Privacy Policy
Last updated: March 17, 2026 · Version 2.0
Table of Contents
1. Who We Are
This privacy policy applies to Chromaray LLC, trading as US LLC Filings, a limited liability company registered in New Mexico, USA.
We are the data controller responsible for your personal data under UK GDPR and EU GDPR.
GDPR applies to us because we offer services to individuals located in the United Kingdom and the European Union, regardless of our place of incorporation (GDPR Art. 3(2)).
| Legal name | Chromaray LLC |
| Trading name | US LLC Filings |
| Website | usllcfilings.com |
| Address | 530-B Harkle Road, Suite 100, Santa Fe, NM 87505 |
| Contact email | info@usllcfilings.com |
| Data Protection Officer | Not currently appointed. All data protection queries go to the contact email above. |
2. What Data We Collect
We collect the following categories of personal data through our intake forms and service delivery:
Identity data
Full legal name, date of birth, nationality, citizenship, passport number and expiry date, country of tax residency.
Contact data
Email address, phone number, residential address, business mailing address.
Tax data
US Tax Identification Number (TIN, EIN, ITIN, or SSN), foreign tax identification number, tax filing status.
Financial data
Business revenue, operating expenses, distributions, financial statements, transaction summaries, bank account details (where relevant to filings).
Business data
LLC name, state of formation, formation date, registered agent details, NAICS code, description of business activities, countries where business is conducted, ownership structure and percentages.
Document data
Copies of signed tax forms, passport copies, articles of organization, EIN confirmation letters, and other supporting documents required for your filings.
Payment data
Payments are processed by Stripe. We do not store credit or debit card numbers. We receive transaction confirmations from Stripe only.
Communication data
Emails, WhatsApp messages, and support conversations related to your filing.
Website data
IP address, browser type, pages visited, and cookie data (see §10).
3. Why We Process It (Legal Basis)
Under GDPR Article 6, we must have a lawful basis for each way we use your data. The table below sets this out:
| Purpose | Lawful Basis |
|---|---|
| Provide the tax filing services you purchased | Contract performance (Art. 6(1)(b)) |
| File forms with IRS, FinCEN, or BEA as required by US law | Legal obligation (Art. 6(1)(c)) |
| Share data with licensed Service Partners to deliver services | Contract performance (Art. 6(1)(b)) + Legitimate interests (Art. 6(1)(f)) |
| Send service updates, filing confirmations, and responses | Legitimate interests (Art. 6(1)(f)) |
| Marketing communications (if any) | Consent (Art. 6(1)(a)): opt-in only |
| Anti-money laundering compliance | Legal obligation (Art. 6(1)(c)) |
| Website analytics and improvement | Legitimate interests (Art. 6(1)(f)) |
4. Special Category Data
Passport details and some tax identification numbers may qualify as sensitive or special category data in certain jurisdictions. Where this applies, we process this data on the basis of substantial public interest (US tax compliance obligations) and with your explicit consent, which you give when submitting your intake form.
We use this data only to perform the filing services you engaged us for. We do not use it for any other purpose.
5. Who We Share Your Data With
We share your data only where necessary to deliver the services you purchased or to meet a legal obligation. We never sell, rent, or trade your personal data.
A note on our website copy: Our website states that your data is "never shared with third parties." This means we never share it for marketing or unrelated commercial purposes. We do share data with the parties listed below, because doing so is either required by US law or necessary to deliver the service you hired us for.
US Government Authorities (required by US law)
| Authority | Purpose |
|---|---|
| Internal Revenue Service (IRS) | Forms 5472, 1120 (pro forma), W-7 |
| Financial Crimes Enforcement Network (FinCEN) | BOIR filings, FBAR (where applicable) |
| Bureau of Economic Analysis (BEA) | BE-12 and BE-13 surveys (where applicable) |
Licensed Service Partners
Third-party professionals who deliver specific services on our behalf: EIN applications, ITIN processing, LLC formation and dissolution, FBAR filing. All Service Partners are contractually bound to data protection standards equivalent to those in this policy.
Technology and Platform Providers
| Provider | Purpose |
|---|---|
| Stripe | Payment processing |
| Google Workspace | Email hosting (info@usllcfilings.com) |
| Brevo | Transactional emails and service notifications |
| Typeform | Client intake forms |
| WhatsApp (Meta Platforms) | Client communications and service updates |
| Google Analytics 4 (Google LLC) | Website traffic analysis and user behaviour analytics |
| Microsoft Clarity (Microsoft Corporation) | Session recordings and heatmap analytics |
Each of these providers is subject to their own privacy policy and, where applicable, data processing agreements with us.
6. International Data Transfers
Chromaray LLC is a limited liability company registered in the State of New Mexico, USA. Delivering US tax compliance services requires transferring your data to the United States.
Transfers to US government authorities (IRS, FinCEN, BEA)
These are required by US law and inherent to the service you engaged us to provide. The legal basis is contractual necessity (GDPR Art. 49(1)(b)) and legal obligation (Art. 49(1)(c)). Standard Contractual Clauses (SCCs) do not apply to transfers to government authorities.
