What is an FBAR and who needs to file?

An FBAR (FinCEN Form 114) is required for any US person — citizens, green card holders, and residents — who has foreign financial accounts that together exceeded $10,000 at any point during the calendar year. This includes Americans living abroad, immigrants maintaining accounts in their home country, and dual citizens. If the total across all your foreign accounts hit $10,000 for even one day, you're required to file.

What's the penalty for not filing?

Non-willful failure to file carries a penalty of up to $16,536 per account, per year. Willful failure can result in penalties up to $165,353 or 50% of the account balance, whichever is greater. Criminal penalties can include up to 5 years imprisonment. The good news: the IRS rarely penalizes taxpayers who come forward voluntarily with non-willful violations.

When is the FBAR deadline?

The FBAR is due April 15 each year, with an automatic extension to October 15. No extension request is needed — it applies automatically. For the 2025 tax year, the October 15, 2026 extension deadline is the current active deadline. We recommend filing as early as possible to stay ahead of the deadline.

How does the FinCEN submission work?

We generate your completed FinCEN Form 114 — both a FinCEN-compliant XML for submission and a PDF copy for your records. We walk you through uploading to the BSA E-Filing system, the same portal CPAs and tax professionals use. The upload takes about 2 minutes. Once submitted, you get a BSA tracking ID as proof of filing, saved in your dashboard alongside your PDF receipt.

How is my data protected?

Your SSN and account numbers are encrypted with AES-256-GCM before they're stored. The encryption architecture means we cannot access your sensitive data in plain text. All traffic uses TLS. Bank statement uploads are encrypted at rest and deleted after data extraction is complete.

What if I have accounts in multiple countries?

You can add as many accounts as you need — there's no per-account charge. We handle currency conversion automatically using Treasury Department exchange rates for the reporting year. Five accounts across three countries is the same $29.

Can I file for previous years?

Yes. You can file for any year going back 6 years. Each year is a separate filing. If you have multiple years of unfiled FBARs, we recommend consulting a tax professional about the Streamlined Filing Compliance Procedures before filing — it can protect you from penalties.

How is this different from using a CPA?

A CPA typically charges $200–500 for FBAR preparation. For straightforward filings, the work involved is primarily data entry — your name, bank details, and account balances. We handle that same process for $29 in about 12 minutes, with bank-grade encryption. For complex situations like delinquent filings, FATCA Form 8938, or tax treaty issues, a CPA is the right choice.

Can I file myself for free on the BSA site?

Yes, the BSA E-Filing system at FinCEN is free and open to the public. It's a functional but dated system — no save-and-resume, no currency conversion, and no error checking before submission. Most filers report it takes 45–90 minutes. FBAR File provides a modern interface with automatic currency conversion, error detection, and the ability to save your progress for $29.

Is my data really safe?

We use AES-256-GCM encryption — the same standard used by the US government for classified information. Your SSN and account numbers are encrypted before they're written to our database, using a key derived from your account. We cannot read them in plain text. Bank statement uploads are encrypted at rest and automatically deleted after data extraction.

Privacy Policy

Last updated: 2026-05-15

Your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use FBAR File to prepare your FinCEN Form 114. By using our service, you also agree to our Terms of Service.

1. Introduction

FBAR File ("we," "us," or "our") operates fbarfile.com and provides an online platform for preparing and electronically filing FinCEN Form 114 (FBAR). This Privacy Policy describes how we collect, use, store, share, and protect your personal information.

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy and our Terms of Service Terms Of Service. If you do not agree with these practices, you must not use the Services.

FBAR File processes sensitive financial data, including Social Security Numbers and foreign bank account details. We take this responsibility seriously and have designed our systems with privacy and security as foundational requirements.

2. Information We Collect

We collect the following categories of personal information:

Account Information: Name, email address, and authentication data (managed by Clerk, our identity provider).

Filer Information: First and last name, date of birth, Social Security Number (SSN) or Taxpayer Identification Number (TIN), TIN type (SSN, EIN, or foreign), filer type (individual, corporation, partnership, LLC, trust, or estate), and US mailing address (street, city, state, ZIP code). If filing on behalf of an entity, we collect entity details.

Foreign Account Information: Bank or financial institution name, country and city, account number, account type (bank, securities, or other), currency, maximum account balance in foreign currency and USD equivalent, and joint account holder information (name and TIN) if applicable.

