Sign In Get Started

Privacy Policy

Effective Date: March 29, 2026  ·  Last updated: March 29, 2026

1. Introduction

Welcome to FilingFrog ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our service.

FilingFrog is operated from the United States. By using the Service, you acknowledge that your information will be processed in the United States.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Display name (optional, if provided)
  • Password (stored using bcrypt hashing — we never store your plain-text password)
  • Account creation date and email verification status

2.2 Usage Data

We automatically collect certain information when you use our service:

  • IP address (truncated — only the first three segments are retained, e.g. 192.168.1.x)
  • Browser type and version
  • Pages visited and features used
  • Time and date of visits
  • Search queries within our platform

2.3 Usage Analytics

We collect server-side records of how you use the service, including pages visited, features used (such as searches, comparisons, and screener queries), and the type of content accessed. We do not record your full IP address — only the first three segments are retained and only to detect automated abuse. No analytics cookies or third-party tracking pixels are used for this purpose. All analytics are processed on our own infrastructure and are never shared with third parties.

2.4 Preference Data

We store your account preferences, including display theme (light/dark mode), email notification settings, and watchlist configurations, to provide a consistent experience across sessions.

2.5 Payment and Billing Data

When you subscribe to a paid plan, payment processing is handled by Stripe, Inc., a PCI-DSS-compliant payment processor. FilingFrog does not receive or store your full credit card number, CVV code, or complete payment instrument details. We retain only limited billing metadata: subscription status, plan type, billing period, renewal date, and the last four digits of your card as provided by Stripe. Stripe's handling of your payment data is governed by the Stripe Privacy Policy.

2.6 Cookies

We use essential cookies to maintain your session and remember your login state. We do not use third-party tracking cookies, advertising cookies, or behavioral profiling cookies of any kind. Disabling cookies will prevent you from logging in.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your account and maintain session security
  • Enforce subscription tier limits and deliver features appropriate to your plan
  • Send transactional emails (account verification, password reset, subscription receipts)
  • Deliver watchlist alert emails and filing notification emails based on your preferences
  • Respond to your inquiries and support requests
  • Improve the Service and develop new features, based on aggregate usage patterns
  • Detect and prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations

4. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • With your explicit consent
  • Payment processing: We share your email address and account identifier with Stripe, Inc. to facilitate subscription billing. Stripe is bound by its own privacy policy and PCI-DSS obligations.
  • Email delivery: We share your email address with our transactional email provider solely to deliver account and notification emails. This provider does not use your data for its own purposes.
  • Legal compliance: To comply with valid legal processes, court orders, or regulatory requirements, or to protect our rights, privacy, safety, or property.
  • Business transfer: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to equivalent privacy protections.

We do not share your data with advertising networks, data brokers, or any third party for commercial marketing purposes.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure password hashing (bcrypt with appropriate cost factor)
  • Access controls limiting data access to authorized personnel only
  • Truncation of IP addresses before storage to reduce identifiability
  • Regular security assessments of our infrastructure

No method of transmission over the internet or electronic storage is 100% secure. In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify affected users within a reasonable timeframe as required by applicable law.

6. Your Rights

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request deletion of your account and personal data
  • Portability — request your data in a portable, machine-readable format
  • Withdraw consent — opt out of optional data processing such as notification emails

To exercise any of these rights, please contact us using our contact form. We will respond within 30 days.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Usage analytics records are retained for 90 days in detailed form. They are then aggregated into anonymous summary statistics (total event counts with no personal identifiers) and the detailed records are deleted. If you delete your account, your usage records are immediately anonymised by removing the link to your account.

Payment and billing records (transaction logs) may be retained for up to 7 years following a transaction to comply with applicable tax and accounting obligations. These records contain only billing metadata (amount, date, plan, Stripe event ID) and are anonymised upon account deletion to the extent permitted by law.

8. Third-Party Processors

We use a limited number of third-party service providers to operate the Service. These processors are contractually bound to process your data only as directed by us and to maintain appropriate security standards:

  • Stripe, Inc. — payment processing and subscription management. Stripe maintains PCI-DSS Level 1 certification. See the Stripe Privacy Policy.
  • Transactional email provider — delivery of account and notification emails. Receives your email address and message content only. No behavioral tracking or profiling is performed by this provider on our behalf.

We do not use advertising networks, retargeting services, behavioral analytics platforms, or any third-party tracking pixels.

9. Email Communications

9.1 Transactional Emails

We send transactional emails required for account operation, including account verification, password reset links, and subscription receipts. These cannot be opted out of as they are necessary to provide the Service.

9.2 Notification Emails

If you enable email alerts in your account preferences, we will send you notifications about new SEC filings from managers or securities on your watchlist. You may enable or disable these alerts at any time from your account settings. Every notification email also includes an unsubscribe link.

9.3 No Unsolicited Marketing

We do not send marketing emails without explicit opt-in consent. We will not sell or share your email address with third parties for advertising purposes.

9.4 CAN-SPAM Compliance

All emails we send identify FilingFrog as the sender, include a valid mailing address, and provide a functional mechanism to stop receiving non-transactional emails. We honour unsubscribe requests promptly.

10. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

  • Right to Know — you may request details about the categories and specific pieces of personal information we have collected, the sources of that information, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete — you may request that we delete personal information we have collected from you, subject to certain exceptions.
  • Right to Opt-Out of Sale — FilingFrog does not sell your personal information. You do not need to opt out.
  • Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, please contact us using our contact form. We will respond within 45 days as required by law.

11. International Users (GDPR)

If you are located in the European Union, European Economic Area, or United Kingdom, the following additional provisions apply under the General Data Protection Regulation (GDPR) or UK GDPR:

11.1 Legal Basis for Processing

  • Contractual necessity — processing your account information, managing your subscription, and delivering the Service you have requested.
  • Legitimate interest — detecting and preventing fraud, abuse, and unauthorized access; improving the Service through aggregate analytics.
  • Consent — optional notification emails and any future optional data processing activities. You may withdraw consent at any time.
  • Legal obligation — retaining billing records for tax compliance.

11.2 International Data Transfers

Your personal data is processed and stored in the United States. Transfers of personal data from the EU/EEA/UK to the US are conducted in reliance on Standard Contractual Clauses (SCCs) or other transfer mechanisms approved under applicable law.

11.3 Additional Rights

In addition to the rights described in Section 6, EU/EEA/UK users have the right to:

  • Object to processing based on legitimate interest
  • Request restriction of processing in certain circumstances
  • Lodge a complaint with your local data protection supervisory authority

To exercise these rights, contact us via our contact form.

12. Children's Privacy

Our service is intended for users who are at least 18 years of age. We do not knowingly collect personal information from individuals under the age of 18. If we learn that we have collected personal data from a minor, we will take prompt steps to delete that information and close the associated account.

13. Changes to This Policy

We may update this privacy policy from time to time. For material changes, we will notify you by email or by posting a prominent notice on the Service at least 30 days before the changes take effect, and we will update the "Last updated" date at the top of this page. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

14. Contact

If you have any questions about this privacy policy or our data practices, or to exercise your data rights, please contact us using our contact form.