Privacy Policy

1. Who we are

SafeRatio Inc. (“SafeRatio,” “we,” “us,” or “our”) is a Minnesota corporation with its principal place of business at 330 S Second Ave, Suite 200 1494, Minneapolis, MN 55401, United States. We operate the SafeRatio platform at saferatio.com and app.saferatio.com. Our offering is software for tax professionals — primarily CPAs, EAs, and accounting firms — to help their S-corp clients meet the reasonable compensation standard, track shareholder basis under IRC §1366/1367, and model distributions under Form 7203.

For data you provide about your clients, you are the data controller and we are the data processor. For your own firm's account and billing data, we are the controller. The distinction matters for some of the rights described below — see section 10.

2. What we collect

Account information

• Name, email address, firm name, role, and (optionally) phone number.
• Authentication credentials — we use OAuth (Google, Microsoft) and password-based sign-in via our identity provider; passwords are hashed at rest and never visible to us.
• Profile preferences, billing address, and seat assignments within your firm.

Client data you upload

• S-corp shareholder names, EINs, ownership percentages, K-1 details, salary history, and basis history.
• Form 7203 PDFs, QuickBooks P&L exports, and any other supporting documents you upload.
• Forecast and scenario inputs you enter into the modeling workspace.

We never use client data to train machine-learning models, share it with third parties for marketing, or analyze it for purposes unrelated to providing the service you signed up for.

Payment information

Subscriptions and credit packs are processed by Stripe. We never see or store your full card number, CVV, or bank credentials — Stripe handles those directly and returns a tokenized reference. We store the last four digits, card brand, expiration, billing address, and invoice history so you can manage your subscription.

Usage and device data

• Pages visited, features used, errors encountered (for debugging and product improvement).
• Browser type, operating system, approximate location (derived from IP address — never precise GPS).
• Server logs including timestamps and request IDs, retained for security and debugging.

Communications

Emails you send to support, our chat history with you, and any feedback you submit. We use these to provide support and to improve the product.

3. How we use it

• Run the service. Authenticate you, render the workspace, process forecasts, store your scenarios, generate reports.
• Billing. Charge your subscription, send invoices, prevent fraud.
• Support. Respond to questions, debug issues, restore lost data on request.
• Product improvement. Aggregated, de-identified usage signals tell us which features get used and where the workflow stalls.
• Communication. Service announcements (always), product updates and tax-season tips (you can opt out at any time).
• Legal compliance. Respond to lawful requests, defend against claims, enforce our terms.

4. Legal bases (GDPR-style summary)

Where the GDPR or analogous laws apply, we process personal data under the following bases:

• Contract. Processing necessary to provide the service you've contracted us for.
• Legitimate interests. Security, fraud prevention, product analytics — balanced against your rights.
• Consent. Optional marketing emails, non-essential cookies.
• Legal obligation. Tax records, fraud reporting, lawful requests.

5. Sub-processors

The vendors we rely on to deliver SafeRatio. Each is bound by a written data processing agreement.

• Supabase — database, authentication, file storage (US regions).
• Vercel — hosting, edge functions (US regions).
• Stripe — payments, subscriptions, invoices.
• Google Analytics — aggregated traffic measurement (IP anonymization enabled).
• Formspree — contact form delivery.
• Anthropic — AI assistance for narrative reports (only when you opt in to AI-generated commentary; never on raw client data).

We post material changes to this list with at least 30 days' notice via email to the primary contact on your account.

6. Cookies and analytics

We use a minimal set of cookies: an authentication cookie (essential — required for sign-in), a session ID (essential), and Google Analytics cookies (optional, used in aggregate). You can decline non-essential cookies at any time from your browser settings. Marketing email tracking pixels are not used.

7. Data retention

• Account data: retained while your account is active and for up to 90 days after closure (so re-opening within that window restores your workspace).
• Client data you uploaded: retained for as long as your subscription is active. Upon firm deletion or written request, deleted within 30 days.
• Backups: Encrypted backups roll off on a 35-day cycle.
• Billing records: retained for seven years per US tax law.
• Server logs: retained for 90 days, then anonymized or deleted.

8. Security

• All traffic is encrypted in transit (TLS 1.2+).
• Data at rest is encrypted using AES-256 (Supabase Postgres + Storage default).
• Application-level row-level security restricts each user to their firm's data.
• SSO and OAuth-based authentication; no passwords stored by us in plaintext or recoverable form.
• Regular dependency and infrastructure audits, with a documented incident response process.

No system is perfectly secure. If you suspect a vulnerability, please email security@saferatio.com.

9. Your rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your account and the personal data associated with it.
• Export your account and client data in a portable format (CSV / JSON).
• Object to certain processing, including marketing communications.
• Restrict processing in certain circumstances.
• Lodge a complaint with a supervisory authority in your jurisdiction.

Send a request to privacy@saferatio.com and we'll respond within 30 days. We may need to verify your identity before acting on a request.

10. Client data & controllership

When you upload a client's K-1, 7203, or P&L into SafeRatio, you remain the controller of that data. We process it on your behalf, only for the purpose of running the SafeRatio service. We won't access client data except as necessary to provide support (always with your consent) or to comply with the law.

Your engagement letter with your client governs the underlying relationship; SafeRatio's role is to give you a secure, audit-friendly workspace to do that work. If your client exercises a privacy right against you, you can fulfill that request inside SafeRatio (export, delete) or contact us for help.

11. International transfers

SafeRatio is operated from the United States. Infrastructure is hosted in US regions. If you access the service from outside the United States, you understand and consent to your data being transferred to, stored, and processed in the United States. For EEA/UK users, we rely on Standard Contractual Clauses as the transfer mechanism.

12. Children

SafeRatio is a business tool for tax professionals. It is not designed for, marketed to, or knowingly used by anyone under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided personal information to us, please contact us so we can delete it.

13. Changes to this policy

We may update this policy as the product evolves or as the law requires. Material changes will be announced via email to your account contact at least 30 days before they take effect, and the “Last updated” date at the top of this page will reflect the change. Continued use of the service after the effective date constitutes acceptance.

14. Contact us

Questions about this policy, your data, or a privacy request:

• Email: privacy@saferatio.com
• General contact: saferatio.com/contact

Mailing address:
SafeRatio Inc.
330 S Second Ave, Suite 200 1494
Minneapolis, MN 55401
United States