Why Won't You Confirm My Account or Send My Records Over Email or Phone?

The firm will not confirm or deny whether any named individual is a client over email or phone, and it will not discuss account details or release records through those channels. Both a confirmation and a denial disclose protected information to a person whose identity cannot be verified. Email addresses and phone numbers can be impersonated, and a caller's voice or a sender's name is not proof of identity. Because of this, the firm applies the same rule to every request, regardless of how legitimate it sounds. All account discussion and all records, including copies of tax returns, are available only through the secure client portal.

The Firm Neither Confirms Nor Denies Client Relationships Over Email or Phone

If you have contacted this firm by phone or email to ask about your account, request records, or simply confirm that you are a client here, you may have been told that we cannot help you through that channel. That answer can feel like a refusal to help, and we understand why it is frustrating. This article explains the reasoning behind that response so you can understand what the policy is, why it exists, and where to go instead.

The firm's position is straightforward: we will not confirm or deny whether any named individual is a client of this firm over email or phone, and we will not discuss account details or release records through those channels. This applies to every request, from every person, without exception.

The reason is not distrust of any particular caller or sender. The reason is that email and phone do not give the firm any reliable way to verify who is actually on the other end of the conversation. Because we cannot verify identity through those channels, we cannot safely answer even a simple yes-or-no question about whether someone is a client here. The sections that follow explain why both a confirmation and a denial create a problem, why the channels themselves are the issue, and how you can access everything you need through the secure client portal.

Why Both a Confirmation and a Denial Disclose Protected Information

The most common reaction to this policy is some version of: "I am not asking for anything sensitive, I just want to know if you have my file." That framing feels reasonable, but it rests on an assumption that does not hold up under examination. The question of whether a named person is a client of this firm is itself protected information, and both possible answers to that question reveal something about that person to whoever is asking.

Consider what each answer actually communicates:

A confirmation tells the caller or sender that the named individual uses this firm for their financial and tax work. That is a fact about the person's professional relationships and, by extension, their financial life. It is not public information, and the named individual never authorized us to share it with an unverified contact.
A denial tells the caller or sender that the named individual is not a client here. That answer also discloses something: it rules out this firm and, depending on the context, may narrow down where the person's records actually are. A denial is not a neutral non-answer. It is information.

Because both answers carry real informational weight, the firm treats the question itself as protected. There is no version of a yes-or-no response that is safe to give to a person whose identity we cannot verify.

This matters most in the scenarios where it is hardest to see the risk. A caller who already knows the client's name, address, and general financial situation can sound entirely credible. The information they already hold does not make them the person they claim to be, and it does not give the firm a basis to confirm or deny anything. The more convincing a request sounds, the more important it is to apply the rule consistently, because a well-constructed request is exactly the kind of request the policy is designed to address.

Why Email and Phone Are Not Verifiable Channels

The previous section explained why both a confirmation and a denial carry informational weight. This section explains why email and phone are the specific channels the firm will not use for any of that communication, regardless of how a request is framed or how much identifying detail a caller or sender provides.

The core problem is that neither channel gives the firm any reliable way to verify who is actually on the other end. A phone number can be spoofed to display as a number the firm recognizes. An email address can be impersonated precisely, down to the display name and domain. A caller's voice is not a credential. A sender's name in an email header is not a credential. None of these things constitute proof of identity, and the firm has no mechanism through either channel to establish that proof before a conversation begins.

This is not a theoretical concern. The techniques used to impersonate individuals over phone and email are widely available and do not require technical sophistication. Someone attempting to obtain information about another person's account does not need to break into a system. They only need to place a call or send a message that sounds credible enough to prompt a response. The channel itself is the vulnerability, and the firm's policy addresses it at that level rather than trying to assess each request individually.

Providing identifying details does not resolve the problem. A caller who supplies a name, a mailing address, and the last four digits of a Social Security number has demonstrated that they possess that information. It does not demonstrate that they are the person those details belong to. That information may have been obtained from a data breach, a discarded document, or any number of other sources. Possession of facts about a person is not the same as being that person, and the firm does not treat it as such.

The secure client portal exists precisely because it operates on a different model. Access to the portal is tied to credentials that were established through a process the firm controls, and the portal's session environment is not subject to the same impersonation risks that affect open communication channels. That is why all account discussion and all records are available there, and only there.

Why the Rule Applies to Every Request, Without Exception

The previous sections established two things: that both a confirmation and a denial carry real informational weight, and that email and phone do not give the firm any reliable way to verify who is actually asking. This section addresses the natural follow-up question, which is why the firm applies the same rule even when a request sounds completely legitimate.