Transfers to US-based service providers (Stripe, Google, Brevo, Typeform, WhatsApp/Meta Platforms)
Where applicable, we rely on Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms. We have assessed these transfers under the requirements of the UK/EU international transfer framework.
The United States does not hold an adequacy decision under UK GDPR. By engaging our services, you understand that your data must be transmitted to US authorities as required by US federal law.
7. How Long We Keep Your Data
| Data Type | Retention Period | Basis |
|---|---|---|
| Tax records (returns, filings, supporting documents) | 7 years from filing date | IRS statute of limitations |
| Identity documents (passports, articles of organization) | Duration of client relationship + 7 years | Legal obligation |
| Financial data | 7 years from the relevant tax year | IRS / financial regulations |
| Communication records | 3 years from last contact | Legitimate interests |
| Payment records | 7 years | Financial regulations |
| Website analytics (GA4, Clarity) | 26 months (GA4 default retention); Clarity data: 13 months | Legitimate interests |
After the retention period, data is securely deleted or anonymised. Where a legal obligation requires us to retain data beyond your request to delete, we will explain this when responding to your request.
8. Your Rights
Under GDPR Articles 15–22, you have the following rights in relation to your personal data:
Right of access (Art. 15)
Request a copy of all personal data we hold about you.
Right to rectification (Art. 16)
Ask us to correct data that is inaccurate or incomplete.
Right to erasure / "right to be forgotten" (Art. 17)
Ask us to delete your data. Note: we cannot delete data we are legally required to retain (for example, filed tax returns and supporting records; see §7).
Right to restrict processing (Art. 18)
Ask us to limit how we use your data while a dispute is resolved.
Right to data portability (Art. 20)
Receive your personal data in a structured, machine-readable format.
Right to object (Art. 21)
Object to processing based on legitimate interests.
Right to withdraw consent
Where processing is based on your consent, you can withdraw it at any time. This does not affect the lawfulness of processing carried out before the withdrawal.
Right to lodge a complaint
With the UK Information Commissioner's Office (ICO) at ico.org.uk, or with your national supervisory authority if you are based in the EU (list available at edpb.europa.eu).
How to exercise your rights
Email info@usllcfilings.com with "Data Subject Request" in the subject line.
We will respond within 30 days. For complex or multiple requests, we may extend this by up to 60 days under GDPR Art. 12(3). We will notify you within the initial 30-day period if this applies.
9. Data Security
We protect your data through:
- Encryption in transit and at rest: all connections use TLS/SSL; stored data is encrypted
- Access controls: only authorised personnel can access client data, with role-based permissions
- Secure document storage via Google Workspace: documents are stored and shared through Google Workspace with appropriate access controls. Access is limited to authorised team members on a need-to-know basis
- Regular security reviews: we periodically assess and update our security practices
- Data minimisation: we only request data we actually need for your filing
We are a small specialist business. We apply proportionate, professional security measures appropriate to the sensitivity of the data we handle. No system is 100% secure, and we will never overstate our capabilities.
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Articles 33–34.
10. Cookies
Our website (usllcfilings.com) uses the following cookies:
Essential cookies
Required for basic site security and functionality. Cannot be disabled without affecting how the site works.
Analytics cookies
We use Google Analytics 4 to understand how visitors use our website. GA4 collects anonymised data including pages visited, time on site, and referral source. This data is processed by Google LLC. You can opt out using the Google Analytics Opt-out Browser Add-on.
We use Microsoft Clarity to understand how visitors interact with our website through session recordings and heatmaps. Clarity collects anonymised behavioural data. No personally identifiable information is captured. This data is processed by Microsoft Corporation.
Third-party cookies
Stripe and Typeform may set their own cookies during payment processing and form completion. These are governed by their respective privacy policies.
We do not use marketing, retargeting, or social media tracking cookies.
You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect website functionality.
11. Children's Data
Our services are designed for business owners and adults only. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with personal data in error, please contact us at info@usllcfilings.com and we will delete it promptly.
12. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices, services, or legal requirements.
Material changes will be communicated to you by email at least 30 days before they take effect. The "last updated" date at the top of this page will always reflect the current version.
If you do not wish to accept a material change to this policy, you may discontinue using our services and request deletion of your personal data in accordance with §8.
13. Contact Us
For any questions about this policy or to exercise your data protection rights:
US LLC Filings / Chromaray LLC
Email: info@usllcfilings.com
Address: 530-B Harkle Road, Suite 100, Santa Fe, NM 87505
No Data Protection Officer is currently appointed. All data protection queries go to the email above.
Your supervisory authority:
- UK residents: Information Commissioner's Office (ICO), ico.org.uk, 0303 123 1113
- EU residents: Your national data protection authority (list at edpb.europa.eu)
Also see our Terms of Service.
Effective date: March 17, 2026
Next review: March 17, 2027