Privacy Policy

1. Introduction

Filabl is operated by Viral Apps Labs, LLC ("Filabl," "we," "us," or "our"), a company organized in the United States. We provide a software-as-a-service platform at filabl.com that helps foreign-owned US LLC owners prepare and file IRS Form 5472 and pro forma Form 1120.

This Privacy Policy explains what personal data we collect, how we use and share it, how long we keep it, and what rights you have. It applies to all visitors and users of the Filabl website and service, regardless of where you are located.

By creating an account or using our service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use Filabl.

2. Data We Collect

We collect information that you provide directly, information generated through your use of the service, and limited information collected automatically.

2.1 Account Information

• Full name
• Email address
• Google account identifier (when you sign in via Google OAuth)

2.2 LLC and Owner Information

• LLC name, Employer Identification Number (EIN), and state of formation
• Registered agent name and address
• Owner full legal name, foreign address, country of tax residence, and foreign tax identification number

2.3 Financial Data

• Bank statement PDF files that you upload to the service
• Transaction details (dates, amounts, descriptions) extracted from those bank statements
• AI-generated transaction classifications and summaries

2.4 Tax Filing Data

• Generated IRS Form 5472 and pro forma Form 1120 PDFs
• Fax transmission status and confirmation records

2.5 Payment Information

Payments are processed entirely by Stripe, Inc. We do not receive, store, or have access to your full credit card number, debit card number, or bank account details. Stripe provides us with limited information such as the last four digits of your card, the card brand, the expiration date, and your billing country. Please review Stripe's Privacy Policy for details on how Stripe handles your payment data.

2.6 Automatically Collected Information

• IP address, browser type and version, operating system, and device type
• Pages visited, time spent on pages, and referral URLs
• Cookies and similar technologies (see Section 8 below)

3. How We Use Your Data

We use your information for the following purposes:

• Providing the service: To create your account, generate your IRS forms, classify transactions, and fax completed forms to the IRS on your behalf.
• AI-powered transaction classification:Your bank statement data (transaction descriptions, amounts, and dates) is sent to Google's Gemini AI API for automated classification. This is a core part of our service. See Section 5 for details.
• Payment processing: To charge your subscription fee and manage your billing through Stripe.
• Communications: To send you transactional emails (filing confirmations, fax status updates, account notifications) via Resend.
• Security and fraud prevention: To protect our service and users from unauthorized access, fraud, and abuse.
• Compliance: To comply with applicable laws, legal processes, and regulatory obligations.
• Service improvement: To analyze usage patterns in aggregate to improve the product. We do not sell your personal data or use it for advertising.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following:

• Performance of a contract: Processing your LLC information, financial data, and tax filing data is necessary to provide the filing service you have subscribed to.
• Legitimate interests: We process data as needed for security, fraud prevention, and service improvement, where those interests are not overridden by your data protection rights.
• Legal obligation: We may process data as required to comply with applicable tax, financial, or other regulatory obligations.
• Consent: Where required by law (for example, for certain cookies or marketing communications), we obtain your consent before processing.

5. AI Processing of Financial Data

A core feature of Filabl is the automated classification of bank transactions. When you upload a bank statement, the following happens:

1. Your bank statement PDF is securely stored on Cloudflare R2.
2. Transaction data (descriptions, amounts, dates) is extracted from the PDF.
3. This extracted transaction data is sent to Google's Gemini AI API (provided by Google AI Studio) for classification into IRS-relevant categories.
4. The AI-generated classifications are returned to Filabl and stored in our database.

What this means for your data:Your transaction descriptions, amounts, and dates are transmitted to Google's servers for AI processing. Google's use of this data is governed by the Google AI Studio Terms of Service. Under Google's API terms, data sent through their paid API is not used to train their models. We do not send your name, address, EIN, or other identifying information to Google -- only the transaction data necessary for classification.

You may review and edit all AI-generated classifications before your filing is submitted. Filabl does not make final filing decisions automatically -- you retain full control over the data that appears on your IRS forms.

