Privacy Policy

We collect information to provide and improve our Services. The types of information we collect include: Personal Information • Name, email address, phone number, and mailing address • Date of birth (when required for filings) • Payment information (processed securely by Stripe — we do not store full card numbers) Business Formation Information • Business name, entity type, and state of formation • Owner/member names, addresses, and ownership percentages • Social Security Numbers or ITINs (encrypted in transit, used solely for EIN filing, and not stored after filing is complete) • Registered agent details and business addresses • Industry, business purpose, and related formation details Account & Usage Information • Login credentials (passwords are hashed and never stored in plain text) • Designs, projects, and content you create using our tools • Purchase history and order details • Device information, IP address, browser type, and operating system • Pages visited, features used, and interaction patterns • Cookies and similar tracking technologies

We use collected information for the following purposes: • Service Delivery — Processing formation filings, fulfilling orders, managing your account, and providing customer support. • Business Formation — Preparing and submitting documents to state agencies and the IRS on your behalf. • Payment Processing — Charging for services, processing refunds, and preventing fraud. • Communication — Sending order confirmations, filing updates, compliance reminders, and service announcements. • Improvement — Analyzing usage patterns to improve our platform, fix issues, and develop new features. • Legal Compliance — Meeting regulatory requirements, responding to legal requests, and protecting our rights. • Marketing — With your consent, sending promotional materials about new features and services. You may opt out at any time. We do NOT sell your personal information to third parties.

We share your information only in the following circumstances: • State Filing Agencies — Business formation information is submitted to the relevant Secretary of State or equivalent agency as required for filing. • IRS — Social Security Numbers and business information are transmitted to the IRS for EIN filing purposes only. • Payment Processor — Stripe processes all payments. They receive billing information necessary to complete transactions. • Registered Agent Partners — If you elect registered agent service, your business information is shared with our registered agent network. • Shipping Partners — For print-on-demand orders, shipping addresses are shared with fulfillment and delivery carriers. • Legal Requirements — We may disclose information when required by law, court order, or government request. • Business Transfers — In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. • With Your Consent — We may share information in other ways with your explicit permission. We require all third-party service providers to maintain appropriate security measures and to use your information only for the specific purpose for which it was shared.

We implement industry-standard security measures to protect your information: • 256-bit SSL/TLS encryption for all data in transit • Encrypted database storage for sensitive data at rest • Secure, PCI-compliant payment processing through Stripe • Regular security audits and vulnerability assessments • Role-based access controls limiting employee access to data • Automatic session timeouts and secure authentication • SSN/ITIN data is encrypted during transmission and permanently deleted after filing is complete While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

We use cookies and similar technologies for the following purposes: Essential Cookies — Required for the Services to function properly (authentication, session management, shopping cart). Analytics Cookies — Help us understand how users interact with the Services (pages visited, features used, error reports). Preference Cookies — Remember your settings and customizations. You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Services. We do not use third-party advertising cookies or tracking pixels for targeted advertising.

We retain your information for as long as necessary to provide the Services and fulfill the purposes described in this policy: • Account Data — Retained while your account is active and for a reasonable period afterward. • Formation Records — Retained for a minimum of 7 years for legal and compliance purposes. • Payment Records — Retained as required by tax and accounting regulations. • SSN/ITIN Data — Permanently deleted after EIN filing is complete (typically within 48 hours of receiving the EIN). • Usage Data — Aggregated and anonymized data may be retained indefinitely for analytics. • Deleted Accounts — Personal data is deleted or anonymized within 90 days of account deletion, except where retention is required by law.

You have the following rights regarding your personal information: • Access — Request a copy of the personal information we hold about you. • Correction — Request correction of inaccurate or incomplete information. • Deletion — Request deletion of your personal information, subject to legal retention requirements. • Opt-Out — Unsubscribe from marketing communications at any time via the unsubscribe link in emails or by contacting us. • Data Portability — Request your data in a portable, machine-readable format. • Restriction — Request that we restrict processing of your information in certain circumstances. • Objection — Object to processing of your information for certain purposes. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA): • Right to Know — You may request details about the categories and specific pieces of personal information we collect. • Right to Delete — You may request deletion of your personal information, with certain exceptions. • Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights. • Right to Opt-Out of Sale — We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link. To make a CCPA request, email [email protected] or call (272) 772-9793.

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR): • Lawful Basis — We process your data based on consent, contractual necessity, legitimate interests, or legal obligations. • Data Transfers — Your information may be transferred to and processed in the United States. We use appropriate safeguards for international transfers. • Right to Lodge a Complaint — You have the right to file a complaint with your local data protection authority. • Data Protection Officer — For GDPR-related inquiries, contact [email protected].

The Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at [email protected].

The Services may contain links to third-party websites and services that are not owned or controlled by BusyFirm. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

We may update this Privacy Policy from time to time. Material changes will be communicated via email to the address associated with your account or through a prominent notice on our website. Your continued use of the Services after changes are posted constitutes acceptance of the updated policy. We encourage you to periodically review this page for the latest information on our privacy practices.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: BusyFirm LLC Email: [email protected] General Support: [email protected] Phone: (272) 772-9793 Website: https://busyfirm.com/contact For data protection inquiries, we aim to respond within 30 days.