Filing Information: Tax year, filing tier (Standard or Smart), amendment status, prior BSA tracking IDs for amended filings, and late filing reason if applicable.

Uploaded Documents: Bank statements or financial documents uploaded for AI-assisted data extraction (Smart tier only).

Payment Information: Payment details are collected and processed directly by Stripe. We receive a transaction ID and payment status but never store your credit card number, CVV, or billing address on our servers.

Usage Information: We collect analytics data via Google Analytics 4, including pages visited, time on site, and device information. This data is anonymized and used solely for service improvement.

Communications: If you contact support, we store your name, email, subject, and message content.

3. Legal Basis for Processing

We process your personal information under the following legal bases:

Performance of a contract: Processing your filer information, account details, and filing data is necessary to provide our FBAR filing service — the core service you are paying for.

Legal obligation: We retain filing records for 7 years to comply with IRS and FinCEN record-keeping requirements under 31 CFR Part 1010.

Legitimate interest: We process usage analytics via Google Analytics 4 to improve our service, prevent fraud, and ensure platform security. This data is anonymized and aggregated.

Consent: Marketing communications (such as annual filing reminders) are processed only with your opt-in consent, which you may withdraw at any time.

4. How We Use Your Information

We use your information solely for the following purposes:

FBAR Preparation: Generating FinCEN-compliant XML for Form 114 and guiding you through uploading it to the BSA E-Filing System.
Payment Processing: Collecting payment through Stripe before filing submission.
Filing Confirmations: Sending BSA tracking ID confirmations and PDF receipts via email.
Annual Reminders: Notifying you of upcoming FBAR filing deadlines for subsequent tax years (you may opt out at any time).
Customer Support: Responding to inquiries and resolving filing issues.
AI Data Extraction: Processing uploaded bank statements to automatically extract account details (Smart tier only). Statements are encrypted in storage and permanently deleted after extraction.
Service Improvement: Analyzing anonymized, aggregated usage patterns to improve the filing experience.
Legal Compliance: Meeting regulatory obligations and responding to lawful requests from government authorities.

We do NOT use your data for advertising, behavioral profiling, credit scoring, or any purpose unrelated to FBAR filing services.

5. Data Security and Encryption

Given the sensitivity of the financial data we process, we implement multiple layers of security:

Encryption at Rest: Social Security Numbers, Taxpayer Identification Numbers, and foreign bank account numbers are encrypted using AES-256-GCM before storage. These fields are stored as ciphertext — our database never contains plaintext SSNs or account numbers. Encryption keys are managed through AWS Key Management Service (KMS) with automatic key rotation.

Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3. Our API endpoints enforce HTTPS.

Document Security: Uploaded bank statements (Smart tier) are encrypted at rest in AWS S3. After AI extraction is complete, the original documents are permanently deleted from storage.

Access Controls: Our production database is accessible only through encrypted connections within a private VPC. Employee access to production systems requires multi-factor authentication and is logged. No FBAR File employee can view your plaintext SSN or account numbers.

Infrastructure: Our application runs on AWS in the United States, using isolated VPC networks, security groups restricting traffic, and encrypted database storage (RDS encryption). We use rate limiting (60 requests per minute) to prevent abuse.

Application Security: HTTP security headers (Helmet.js), CSRF protection, input validation on all endpoints, and parameterized database queries to prevent SQL injection.

6. Information Sharing and Third-Party Processors

We do not sell, rent, or trade your personal information. We share data only with the following processors, each of which is contractually obligated to protect your data:

Processor	Purpose	Data Shared
FinCEN / BSA E-Filing System	FBAR filing (uploaded by you)	Filer info, account details (required by law)
Stripe	Payment processing	Payment token, amount, email
Clerk	Authentication	Email, name, session data
Amazon Web Services (AWS)	Infrastructure, storage, email delivery (SES)	Encrypted application data
Google Analytics 4	Site analytics	Anonymized usage data

We may also disclose your information if required by law, subpoena, or government request, or to protect the rights, safety, or property of FBAR File or its users.

7. Data Retention

We retain your data according to the following schedule:

Filing data (filer info, account details, BSA tracking IDs): 7 years from the filing date. This aligns with IRS and FinCEN record-keeping requirements under 31 CFR Part 1010 and the BSA.

