. Monthly Privacy Practice Log, HIPAA language, WISP paragraphs, ready when needed.

Protection that runs quietly

No ongoing management. No IT required. Encrypted automatically on every enrolled device, every location.

Confidence in your process

You're handling client data the right way, and you have the records to support that position with anyone who asks.

One more thing worth knowing

Every connection Client Data Safeguards encrypts protects everything traveling across it simultaneously. Your client systems, your practice email, and your own bank, investment, and financial accounts. Professional protection that quietly covers your personal credentials too.

Simple from the start

Protect your practice within the hour.

1
Sign up

Takes a few minutes. Tell us how many licensed professionals are in your practice and we calculate your rate. No tiers to choose between.

2
Activate protection

Your connections are secured immediately across all your enrolled devices. Documentation is available the same day.

3
Stay covered

Credential monitoring runs weekly. Your Privacy Practice Log builds automatically each month. Nothing to manage.

Try it. If it's not right, receive a full refund.

You have 30 days to decide if this fits your practice. If it doesn't, you get a full refund. No questions asked. And the price you start with is the price you keep, written into your terms of service.

30-day money-back guarantee
No contracts
No setup fees
Price locked in writing
Try it free for 30 days. Receive a full refund if it's not right
A note from the founder

"I left a large firm to run my own practice as an Investment Advisor and Insurance Agent, and discovered firsthand what nobody warns you about: the constant worry of whether you are doing enough to protect client data. No compliance department. No IT support. Just you, your clients, and a growing stack of regulatory obligations with no clean answer to any of them.

That worry is what built this service. I found the gap that sits outside what your practice software covers, the professional's own credentials, connections, and documentation, and I built a system to close it: credential monitoring, the monthly documentation, and the encrypted connections that together give every independent practitioner the same defensible answer I wish I had."

Wes  ·  Founder, Client Data Safeguards · CactusVPN

Bring this to your IT advisor
We are built to be checked.

Many of our subscribers have a technical person review a decision like this, and we welcome it. The no-logs claim behind the service was independently audited by Securitum, and the work aligns with federal references your advisor will recognize: CISA guidance, the FTC Safeguards Rule, and NIST CSF 2.0. Forward this page to whoever vets your tools. Scrutiny is the point.

View the independent privacy audit (Securitum · no-logs policy, PDF)
The engine behind the encryption
Fifteen years of privacy infrastructure. Independently reviewed.

The encrypted connections in Client Data Safeguards run on CactusVPN, a privacy company operating since 2011. The no-logs claim isn't ours to simply assert: it was audited by Securitum, and the underlying VPN has been independently reviewed and ranked by reviewers who take no payment for their verdicts. That independence is the point. Your client data deserves an engine that earns trust on the record, not one that buys it.

★★★★★
“Don’t let the cute cactus logo fool you. The team behind CactusVPN is seriously dedicated to making a great VPN product, and that’s how they’ve climbed up to Tier 1 on my tier list. I don’t trust many VPNs these days, but CactusVPN is one of them.”
Tom Spark · Independent VPN reviewer · ranks CactusVPN Tier 1 on his public, non-sponsored tier list
No-logs audited by Securitum Operating since 2011 Tier 1 on an independent, non-sponsored review list
Credential check · sample report

Is your practice email
already exposed?

Enter the email address you use to access your client systems: your EHR, CRM, or practice portal. We’ll run it through xonPlus credential intelligence and email you a report within 24 hours.

Reports arrive within 24 hours. Our business is built upon privacy; we do not share your email address.

Powered by XposedOrNot · xonPlus

What you’ll receive
✓ Security Status: Clear Client Data Safeguards Credential Monitoring Report · xonPlus intelligence Delivered to your inbox within 24 hours Dear Dr. Sarah Mitchell, This is your credential monitoring report from Client Data Safeguards. Your email was checked against public breach databases. EMAIL CHECKED [email protected] Checked on: May 26, 2026 ✓ No Breaches Found No known data breaches were found associated with this email address as of this check date. Continue practicing good security hygiene. Your Protection 🔒 Encrypted network access Active 📋 No-logs audit (Securitum) Verified 🔎 Public breach database check Clear This report is generated by Client Data Safeguards using public breach intelligence (xonPlus). A PDF compliance certificate is attached when delivered by email. Run checks on demand or on a schedule from Pro Tools → Breach Check. © 2026 Client Data Safeguards · Sample report for illustration

Sample report. Yours arrives by email within 24 hours of submitting your address.

Who this is for

Licensed professionals.
Professional organizations.

Many of our customers serve other licensed professionals. The compliance burden you carry is the same one your clients carry. When you adopt a documented safeguards program, you're modeling the practice you would want them to adopt for their own clients' data.