The short answer is that the rule has to apply uniformly to be meaningful at all. A policy that bends when a request is sufficiently convincing is not a policy; it is a judgment call made under conditions specifically designed to produce the wrong outcome. The requests most likely to be fraudulent are also the requests most likely to be carefully constructed to sound credible. Applying the rule only to requests that seem suspicious would protect against the least sophisticated attempts while leaving the firm open to the ones that actually pose a risk.

This is not a hypothetical concern about edge cases. It reflects how social engineering works in practice. A person attempting to obtain information about someone else's account will not announce that intention. They will provide whatever details they have, adopt a tone of reasonable frustration, and frame the request in a way that makes refusal seem unreasonable. The firm's response to that framing has to be the same as its response to every other request, because the firm has no way to distinguish a well-prepared fraudulent request from a genuine one over an unverifiable channel.

Consistency is also what makes the policy fair to legitimate clients. If the firm exercised discretion about when to apply the rule, clients whose requests happened to sound less polished or less detailed might be held to a stricter standard than clients whose requests happened to sound more authoritative. Applying the rule to everyone, without variation, means no individual is singled out and no request receives special treatment based on how it is presented.

It is worth stating plainly what this means in practice: if you are a client of this firm, you will receive the same response to a phone or email request that anyone else would receive. That response is not a reflection of how the firm views you or your account. It is the only response the firm can give through a channel where identity cannot be verified, and it applies regardless of how long you have been a client, how much information you provide, or how urgent your situation is.

How to Access Your Records and Account Information

Everything the firm cannot discuss over email or phone is available through the secure client portal. That includes copies of tax returns, account details, and any other records the firm holds on your behalf. The portal is the only channel through which the firm will discuss account matters or release documents, and that will not change based on the nature of a request or the urgency of a situation.

If you are already able to log in, your documents and account information are available there now. No call or email to the firm is necessary to retrieve them.

If you cannot log in, use the portal's built-in account recovery option. Do not contact the firm by phone or email to work around a login problem, because the firm will not be able to assist with account access through those channels either. The account recovery process within the portal is the correct path, and it is the only path the firm supports for that purpose.

Frequently Asked Questions

The questions below come up often when clients first encounter this policy. Each one is answered in the same terms as the rest of this article.

But I am your client. Why won't you just help me?

The firm understands that this is frustrating, particularly when you know who you are and your request is entirely legitimate. The difficulty is that the firm has no way to verify that over email or phone. A caller's voice, a sender's name, and a set of identifying details are not proof of identity through those channels, and the firm cannot make an exception based on how confident or credible a request sounds. The rule applies to every person, including long-standing clients with straightforward requests. Logging into the secure client portal is the step that resolves this, because access there is tied to credentials established through a process the firm controls.

Can't you at least tell me if I have the wrong firm?

No. A denial carries the same informational weight as a confirmation. Telling a caller or sender that a named individual is not a client here discloses a fact about that person's professional relationships, specifically that this firm is not among them. That is still protected information, and it still goes to a person whose identity the firm cannot verify. The firm's position is the same regardless of which direction the answer would go.

How do I get a copy of my tax return?

Through the secure client portal only. Tax returns and all other documents the firm holds on your behalf are available there. The firm will not transmit copies by email or discuss return details by phone.

I can't log into the portal. What do I do?

Use the portal's built-in account recovery option. The firm does not handle portal access issues over email or phone, so contacting the firm directly will not resolve a login problem. The recovery process is available within the portal itself and is the correct starting point.

This Policy Is Uniform and Is Not a Judgment of Any Individual

Every point in this article leads to the same place: the firm applies one rule, through every channel, to every request, without variation. That is not a bureaucratic posture. It is the only arrangement that makes the rule meaningful. A policy with exceptions is not a policy; it is a series of judgment calls made under conditions where the firm cannot reliably judge anything.

If you contacted the firm by phone or email and received a response that did not confirm or deny anything, that response was not a signal about your account, your standing, or the firm's view of you as a client. It was the same response anyone else would have received. A long-standing client with a routine request receives it. A new client with an urgent situation receives it. A person who provides every piece of identifying information they have receives it. The rule does not bend based on any of those factors, because the channel, not the requester, is what the rule addresses.

This also means the policy is not directed at any particular person. The firm does not apply it more strictly to some clients than to others, and it does not relax it for clients who seem more credible or more familiar. Uniform application is what makes the policy fair, and fairness here means no individual is treated as more or less trustworthy based on how their request sounds over an unverifiable channel.

The secure client portal is where that changes. Once you are logged in, the firm knows who you are, and everything that cannot happen over email or phone can happen there. That is the intended path, and it is available to every client.

If you have questions about this policy that are not addressed here, the appropriate place to raise them is inside the portal, where the firm can respond to you as a verified account holder.

client responsibilities client-records Current Clients data-protection firm-policy fraud-prevention identity-verification Internal Policies portal-access security