firmflow. Documentation¶
firmflow. is a production-grade, self-hosted document management and tax compliance platform built for Nigerian accounting and professional services firms. All client data stays on your hardware — always.
Platform at a Glance¶
- 4-step Nigerian client onboarding (CAC, TIN, SCUML, ICAN engagement letter)
- Tax prep pipeline with Kanban for all 9 Nigerian tax types
- FIRS/LIRS statutory deadline tracking with overdue alerts
- SmartRequestAI™ — 14 AI flows on Gemini 2.5 Flash
- ICAN-compliant engagement letter templates with e-signature workflow
- Single Docker container or Kubernetes Helm chart deployment
- Automated installation wizard (
setup-wizard.sh) — one command setup - PostgreSQL with AES-256-GCM encrypted storage (Local / NAS / S3)
- LDAP/Active Directory SSO integration
- Full audit log with cryptographic SHA-256 chain integrity
- Firm-wide compliance health dashboard
- Revenue and billing tracking in NGN (Paystack)
- Staff utilization via tax prep job assignment
- Enterprise node-locked licensing with hardware ID binding
- Role-based access control (5 roles: SUPER_ADMIN → CLIENT)
- NDPR-compliant Data Subject Access Request (DSAR) export tool
- Automated 7-year data retention and purge policy
- AI Privacy Gateway — scrubs Nigerian PII (BVN, TIN, phone) before cloud calls
- Cryptographically chained, tamper-evident audit logs
- SLA and Perpetual License Agreements included
Key Capabilities¶
100% On-Premise Data Sovereignty
firmflow. runs entirely on your own hardware. No client data ever leaves your network. The only optional outbound connection is a secure, outbound-only TLS 1.3 bridge for AI processing — with pre-flight PII scrubbing.
SmartRequestAI™ Hybrid Engine
14 AI flows powered by Google Gemini 2.5 Flash — document analysis, tax computation, compliance automation, and client risk scoring — all while keeping source documents on your server.
Nigerian Market Native
Built from the ground up for Nigerian accounting practice: FIRS CIT/VAT/WHT, LIRS PAYE, SCUML AML screening, CAC verification, Paystack NGN payments, and ICAN-compliant engagement letter templates.
NDPR Compliant
Implements the Nigerian Data Protection Act (NDPA 2023): automated DSAR exports, data retention enforcement, field-level encryption, and a formal compliance audit report.
License Required
Production use requires a valid firmflow. license key. See Billing & Licensing for edition details and hardware node-locking.
Version 1.2.0 — What's New¶
| Phase | Feature | Status |
|---|---|---|
| Phase 2 | Field-Level Encryption for MFA secrets | ✅ |
| Phase 2 | DSAR Export API & AI Privacy Gateway | ✅ |
| Phase 2 | NDPA Data Retention Service (7-year) | ✅ |
| Phase 2 | Kubernetes NetworkPolicy (egress hardening) | ✅ |
| Phase 3 | Implementation & Migration Playbook | ✅ |
| Phase 3 | S&M Support Portal & Version Check | ✅ |
| Phase 4 | WAF-Hardened Ingress (ModSecurity / OWASP) | ✅ |
| Phase 4 | Mobile scanner with client-side PDF conversion | ✅ |
| Phase 5 | One-command setup wizard | ✅ |
| Phase 5 | Vendor License Manager UI | ✅ |
| Phase 5 | SLA & Legal Framework document | ✅ |
| Phase 5 | Performance benchmarking report | ✅ |
See the full Changelog for detailed release notes.
Documentation Map¶
| Section | Audience | Description |
|---|---|---|
| Platform Overview | Everyone | Core vision, modules, and security architecture |
| Installation Guide | IT Admin | Step-by-step setup with automated wizard |
| Implementation Playbook | IT / PM | Firm IT migration procedures and data ingestion |
| Technical Manual | Admin | Backup, recovery, scaling, and troubleshooting |
| Technical Architecture | Engineering | Full 890-line system architecture reference |
| NDPR Audit Report | Legal / CISO | Compliance posture for Nigerian Data Protection Act |
| SLA & License | Legal | Perpetual License Agreement and S&M framework |
| Security & Audit | Security | Cryptographic audit chains and FLE details |
| Performance Report | IT Admin | Artillery benchmarking — 50+ concurrent users |
| LDAP & AD Integration | IT Admin | Active Directory SSO binding |
| Backup & Recovery | IT Admin | pg_dump procedures and DR playbook |
| Super Admin Guide | Super Admin | Multi-firm management and license issuance |
| Billing & Licensing | Admin / Finance | Paystack NGN billing and edition feature gates |
| Changelog | All | Full release history |
| Roadmap | Product / Engineering | Future phases 6–10 |
Quick Links¶
- Support: support@firmflow.co (Toraa Global Ltd.)
- Sales & Licensing: sales@firmflow.co
- Version: v1.2.0 (February 2026)
- Tag:
v1.2.0(released on GitHub)