Licensed professional in practice office
Healthcare · Behavioral Health · Clinical Practice

Therapists, Dentists, PTs, Chiropractors, Optometrists & Physicians

Every telehealth visit, every chart note, every insurance submission travels across your internet connection. Whether you're in a solo practice or a multi-clinician group, the same rule applies: HIPAA's transmission security obligation covers the connection itself, not just the platforms you use. Client Data Safeguards encrypts that transmission, monitors your credentials for dark web exposure, and gives you the HIPAA conduit documentation to back it up.

HIPAA Security Rule
Independent financial advisor at work
Financial Services · Insurance

RIAs, Financial Advisors & Insurance Agents

Every login to your CRM or custodian portal is a potential exposure point. The SEC's Reg S-P amendments require a Written Information Security Program naming the tools you use, by June 3, 2026. This plan is that tool, citable by name, WISP language included.

SEC Reg S-P · June 2026
Financial professional reviewing documents with clients
Finance · Legal · Accounting

Mortgage Brokers, Tax Preparers, Attorneys & CPAs

SSNs. Tax returns. Bank statements. Moving across your network every day, often on connections you did not configure and cannot fully control. The FTC Safeguards Rule deadline was June 2023. If your Written Information Security Program doesn't name the specific tools protecting your data transmission, it doesn't meet the current standard. Your next audit or renewal will surface that gap.

FTC Safeguards Rule · deadline passed June 2023
Simple pricing

One plan. All features included.
Priced by the number of licensed professionals in your practice.

Solo
Solo Practice
$39/mo
1 Licensed Professional
Get Started
Partners
Partner Practice
$64/mo
2 Licensed Professionals
Get Started
Group
Group Practice
$95/mo
3–5 Licensed Professionals
Get Started
Every plan includes everything:
  • All named licensed professionals
  • All support staff included
  • Unlimited devices · home & office
  • All three components of protection
  • AES-256 encryption · Kill switch
  • Continuous credential monitoring
  • Team Check · monitor every professional and support staff member in your practice
  • On Demand Safeguards Attestation in your firm's name
  • Monthly Privacy Practice Log
  • NIST CSF 2.0 framework alignment
  • WISP, HIPAA, FTC Safeguards, Reg S-P language
  • Insurance Readiness Summary
  • Your rate locked in your terms of service. Always.

More than 5 professionals, or a unique situation? Contact us →

30-day guaranteeFull refund if it's not right for your practice. No questions asked.
Written pricing guaranteeYour rate is locked in your Terms of Service. Not a promotional price.
Unlimited devicesPractice, home, support staff: all covered, no seat counting.
Cancel any timeMonth-to-month. No long-term contract required.
No setup feesInstall in ten minutes. Documentation ready the same day.
Free Risk Assessment · Financial Advisors

The Financial Advisor
Client Data Risk Assessment

6 questions. 2 minutes. A personalized score showing exactly where your practice is exposed, and what to do about it before the June deadline.

⚠️ SEC Reg S-P compliance deadline · June 3, 2026
Question 1 of 6 8%
/ 12
The complete solution
Credential Monitoring: Finds what is already exposed. Weekly check of your email and domain against breach databases and dark web markets.
Client Privacy Documentation: Documents your protection posture. WISP-ready language, monthly Practice Log, Insurance Readiness Summary.
Encrypted Connections: Protects you on networks you do not control. Encrypts every connection on every enrolled device, strongest away from the office.
Get Started → Check my credentials now →

What most financial advisors miss: Security is not just about protection. It is about knowing what is already exposed. Client Data Safeguards monitors your email and domain for breach exposure, documents your safeguards every month, and protects your connections when you work away from the office.

Your free compliance guide

Select your profession.
Get your guide.

A generic compliance guide is broad. A guide written for your profession, your regulations, your exposure risks, your clients, answers the question that actually matters: "Have I done enough?"

Common questions

Straight answers.
No jargon.

Most asked

How does Client Data Safeguards fit alongside the tools I already use?

Most of our subscribers already use a practice software secure portal, and they keep it. It handles how client data reaches your clients. Client Data Safeguards covers the professional side that sits outside it: monitoring your email and domain for breach exposure, the monthly documentation that proves your safeguards, and encrypted connections for when you work away from the office. It stacks with the tools you already have rather than replacing them.

What we are:

  • Credential exposure monitoring on the email and domain you use to log in
  • On-demand safeguard documentation (the Attestation) you file with your WISP
  • Encrypted connections for when you work away from the office

What we aren't:

We aren't hosting. If you use a hosted desktop service for your practice software (such as Right Networks or Verito for tax software, or a HIPAA-compliant cloud host for your EHR), your software keeps running there. We protect the connection between your device and that hosted environment.