6. Third-Party Service Providers

We share your data with the following third-party service providers, strictly as needed to operate and deliver the Filabl service:

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We do not share your data with any parties other than those listed above, except as required by law or as described in this policy.

7. International Data Transfers

Filabl serves a global user base. Our primary server infrastructure is located in Germany (Hetzner). However, some of our third-party service providers are based in the United States (Stripe, Telnyx, Google, Resend), which means your data may be transferred to and processed in the United States.

For users in the EEA or UK, these transfers are conducted under appropriate safeguards, including:

• The European Commission's adequacy decisions, where applicable
• Standard Contractual Clauses (SCCs) approved by the European Commission
• The service providers' own data protection certifications and commitments

By using Filabl, you acknowledge that your data will be processed in the jurisdictions where our service providers operate, as described in Section 6.

8. Cookies and Tracking Technologies

Filabl uses the following types of cookies:

Essential Cookies

These are strictly necessary for the service to function. They include session cookies for authentication and CSRF protection tokens. You cannot opt out of essential cookies while using the service.

Analytics

We may use basic, privacy-respecting analytics to understand how users interact with our service in aggregate. We do not use third-party advertising trackers, retargeting pixels, or cross-site tracking technologies.

Most browsers allow you to control cookies through their settings. Blocking essential cookies may prevent you from using parts of the service.

9. Data Retention

We retain your data according to the following schedule:

• Account information: Retained for as long as your account is active. Deleted within 30 days of account deletion, except where retention is required by law.
• LLC and owner information: Retained for as long as your account is active plus 3 years after account deletion or last filing, to support potential IRS inquiries.
• Bank statements and financial data: Retained for the duration of your active subscription. You may delete individual bank statements at any time through the application. Upon account deletion, all bank statement files are deleted within 30 days.
• Generated tax forms: Retained for 7 years after the tax year to which they relate. This aligns with IRS record-keeping recommendations. You may request earlier deletion, but we recommend retaining these records for your protection.
• Fax transmission records: Retained for 7 years as proof of filing.
• Payment records: Retained as required by applicable tax and financial regulations (typically 7 years).

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

10.1 Rights for All Users

• Access: You can request a copy of the personal data we hold about you.
• Correction: You can update or correct inaccurate data through your account settings, or by contacting us.
• Deletion: You can delete your account and request deletion of your personal data. Some data may be retained as described in Section 9.
• Data export: You can download your generated tax forms and transaction data from within the application.

10.2 Additional Rights for EEA/UK Residents (GDPR)

• Restriction of processing: You can ask us to restrict processing of your data in certain circumstances.
• Data portability: You can request your data in a structured, commonly used, machine-readable format.
• Objection: You can object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, you can withdraw it at any time.
• Lodge a complaint: You have the right to lodge a complaint with your local data protection authority.

10.3 Additional Rights for California Residents (CCPA)

• Right to know: You can request details about the categories and specific pieces of personal information we have collected.
• Right to delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
• No sale of personal information: We do not sell your personal information as defined by the CCPA. We do not share your personal information for cross-context behavioral advertising.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
• Files (bank statements, generated PDFs) are stored on Cloudflare R2 with access controls.
• Our database is hosted on infrastructure in Germany with restricted access.
• Authentication is handled through secure OAuth protocols.
• We regularly review and update our security practices.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately.

12. Children's Privacy

Filabl is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us at [email protected] and we will promptly delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, service features, or applicable law. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.
• Notify you by email or through an in-app notification if the changes are significant.

We encourage you to review this page periodically. Your continued use of the service after changes are posted constitutes your acceptance of the updated policy.

14. Data Controller

For the purposes of the GDPR, the data controller responsible for your personal data is:

We do not currently have a Data Protection Officer (DPO). For any privacy-related inquiries or to exercise your rights, please contact us directly at the email address above.

15. Contact Us

If you have any questions about this Privacy Policy, your personal data, or our privacy practices, please contact us:

• Email: [email protected]
• Website: filabl.com

We aim to resolve all privacy-related inquiries within 30 days of receipt.