2025 BOI rule update US entities are now exempt. Check if you still need to file →
Home/Trust Center
SOC 2 Type II Certified
Trust Center · File.Business

Security, compliance, and privacy. In one place.

Everything a security or procurement team asks before approving a vendor. Reports, attestations, and the documents to download.

SOC 2 Type IIAudited annually
AES-256 at restTLS 1.3 in transit
GDPR + CCPAData rights respected

Certifications and attestations

  • SOC 2 Type II - Audited annually by an independent firm. Report available under NDA on request.
  • ISO 27001 - In progress. Target completion Q4 2026.
  • BBB A+ - Better Business Bureau rating since launch.
  • FinCEN Compliance - BOI report filings handled correctly for 220,000+ entities.

Privacy and data protection

  • GDPR (EU) - Full GDPR posture. Data subject rights honored under 30 days.
  • CCPA (California) - Full CCPA posture. Verifiable consumer requests honored.
  • DPA (Data Processing Addendum) - Standard DPA for business customers requiring one.
  • Subprocessors - Current list of vetted subprocessors maintained.

Encryption and key management

At rest: AES-256 envelope encryption with keys managed by AWS KMS. Per-tenant key isolation on Scale and Enterprise plans.

In transit: TLS 1.3 with strong ciphers. HSTS enforced. Forward secrecy on all production endpoints.

Backups: Encrypted with separate keys. Multi-region replication for disaster recovery.

Access control and audit

  • Role-based access with least-privilege defaults across the platform.
  • Audit trail on every document access, download, and edit. Immutable log.
  • SSO via SAML 2.0 (Okta, Azure AD, Google Workspace) on Scale plans.
  • 2FA mandatory for admin and finance roles.

Incident response

24x7 on-call rotation. Incidents detected by monitoring or reported via [email protected]. Customer notification within 72 hours for any incident affecting customer data, sooner where required by law.

Penetration testing and vulnerability management

  • External pentest annually by an independent firm. Summary report available under NDA.
  • Continuous vulnerability scanning of production infrastructure.
  • Public security disclosure program: report security issues to [email protected]. We acknowledge within 24 hours.

Business continuity

Multi-region deployment with automated failover. RTO 4 hours, RPO 15 minutes for critical services. Backups tested quarterly.

Requesting documentation

Security teams, procurement, and counsel requesting the SOC 2 report, pentest summary, or DPA: email [email protected] with your organization name and use case. We respond within 1 business day.

Form your business for $0Start →
How it works

How we deliver, end-to-end.

Four-step path from request to confirmation. State and IRS turnaround varies; our steps run in parallel where possible to compress the timeline.

1

Intake + scope

You tell us what you need through a short intake form (or a call for complex matters). We confirm scope, surface any gating issues (deadlines, missing documents, entity status), and quote any state fees that pass through at cost.

2

Prepare + verify

Our specialists draft the filing, verify entity details against state databases, run internal QA, and route any items needing your sign-off. You see drafts before anything gets submitted.

3

File with the authority

We submit directly to the state Secretary of State, FinCEN, IRS, USPTO, or whichever authority your filing requires. We pay state fees at cost and track the submission identifier in your account.

4

Confirmation + vault

Stamped certificate, IRS notice, or filing receipt arrives in your SOC 2 encrypted document vault the moment we receive it. Next filing deadline auto-added to your compliance calendar where applicable.

Why File.Business

Built on the same infrastructure used by 220,000+ businesses.

SOC 2 Type II audited

Independent annual security audit covering access control, change management, incident response, and data handling. Current report on request.

All 51 US jurisdictions

Every state plus DC plus Puerto Rico - direct filings, not third-party reseller. We hold registered-agent qualifications in every state we operate.

Deadline guarantee

If we miss a filing deadline on a service you pay us to manage, we pay the state penalty. Specific to each plan and the filings it includes.

4.9 from 8,200+ verified reviews

Independently verified by Trustpilot + Google + our own NPS infrastructure. Customer success team within reach by email, chat, or phone.

60-day money-back promise

Change your mind in the first 60 days and we refund our service fee in full. State filing fees pass through at cost and are non-refundable once paid to the state.

E&O insured

Errors and omissions coverage protects you from service errors. Carrier and certificate available on request for enterprise clients.

SOC 2 Type II audited
220,000+ businesses. 60-day money-back. State fees passed through at cost.
Your operating system, not a transaction
Every deadline auto-tracked across your entities. Compliance Score visible year-round.
Transparent pricing
No hidden fees. No upsells at checkout. State fees disclosed upfront.

Start your business in the next 5 minutes.

No state-fee markup. Pay only the state fee. 60-day money-back guarantee.

No state-fee markup 60-day money-back Cancel anytime