Security, compliance, and privacy. In one place.
Everything a security or procurement team asks before approving a vendor. Reports, attestations, and the documents to download.
Certifications and attestations
- SOC 2 Type II - Audited annually by an independent firm. Report available under NDA on request.
- ISO 27001 - In progress. Target completion Q4 2026.
- BBB A+ - Better Business Bureau rating since launch.
- FinCEN Compliance - BOI report filings handled correctly for 220,000+ entities.
Privacy and data protection
- GDPR (EU) - Full GDPR posture. Data subject rights honored under 30 days.
- CCPA (California) - Full CCPA posture. Verifiable consumer requests honored.
- DPA (Data Processing Addendum) - Standard DPA for business customers requiring one.
- Subprocessors - Current list of vetted subprocessors maintained.
Encryption and key management
At rest: AES-256 envelope encryption with keys managed by AWS KMS. Per-tenant key isolation on Scale and Enterprise plans.
In transit: TLS 1.3 with strong ciphers. HSTS enforced. Forward secrecy on all production endpoints.
Backups: Encrypted with separate keys. Multi-region replication for disaster recovery.
Access control and audit
- Role-based access with least-privilege defaults across the platform.
- Audit trail on every document access, download, and edit. Immutable log.
- SSO via SAML 2.0 (Okta, Azure AD, Google Workspace) on Scale plans.
- 2FA mandatory for admin and finance roles.
Incident response
24x7 on-call rotation. Incidents detected by monitoring or reported via [email protected]. Customer notification within 72 hours for any incident affecting customer data, sooner where required by law.
Penetration testing and vulnerability management
- External pentest annually by an independent firm. Summary report available under NDA.
- Continuous vulnerability scanning of production infrastructure.
- Public security disclosure program: report security issues to [email protected]. We acknowledge within 24 hours.
Business continuity
Multi-region deployment with automated failover. RTO 4 hours, RPO 15 minutes for critical services. Backups tested quarterly.
Requesting documentation
Security teams, procurement, and counsel requesting the SOC 2 report, pentest summary, or DPA: email [email protected] with your organization name and use case. We respond within 1 business day.
How we deliver, end-to-end.
Four-step path from request to confirmation. State and IRS turnaround varies; our steps run in parallel where possible to compress the timeline.
Intake + scope
You tell us what you need through a short intake form (or a call for complex matters). We confirm scope, surface any gating issues (deadlines, missing documents, entity status), and quote any state fees that pass through at cost.
Prepare + verify
Our specialists draft the filing, verify entity details against state databases, run internal QA, and route any items needing your sign-off. You see drafts before anything gets submitted.
File with the authority
We submit directly to the state Secretary of State, FinCEN, IRS, USPTO, or whichever authority your filing requires. We pay state fees at cost and track the submission identifier in your account.
Confirmation + vault
Stamped certificate, IRS notice, or filing receipt arrives in your SOC 2 encrypted document vault the moment we receive it. Next filing deadline auto-added to your compliance calendar where applicable.
Built on the same infrastructure used by 220,000+ businesses.
SOC 2 Type II audited
Independent annual security audit covering access control, change management, incident response, and data handling. Current report on request.
All 51 US jurisdictions
Every state plus DC plus Puerto Rico - direct filings, not third-party reseller. We hold registered-agent qualifications in every state we operate.
Deadline guarantee
If we miss a filing deadline on a service you pay us to manage, we pay the state penalty. Specific to each plan and the filings it includes.
4.9 from 8,200+ verified reviews
Independently verified by Trustpilot + Google + our own NPS infrastructure. Customer success team within reach by email, chat, or phone.
60-day money-back promise
Change your mind in the first 60 days and we refund our service fee in full. State filing fees pass through at cost and are non-refundable once paid to the state.
E&O insured
Errors and omissions coverage protects you from service errors. Carrier and certificate available on request for enterprise clients.