Privacy Policy
Last Updated: March 19, 2026
The short version: We collect only what we need to file your documents. Your data is encrypted. We never sell it. You can request deletion at any time.
1. Who We Are
SOSFiler ("Company," "we," "us," or "our") is a document preparation and business formation filing service. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services.
2. Information We Collect
2.1 Information You Provide
| Data Type | Purpose | Retention |
|---|
| Full legal name | Formation documents, Operating Agreement | Duration of account |
| Email address | Account, order updates, compliance reminders | Duration of account |
| Mailing address | Formation documents, Registered Agent service | Duration of account |
| Social Security Number (SSN) or ITIN | EIN application with the IRS (required by IRS) | Deleted within 90 days of EIN receipt |
| Business information | Formation documents, filings | Duration of account |
| Payment information | Process payment via Stripe | We do NOT store card numbers |
2.2 Information Collected Automatically
We collect minimal technical data to keep our service running:
- IP address: For security and fraud prevention
- Browser type and device: For compatibility and debugging
- Pages visited: Basic analytics to improve our service
We do not use third-party tracking cookies, advertising pixels, or behavioral tracking tools.
3. How We Use Your Information
We use your personal information solely for the following purposes:
- Filing formation documents with state authorities
- Applying for your EIN with the IRS
- Generating your legal documents (Operating Agreement, Resolutions, etc.)
- Providing Registered Agent services
- Sending order updates and compliance reminders via email
- Processing payments through Stripe
- Responding to your support inquiries
We do not use your information for marketing to third parties, and we do not build behavioral profiles.
4. How We Protect Your Information
4.1 Encryption
- In transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
- At rest: Sensitive data (SSN/ITIN) is encrypted using AES-256 encryption
- Database: Our database is encrypted at rest with access controls limiting visibility to authorized processes only
4.2 Access Controls
- SSN/ITIN data is accessible only to the automated EIN filing process and authorized personnel who handle manual IRS filings
- Employee access to personal data is role-based and logged
- We use unique access tokens (not passwords) for dashboard access โ no account credentials to steal
4.3 Payment Security
All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. We never see, store, or have access to your full credit card number.
5. Who We Share Your Information With
We share your information only when necessary to provide our services:
| Recipient | Data Shared | Purpose |
|---|
| State Secretary of State | Formation documents (name, address, entity details) | Filing your business entity |
| IRS | SSN/ITIN, business details | EIN application |
| Stripe | Payment information | Payment processing |
| SendGrid | Email address | Transactional email delivery |
We never sell, rent, trade, or share your personal information with third parties for their marketing purposes. This is a core principle โ not a legal formality.
6. Data Retention and Deletion
6.1 Retention Periods
- SSN/ITIN: Encrypted upon receipt. Permanently deleted within 90 days of successful EIN issuance.
- Formation documents: Retained in your Document Vault for as long as your account is active.
- Email address and contact info: Retained for as long as you have an active order or service with us.
- Payment records: Transaction records retained for 7 years as required by financial regulations.
6.2 Your Right to Deletion
You may request deletion of your personal data at any time by emailing Contact with the subject line "Data Deletion Request." We will:
- Acknowledge your request within 48 hours
- Complete deletion within 30 days
- Confirm deletion in writing
- Retain only what is required by law (e.g., financial transaction records)
7. Your Rights (Including CCPA)
If you are a California resident or reside in a state with similar privacy laws, you have the following rights:
- Right to Know: Request a copy of the personal information we have collected about you
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out of Sale: We do not sell personal information, but you may submit a request to confirm this at any time
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
- Right to Correct: Request correction of inaccurate personal information
To exercise any of these rights, email Contact. We will verify your identity before processing any request.
8. Cookies
We use minimal cookies:
- Local storage: Used to save your form progress in the wizard (stays on your device, never sent to our servers)
- Session cookies: Essential for the website to function
We do not use:
- Third-party advertising cookies
- Social media tracking pixels
- Behavioral analytics cookies
- Cross-site tracking of any kind
9. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date and, for material changes, notify you by email. Your continued use of our services after changes take effect constitutes acceptance of the updated policy.
11. Contact Us
For privacy-related inquiries, data requests, or concerns:
- Email: Contact
- Subject line: "Privacy Inquiry" or "Data Request"
- Response time: Within 48 hours