MIDNIGHTFOUNDER

Privacy Policy

Your information is private. Full stop.

Effective May 10, 2026

What we collect

We collect only what's necessary to form your business:

  • Account information — your email address and a hashed (encrypted) password. We never store your password in plain text.
  • Business information — your business name, entity type (LLC, S-Corp, etc.), and the state you are forming in.
  • Filing information — your full name, mailing address, city, zip code, and phone number. This is required by the state to file your formation documents.
  • Payment information — processed entirely by Stripe. We never see, store, or handle your credit card number.
  • Usage data — basic server logs (IP address, browser type) used to keep the service running securely. These are not tied to your identity.

How we use it

We use your information exclusively to:

  • File your LLC or business entity with the appropriate state agency
  • Send you status updates on your filing
  • Provide access to your dashboard and formation checklist
  • Respond to your support requests

Nothing else. We do not use your information for advertising, profiling, or any purpose unrelated to your business formation.

We do not sell your personal information

We do not sell, rent, or trade your personal information for money, and we do not share it with advertisers or data brokers. The only third parties who receive any portion of your information are the service providers (sub-processors) we use to run the platform, listed below. We use the term “sub-processor” in the GDPR/CCPA sense: a vendor that processes data on our behalf under a contract that prohibits them from using it for their own purposes.

  • State government agencies — your name, address, and business details are submitted to the state to form your entity. State filings are public records once accepted.
  • Stripe, Inc. — processes your payment. We never see your card number. Stripe privacy policy.
  • Vercel, Inc. — application hosting and serverless functions. Vercel privacy policy.
  • Supabase, Inc. — authentication and Postgres database (built on Neon/AWS infrastructure). Supabase privacy policy.
  • Resend, Inc. — sends transactional email (filing confirmations, login codes). Resend privacy policy.
  • Anthropic, PBC — when you use our AI tools to generate business names or logo concepts, the prompt you submit (industry, description, vibe, business name) is sent to Anthropic's Claude API. Anthropic does not train models on API inputs. Anthropic privacy policy.
  • Google LLC (Google Analytics 4) — on our public marketing pages we load Google Analytics 4 to measure aggregate traffic. GA may set cookies and collect a truncated IP, user-agent, and pseudonymous client identifier. We do not provide Google with your name, email, or filing details. Google privacy policy. To opt out site-wide, install the Google Analytics opt-out browser add-on.

We have not authorized any of these providers to use your information for their own marketing or advertising.

How we protect your data

  • Passwords are hashed with bcrypt before storage — they are mathematically irreversible
  • All data is transmitted over HTTPS/TLS
  • Our database is hosted on Neon (SOC 2 Type II certified)
  • We do not store payment card data of any kind

Data retention

We retain your account and filing data as long as your account is active, or as required to maintain records of the services we provided. You may request deletion of your account and associated data at any time by emailing us. Filed formation documents are a matter of public record with the state and cannot be retracted.

Your rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate information
  • Request deletion of your account and data
  • Receive a copy of your data in a portable format

To exercise any of these rights, email us at info@themidnightfounder.com.

Cookies and analytics

We use the following cookies and similar technologies:

  • Strictly necessary — a session cookie that keeps you logged in. This cannot be disabled.
  • Analytics — Google Analytics 4 (cookies prefixed _ga) on our public marketing pages, to measure aggregate traffic. We do not use advertising or remarketing pixels.

You can disable analytics cookies through your browser settings, the Google opt-out add-on, or by enabling “Global Privacy Control” in your browser (we honor GPC signals as a CCPA opt-out).

AI tools and data processing

We use Anthropic, PBC (“Anthropic”) as a service provider to power certain AI-assisted features. When you use these features, the inputs you provide are sent to Anthropic's API and processed by their Claude models to generate the corresponding output.

Where we use AI

  • Business name suggestions. Inputs sent: industry, description, and any vibe or style notes you provide. Output: candidate names, taglines, and rationale.
  • Logo generation. Inputs sent: business name, industry, mood/color preferences, and optional description. Output: SVG logo concepts.
  • Launch announcement email. Inputs sent: business name and recipient email address (to personalize tone). Output: a draft email you can edit before sending from your own mail client.
  • Operating Agreement “polish” (optional). Only if you click the polish button on a custom clause. Inputs sent: the clause heading and the plain-English body you typed. Output: a formal rewrite that you accept or reject before it replaces your text.
  • Operating Agreement pre-flight check (optional). Only if you click the run-check button on the review step. Inputs sent: your questionnaire answers (no email, no name beyond what you entered). Output: flags about inconsistencies between answers.

What Anthropic does with your inputs. Anthropic acts as our sub-processor. Per Anthropic's Commercial Terms of Service in effect at the time of writing, Anthropic does not use Commercial Services inputs or outputs to train their models. Anthropic retains inputs only for the operational and abuse-monitoring purposes set out in their Privacy Policy and Commercial Terms. Anthropic processes data in the United States.

International transfers. If you are in the EEA, UK, or Switzerland and use these features, your inputs will be transferred to and processed in the United States. Anthropic relies on the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum as the safeguard for these transfers.

Your choices. Use of AI features is optional. You can complete the formation flow without generating names, a logo, or a launch email, and you can draft an Operating Agreement without the polish or pre-flight features. To request deletion of any inputs we've stored on our side, email info@themidnightfounder.com. Inputs already transmitted to Anthropic are governed by Anthropic's own retention and deletion practices linked above.

No automated decision-making with legal effect. The AI features described here generate suggestions, drafts, and informational flags. We do not use AI to make automated decisions that produce legal or similarly significant effects on you within the meaning of GDPR Article 22.

Your California privacy rights (CCPA / CPRA)

If you are a California resident, you have the right to: (1) know what categories of personal information we collect and the purposes for which we use it; (2) access the specific personal information we hold about you; (3) request deletion of your personal information; (4) request correction of inaccurate personal information; (5) limit the use of sensitive personal information; and (6) not be discriminated against for exercising these rights.

Right to opt out of sale or sharing. We do not sell or share personal information for cross-context behavioral advertising. We have not sold or shared personal information in the preceding 12 months. To exercise any other right, email info@themidnightfounder.comwith the subject line “CCPA Request.” We will verify your identity by confirming you control the email on the account.

Your rights in the EEA, UK, and Switzerland (GDPR)

If you are in the EEA, UK, or Switzerland, our legal bases for processing your personal data are: (a) performance of a contract (to form your business); (b) compliance with a legal obligation (state filing records); and (c) our legitimate interests in operating, securing, and improving the service. You have the right to access, rectify, erase, restrict, port, and object to processing, and to lodge a complaint with your supervisory authority. We do not currently target advertising at users in the EEA/UK and do not engage in automated decision-making with legal effect.

Children

The service is intended for users 18 and older and is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us information, email info@themidnightfounder.com and we will delete it.

Changes to this policy

If we make material changes, we will update the effective date above and notify you by email. Continued use of the service after changes constitutes acceptance.

Contact

Questions? Email us at info@themidnightfounder.com.

Terms of ServiceBack to home