FileValet

Secure CPA Document Exchange

Reduce document collection time from 14+ days to under 7 days

About FileValet

Mobile-first document vault for CPA firms

File Valet is a hardened, mobile-first document vault designed for secure CPA-client document exchange. Built with enterprise-grade security and compliance requirements in mind.

Key Features

  • • Passwordless authentication (Passkeys + OTP)
  • • Multi-tenant with database-level isolation
  • • Automatic virus scanning (ClamAV)
  • • Real-time CPA-client messaging
  • • Mobile-optimized camera capture

Compliance

  • • IRS Pub 4557 compliant
  • • FTC Safeguards Rule adherent
  • • Zero PII/SSTI leaks
  • • 7-year retention via soft deletes
  • • Full audit trail

System Status

Current implementation status (Week 1 of 6)

Operational

  • ✓ Next.js 15 with App Router
  • ✓ TypeScript (Strict Mode)
  • ✓ Tailwind CSS + shadcn-ui
  • ✓ Service Abstraction Layer
  • ✓ Result Pattern for Error Handling
  • ✓ Multi-Tenant Database Schema

Configured (Pending Implementation)

  • ⚙ Drizzle ORM (schema ready)
  • ⚙ Auth Service Interface (IAuthService)
  • ⚙ Storage Service Interface (IStorageService)
  • ⚙ Chat Service Interface (IChatService)

Pending Integration

  • ○ Clerk (Authentication + Organizations)
  • ○ Neon Postgres (Database + RLS)
  • ○ Uploadthing (File Storage)
  • ○ Stream Chat (Messaging)
  • ○ ClamAV (Virus Scanning)

Technology Stack

Production-ready tools with migration pathways

Framework:Next.js 15 (App Router, Server Actions)
Database:Neon Serverless Postgres + Drizzle ORM
Auth:Clerk → Lucia/Auth.js (at 5K MAU)
Storage:Uploadthing → S3/CloudFront (at 500GB)
Messaging:Stream Chat → Socket.io/Redis (at 81 MAU)
UI:shadcn-ui + Tailwind + Lucide React

The Abstraction Firewall

Zero-cost vendor migrations

All vendor SDKs are isolated behind service interfaces. Business logic never imports vendor code directly, enabling seamless migrations when hitting cost thresholds without touching application code.

// ❌ VIOLATION - Direct vendor import
import { useAuth } from '@clerk/nextjs'
// ✅ CORRECT - Service interface
import { IAuthService } from '@/lib/services/interfaces'
Sign In

🔒 Access by invitation only

Secure passwordless authentication with Passkeys + Email OTP