5472Form5472 Prep

Privacy Policy

Last updated: 2026-05-20

1. Who we are

form5472 is the data controller for personal information you submit through the Service. We are based in the United States and process data on servers located in the U.S. and the European Union.

2. What we collect and what we discard

We are deliberately minimal about what we store. The following are retained:

  • Account data: your email address, used for sign-in and notifications.
  • Entity data: the legal name, EIN, address, and formation date of your LLC. We retain this so next year's filing is one click.
  • Identity data: your full name, residential address, country of citizenship and tax residence, foreign tax ID (FTIN), and optionally a U.S. ITIN or reference identifier.
  • Transaction totals: the aggregated contribution and distribution amounts per tax year. Not individual transactions.
  • Fax transmission receipts: the proof-of-filing confirmation we receive from our fax provider after the package reaches the IRS.
  • Payment metadata: handled entirely by our payment processor, Stripe. We never see or store your card information.

The following are processed and discarded, never written to permanent storage beyond what is operationally necessary to deliver your filing:

  • Bank statements: uploaded CSV/PDF files are parsed in memory to extract transaction totals, then deleted. The raw statement is not retained.
  • Individual transaction rows: used to compute totals and to display the categorization review screen, then discarded once you confirm the totals.
  • Signed PDFs you upload: held only long enough to fax to the IRS and return the fax confirmation to you, then deleted within 72 hours.
  • Generated unsigned PDFs: regenerated on demand from your retained entity / owner / totals data; not stored persistently after you download them.

3. Bank account connections via Plaid

If you choose to connect your business bank account to import transactions automatically, we use Plaid Inc. as our financial data provider. Plaid handles the authentication directly with your financial institution — we never see, store, or have access to your online banking credentials.

What Plaid sends us: when you authorize a Plaid connection, Plaid returns transaction history for the tax year(s) you are filing (date, amount, description, counterparty, and the institution name), along with a non-public account identifier and an access token scoped to your account.

How we use it: solely to categorize transactions as contributions or distributions and pre-fill the reportable transactions section of your IRS Form 5472. Plaid-sourced data is never used for advertising, profiling, sold, or shared with any third party other than as needed to complete your filing.

Your control: you can revoke the Plaid connection at any time from your dashboard or by emailing support@form5472prep.com. Revoking access invalidates our access token and stops any future data access. You may also request deletion of the imported transaction data at any time; we will delete it within 30 days of the request (and immediately purge the access token).

Plaid's own privacy practices: Plaid's use of your data is governed by Plaid's End User Privacy Policy. Plaid is a SOC 2 Type II and ISO 27001 certified data provider.

4. Why we collect it

We collect this information solely to prepare and transmit your IRS filings, to provide you with copies and proof of those filings, and to comply with our own legal obligations.

5. How we share it

We share data only with:

  • The IRS: the completed, signed filing is transmitted to the IRS Ogden Service Center.
  • Service providers acting on our behalf: Vercel (application hosting), our managed PostgreSQL database provider, Cloudflare R2 (encrypted file storage), Plaid (bank account connectivity — see Section 3), Google (optional sign-in via Google OAuth), Stripe (payment processing), and Resend (transactional email). Each is contractually bound to use your data only to provide their service to us, and each maintains SOC 2 Type II or equivalent independent attestation.

We do not sell your personal information. We do not share your data with advertisers or analytics platforms beyond privacy-preserving aggregate usage metrics.

6. Where we store it

Personal data is stored on encrypted servers operated by our infrastructure providers (Vercel-hosted application, managed PostgreSQL database, Cloudflare R2 for file storage). All data at rest is encrypted (AES-256). All connections to our service and between our service and its sub-processors are encrypted in transit (TLS 1.2 or higher).

7. How long we keep it

We retain your fax confirmation receipts and aggregated filing totals for seven (7) years from the filing date, matching the IRS records retention period — so that you always have access to your proof of filing. Bank statements and signed PDFs are deleted within 72 hours of fax confirmation; we do not keep copies. See our Data Retention Policy for the full schedule.

You can request earlier deletion of any retained data at any time. Some account-level records (email address, payment history) are retained for the period required by applicable tax and accounting law (typically up to seven years).

8. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal information; to object to or restrict processing; and to lodge a complaint with your local data protection authority. To exercise any of these rights, contact us at support@form5472prep.com. We respond within 30 days.

EU/UK residents (GDPR)

Our legal basis for processing your data is the performance of our contract with you (Art. 6(1)(b) GDPR) and, for retention periods beyond contract performance, compliance with legal obligations (Art. 6(1)(c) GDPR).

California residents (CCPA)

We do not sell personal information as defined by the CCPA, and we have not done so in the preceding 12 months.

9. Security

We use industry-standard administrative, technical, and physical safeguards. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but we work to protect your data using best practices.

10. Children

The Service is not directed to children under 16. We do not knowingly collect data from anyone under 16.

11. Changes

We may update this policy. Material changes will be communicated by email and via a notice on this page. The "Last updated" date at the top of this page always reflects the current version.

12. Contact

Privacy questions or requests: support@form5472prep.com.