Account data (email, name, authentication): Retained while your account is active. Upon account deletion, personal data is purged within 30 days, except for filing records subject to the 7-year retention period.

Uploaded documents (bank statements): Permanently deleted immediately after AI extraction is complete, or within 24 hours of upload if extraction fails.

Payment records: Retained for 7 years for tax and accounting compliance.

Support communications: Retained for 2 years, then deleted.

Analytics data: Anonymized and retained per Google Analytics default retention period (14 months).

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

Right to Access: Request a copy of all personal data we hold about you, provided in a machine-readable format (JSON).

Right to Correction: Request correction of inaccurate personal data.

Right to Deletion: Request deletion of your personal data. Note: we cannot delete filing records within the 7-year regulatory retention period, but we can delete your account and non-regulated data.

Right to Data Portability: Receive your data in a structured, commonly used format (JSON export).

Right to Withdraw Consent: Opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on or blocking analytics cookies in your browser settings. Unsubscribe from marketing communications via the link in any email.

Right to Object: Object to processing based on legitimate interest.

To exercise any of these rights, email support@fbarfile.com. We will respond within 30 days (or 45 days for complex requests, with notice).

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: You may request the categories and specific pieces of personal information we have collected about you in the past 12 months.

Right to Delete: You may request deletion of your personal information, subject to the regulatory retention exceptions noted above.

Right to Opt Out of Sale: We do not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising.

Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA rights.

Categories of Information Collected: Identifiers (name, email, SSN/TIN), financial information (account numbers, balances), internet activity (anonymized analytics via Google Analytics 4), and professional information (tax filing data).

Sensitive Personal Information: We collect SSN/TIN and financial account numbers, which are classified as sensitive under CPRA. This data is used solely for the disclosed business purpose (FBAR filing) and is not used for profiling.

To make a verifiable consumer request, email support@fbarfile.com or use the contact form on our website.

10. European Data Protection (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following provisions apply:

Data Controller: FBAR File is the data controller for your personal information.

Legal Bases: See Section 3 above.

International Transfers: Your data is transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) as approved by the European Commission for transfers of personal data outside the EEA. Our sub-processors (AWS, Stripe, Clerk) maintain their own SCCs and adequacy mechanisms.

Data Protection Officer: For GDPR inquiries, contact our privacy team at support@fbarfile.com.

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

Automated Decision-Making: Our AI extraction feature (Smart tier) processes uploaded documents to extract account data. This is not used for automated decision-making that produces legal effects. You may request human review of any extracted data before filing submission.

11. Financial Data Protection (GLBA)

As a service that processes financial account information, FBAR File adheres to the principles of the Gramm-Leach-Bliley Act (GLBA) regarding the protection of nonpublic personal information (NPI):

Safeguards: We maintain administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of your financial information, including AES-256-GCM encryption, access controls, and audit logging.

Limitations on Sharing: We do not share your NPI with non-affiliated third parties except as required to provide our services (FinCEN submission, payment processing) or as permitted by law.

Disposal: When financial data is no longer needed (beyond regulatory retention periods), it is securely destroyed using cryptographic erasure.

12. Cookies and Tracking Technologies

We use essential cookies for authentication and session management, and analytics cookies (Google Analytics 4) to understand site usage. For full details, see our Cookie Policy at /cookies.

Essential cookies (Clerk authentication) cannot be disabled as they are required for the service to function. Analytics cookies (Google Analytics 4) are used to measure aggregate traffic patterns and improve our service.

13. Children's Privacy

FBAR File is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. FBAR filing obligations apply to US persons of any age, but minors should have a parent or guardian file on their behalf. If you are a parent or guardian and believe your child has provided personal data directly, contact us at support@fbarfile.com for removal.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to active users at least 30 days before they take effect, and posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically. Continued use of our services after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

For privacy inquiries or to exercise your rights:

Email: support@fbarfile.com Mailing address: FBAR File, 447 Sutter St Ste 405 PMB 1066, San Francisco, CA 94108

We aim to respond to all privacy requests within 30 days.

For information about our terms of use, see our Terms of Service Terms Of Service. For information about cookies, see our Cookie Policy Cookies.

← Back to home