We aren't your managed IT provider. If you have an IT partner managing your office network, antivirus, and patching, we don't replace them. We add the encrypted transit and credential monitoring layers they typically don't provide.

We aren't endpoint protection or antivirus. Tools like SentinelOne, CrowdStrike, or Microsoft Defender protect the device itself. We protect what travels off the device.

We aren't your practice software's security. Your practice software (your EHR, tax suite, case management, or financial platform) has its own built-in security: TLS, MFA, and the rest. We add another layer between your device and that software.

The simplest way to think about it: your practice software protects your clients' data where it lives and how it reaches them. Client Data Safeguards covers your side. The credentials you log in with, the connections you use away from the office, and the monthly record that proves it. That side has historically been the part practice software does not cover, and it is exactly where the federal and professional frameworks focus: the FTC Safeguards Rule (16 C.F.R. § 314.4(c)(3)), the HIPAA Security Rule (45 C.F.R. § 164.312(e)) for healthcare, SEC Reg S-P for financial advisors, ABA Formal Opinion 477R for attorneys, and IRS Pub 4557 for tax preparers.

You don't have to remove a single existing tool to add Client Data Safeguards. It works in parallel with everything you already have.

How do I evaluate whether this is right for my practice?

Bring it to whoever vets your tools. The no-logs claim behind the service was independently audited by Securitum, so the central trust claim is verifiable rather than asserted. The program is structured on NIST CSF 2.0, the federal standard examiners and cyber insurers recognize, and it aligns with CISA guidance and the FTC Safeguards Rule.

A practical way to decide: if you already use a practice software secure portal and want to know what it leaves uncovered, the answer is your own credentials, your connections when you work away from the office, and the monthly record that proves your safeguards. If those three gaps matter to your obligations, this is built for them. If a technical advisor reviews it, that is exactly the kind of scrutiny we want, and the audit and framework references give them something concrete to check.

What does "all your enrolled devices" actually mean?

Client Data Safeguards protects every device where you install our software. We support Windows, Mac, iOS, and Android, with a separate download for each. Once installed, the device is enrolled, and any connection that device makes is automatically encrypted, on any network.

If you use a device for work that doesn't have the Client Data Safeguards app installed on it, that device is not protected. Most professionals install on three to five devices: their primary laptop, their phone, and any tablet or backup laptop they use for work. Some firms also deploy at the office router level for additional coverage of stationary devices.

There is no per-device fee and no device limit. Your subscription covers every device you install on.

My practice software says it's HIPAA or SOC 2 compliant. Do I still need this?

Yes, for a different reason. Your software protects data stored on its servers. Client Data Safeguards protects the connection between your device and the software. When you log in from your home network, a shared office, or anywhere else, the platform's compliance does not protect that connection. That is the specific gap Client Data Safeguards closes.

Do healthcare professionals need a BAA with their VPN provider?

For most solo practitioners, probably not, provided your VPN qualifies as a conduit under the HIPAA Conduit Exception Rule. A conduit transmits data without storing it. Our independently audited no-logs policy is the evidence that supports conduit status. We include the exact language for your risk assessment.

Do CPAs and tax preparers have a WISP deadline too?

Yes, and it has already passed. The FTC Safeguards Rule took effect June 9, 2023. It applies to any business handling consumer financial data, including CPAs, tax preparers, bookkeepers, and accountants who file returns or manage client financial records.

The updated rule goes beyond the original IRS Publication 4557 WISP requirement. Your Written Information Security Program must now name specific technology tools protecting your clients' data. It cannot just describe general practices. If your current WISP says "we use encryption" without naming the specific product, it does not meet the current FTC standard.

Client Data Safeguards provides documentation language that names the service specifically and is ready to adapt into your WISP. Subscribers should reconcile the language with their actual operating practice, ideally with their attorney or compliance advisor.

What is the Reg S-P June 2026 deadline?

The SEC's amended Regulation S-P requires investment advisors (including smaller firms) to maintain a Written Information Security Program naming specific security tools. Deadline for smaller firms: June 3, 2026. We provide documentation language that names Client Data Safeguards by reference, ready to adapt into your firm's WISP with appropriate review.

What exactly does the credential monitoring cover?

You enroll the email addresses and domain you use to access your practice systems: your EHR login, CRM, client portal. Each week, the monitoring you've enabled checks multiple breach intelligence sources, including public breach databases, active dark web markets, and stealer log feeds. If your professional credentials surface in a known breach, you see it immediately. Results are summarized in your monthly Privacy Practice Log, part of your monthly coverage record.

Does Client Data Safeguards make me fully compliant with HIPAA, Reg S-P, or the FTC Safeguards Rule?

