2025 BOI rule update US entities are now exempt. Check if you still need to file →
Start filing →
Home/Trust Center
SOC 2 Type II Certified
Trust Center · File.Business

Security, compliance, and privacy. In one place.

Everything a security or procurement team asks before approving a vendor. Reports, attestations, and the documents to download.

$0
Free
formation service
51
Jurisdictions
filed in-house
220K+
Businesses
formed since launch
4.9★
Rating
8,200+ verified reviews
SOC 2 Type II · 2025 report 4.9 · 8,200+ reviews E&O Insured · carrier on request 51 Jurisdictions 220,000+ Formed
See disclosures + carrier names →
SOC 2 Type IIAudited annually
AES-256 at restTLS 1.3 in transit
GDPR + CCPAData rights respected

Certifications and attestations

  • SOC 2 Type II - Audited annually by an independent firm. Report available under NDA on request.
  • ISO 27001 - In progress. Target completion Q4 2026.
  • BBB A+ - Better Business Bureau rating since launch.
  • FinCEN Compliance - BOI report filings handled correctly for 220,000+ entities.

Privacy and data protection

  • GDPR (EU) - Full GDPR posture. Data subject rights honored under 30 days.
  • CCPA (California) - Full CCPA posture. Verifiable consumer requests honored.
  • DPA (Data Processing Addendum) - Standard DPA for business customers requiring one.
  • Subprocessors - Current list of vetted subprocessors maintained.

Encryption and key management

At rest: AES-256 envelope encryption with keys managed by AWS KMS. Per-tenant key isolation on Scale and Enterprise plans.

In transit: TLS 1.3 with strong ciphers. HSTS enforced. Forward secrecy on all production endpoints.

Backups: Encrypted with separate keys. Multi-region replication for disaster recovery.

Access control and audit

  • Role-based access with least-privilege defaults across the platform.
  • Audit trail on every document access, download, and edit. Immutable log.
  • SSO via SAML 2.0 (Okta, Azure AD, Google Workspace) on Scale plans.
  • 2FA mandatory for admin and finance roles.

Incident response

24x7 on-call rotation. Incidents detected by monitoring or reported via security@file.business. Customer notification within 72 hours for any incident affecting customer data, sooner where required by law.

Penetration testing and vulnerability management

  • External pentest annually by an independent firm. Summary report available under NDA.
  • Continuous vulnerability scanning of production infrastructure.
  • Public security disclosure program: report security issues to security@file.business. We acknowledge within 24 hours.

Business continuity

Multi-region deployment with automated failover. RTO 4 hours, RPO 15 minutes for critical services. Backups tested quarterly.

Requesting documentation

Security teams, procurement, and counsel requesting the SOC 2 report, pentest summary, or DPA: email security@file.business with your organization name and use case. We respond within 1 business day.

$129/yr Compliance Annual Filings · penalty-free

On the $129/yr Compliance Annual Filings plan, we cover state late fees.

When you autofile your annual report through the $129/yr plan and we miss the deadline, we pay the state's late fee. The guarantee applies to that specific plan and the filings it includes. Other File.Business services are billed at the prices on this page.

See compliance plans →
Form your business for $0Start →
File.Business is a private business filing and compliance service. We are not a government agency and are not affiliated with any Secretary of State office. You may file directly with the appropriate state agency. SOC 2 Type II audited. 220,000+ businesses formed since 2017.