Legal
Privacy Policy
Last updated: February 19, 2026
5472Ninja (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, how we store and protect it, and your rights regarding that data. This policy applies to all users of our website and Service, including users in the European Economic Area (EEA) and the United Kingdom (UK).
1. Data We Collect
We collect the following categories of personal data:
Account Information
Email address and authentication credentials provided during sign-up. We use email-based magic link authentication powered by Supabase Auth.
LLC Information
Legal entity name, EIN, US address, state of formation, foreign owner name, foreign address, country of residence, foreign TIN, and ownership percentage. This data is required to populate IRS Form 5472 and Pro Forma Form 1120.
Bank Transaction Data
Transaction amounts and categories imported via Plaid. We do not store your bank login credentials. Plaid provides a secure, read-only connection to retrieve transaction history. We only store transaction amounts and their categorization (e.g., capital contributions, operating expenses).
Payment Information
Payments are processed by Polar. We do not store credit card numbers or payment method details on our servers. We receive confirmation of payment status and transaction metadata from Polar via webhooks.
Usage & Technical Data
IP address, browser type, device information, and pages visited. This data is collected automatically to maintain and improve the Service.
2. How We Use Your Data
- To generate IRS Form 5472 and Pro Forma Form 1120 documents based on your input.
- To process payments and deliver purchased documents.
- To communicate with you about your account and filings (e.g., transactional emails).
- To improve and maintain the Service, including debugging and security monitoring.
- To comply with legal obligations.
3. Legal Basis for Processing (GDPR)
For users in the EEA and UK, we process your personal data under the following legal bases:
- Contract performance: Processing is necessary to provide the document preparation Service you have requested.
- Legitimate interests: To improve the Service, prevent fraud, and ensure security.
- Legal obligation: To comply with applicable laws and regulations.
- Consent: Where required, such as for marketing communications. You may withdraw consent at any time.
4. Data Storage & Security
Your data is stored in a Supabase-hosted PostgreSQL database with encryption at rest and in transit (TLS). We implement industry-standard security measures including:
- Row-level security (RLS) policies ensuring users can only access their own data.
- Encrypted database connections (SSL/TLS).
- Secure authentication via Supabase Auth with magic link (passwordless) login.
- No storage of raw bank credentials — Plaid handles bank authentication separately.
5. Data Retention & Deletion
We retain your personal data only for as long as necessary to provide the Service and fulfill the purposes described in this policy:
- Filing data (LLC profiles, transactions, generated forms) is retained for up to 7 years after creation to support IRS record-keeping requirements.
- Account data (email, authentication) is retained for the lifetime of your account.
- Payment records are retained as required by applicable financial regulations.
You may request deletion of your account and associated data at any time by contacting us at support@5472ninja.com. Upon receiving a verified deletion request, we will delete or anonymize your personal data within 30 days, except where retention is required by law.
6. Third-Party Services
We share data with the following third-party service providers, each operating under their own privacy policies:
| Provider | Purpose | Data Shared |
|---|---|---|
| Plaid | Bank account connectivity & transaction import | Bank login (handled by Plaid), transaction data |
| Polar | Payment processing | Email, payment amount, filing metadata |
| Supabase | Database hosting & authentication | All account and filing data |
| Vercel | Application hosting & delivery | IP address, request logs, usage analytics |
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data (“right to be forgotten”).
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Data portability: Request a machine-readable copy of your data.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at support@5472ninja.com. We will respond within 30 days.
8. Cookies
We use essential cookies required for authentication and session management. We do not use advertising or tracking cookies. Third-party services (e.g., Vercel) may set their own cookies as described in their respective privacy policies.
9. International Data Transfers
Your data may be transferred to and processed in the United States. If you are located in the EEA or UK, we ensure that appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) as approved by the European Commission.
10. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last updated” date above. Your continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact
For privacy-related inquiries, data access requests, or complaints, contact us at support@5472ninja.com.
If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.