No. Any product that claims this is overstating. Each regulation requires administrative, physical, and technical safeguards across multiple dimensions. Client Data Safeguards addresses transmission security and documentation: important components of a compliance program. The documentation we include helps you place it correctly within your broader obligations.

Who actually runs the encryption, and why should I trust it?

The encrypted connections run on CactusVPN, a privacy company that has operated since 2011, fifteen years of running production privacy infrastructure. Two things make that trustworthy rather than just asserted. First, the no-logs policy was independently audited by Securitum, a respected European security firm, so the central privacy claim is verified by a third party rather than taken on faith. Second, the underlying VPN is independently reviewed: it holds a Tier 1 ranking on a well-known public reviewer's non-sponsored tier list, the kind of rating that cannot be purchased. For client data, an engine that earns trust on the record matters more than a familiar brand name.

What framework is your safeguards program built on?

The NIST Cybersecurity Framework 2.0, released in February 2024. NIST CSF is the federal standard for managing cybersecurity risk, voluntary by design but referenced by regulators, examiners, and cyber liability insurers as the structural template for a credible security program. CSF 2.0 was broadened to apply to organizations of any size, with a companion Small Business Quick Start Guide that makes the framework usable for solo and small practices.

Your Safeguards Attestation is organized around NIST CSF 2.0's six functions (Govern, Identify, Protect, Detect, Respond, Recover) and then mapped to your profession's specific regulation: WISP and IRS Pub 4557 for tax preparers, HIPAA Security Rule for healthcare practices, Reg S-P for investment advisors, and tech-competence and confidentiality duties for attorneys. The framework does the structural work; the profession-specific citation does the regulatory work.

What does the written pricing guarantee mean in practice?

The monthly price in your subscription is contractually committed in your terms of service, not a promotional rate. Several major consumer VPN providers face active class-action lawsuits over charging subscribers at auto-renewal rates significantly higher than their original subscription price, without adequate disclosure. Your rate is locked. In writing.

I already have managed cybersecurity through my IT provider. Do I still need Client Data Safeguards?

That is great, and you should absolutely keep it. Your managed cybersecurity platform watches the device layer: it monitors your laptop and devices for malware, phishing attempts, and suspicious activity. Client Data Safeguards covers a different layer entirely. It protects the connection between your device and the systems you use, particularly when you are working remotely.

HIPAA transmission security requirements are specifically about that connection. Most practices that take compliance seriously use both, because they solve different problems. Managed cybersecurity watches what happens on your device. Client Data Safeguards protects what travels across your connection, and monitors whether your professional credentials have already appeared in breach databases or dark web markets.

My office IT provider manages our cybersecurity. Is Client Data Safeguards redundant?

Not redundant. It covers a different layer. Think of protection in three distinct zones. The device layer is where your IT provider's tools live: endpoint protection, threat detection, device management. The application layer is where your EHR, CRM, and practice software encrypt data on their own servers. The network layer (the connection between your device and those applications) is where Client Data Safeguards lives. Few IT providers or practice applications focus on that specific layer for a licensed professional's compliance obligations.

Does Client Data Safeguards protect my own personal accounts too, not just client data?

Yes, and this is worth understanding. A VPN encrypts everything traveling across your connection simultaneously. When Client Data Safeguards is active and you log into your bank, your brokerage account, or your investment portal, those connections are encrypted in exactly the same way as your client systems. It was built for your professional obligations, but it protects every credential you transmit while it is running, personal and professional alike.

This also matters for your practice staff. Every employee device enrolled in your plan has the same protection for their own accounts as they do for client systems. One subscription covers the professional layer and the personal layer for everyone in your practice.

Should I advise my clients to protect their connections too?

Yes. There are two specific recommendations worth sharing with clients who handle sensitive communications. First, a personal VPN on a client's own device encrypts their outbound connection before it reaches your practice systems. For clients who send you sensitive documents, medical information, or financial records, a consumer VPN adds meaningful protection on their end. CactusVPN's personal plan (the same audited infrastructure behind Client Data Safeguards) is a straightforward recommendation for clients who ask.

Second, advise clients explicitly that text messaging is not a secure channel for sensitive information. SMS is unencrypted and should never carry health information, financial details, social security numbers, or any other protected data. Your practice's secure messaging portal or encrypted email is the appropriate channel. Your Documentation Pack includes a plain-English client communication guide with this language included.

Handle this properly.
And stop thinking about it.

You didn't build your practice to worry about data security. But it is part of the job. Client Data Safeguards is a straightforward way to take care of it without adding complexity to everything else you already manage.

Start Protecting Client Data Or check your risk first. Free report by email within 24 hours Your rate locked in your terms of service  ·  30-day money-back guarantee