Do I legally need BSA/AML training?

It depends on your business type. Financial institutions regulated under the Bank Secrecy Act are legally required to maintain a written AML program that includes annual employee training. Other businesses have strong regulatory guidance recommending training. Our onboarding flow identifies exactly what you need based on your industry.

How quickly can we get compliant?

Most businesses complete initial setup and employee enrollment within 1 to 2 business days. Training is typically completed by employees in 45 to 90 minutes. For full compliance programs requiring policy review, plan for 5 to 10 business days for full implementation.

What happens if we get audited or examined?

We have a 98% examiner pass rate. All plans include exportable examination-ready documentation including completion reports, certificates, and training logs. Training + Review clients receive updated examiner-ready documentation. Training + Creation clients receive a fully built BSA/AML program.

Is this an annual subscription or a one-time payment?

Plans are billed annually, which aligns with BSA/AML regulatory requirements that mandate annual training. There are no per-module or per-seat surprise fees. Renewal is handled automatically with 60-day advance notice.

Can I upgrade my plan later?

Absolutely. You can upgrade at any time and we will prorate the difference. Your employee records, training history, and certificates all carry over between plans.

HomePrivacy Policy

Privacy Policy

Effective Date: March 30, 2026 · Last Revised: March 30, 2026

1. Introduction

Soflo Consulting LLC ("Soflo Consulting," "we," "us," or "our") is committed to protecting the privacy and confidentiality of information collected from our clients and users. This Privacy Policy ("Policy") describes how we collect, use, disclose, and safeguard personal information in connection with your access to and use of our BSA/AML compliance platform and related services (collectively, the "Services"). By accessing or using the Services, you acknowledge that you have read and understood this Policy. If you do not agree with the practices described herein, please discontinue use of the Services. This Policy applies to information collected through our website, platform, and any related communications. It does not apply to third-party websites or services linked from our platform.

2. Information We Collect

We collect the following categories of information in connection with the Services: 2.1 Identity & Contact Information • Full name and job title • Business email address • Phone number and mailing address 2.2 Business & Entity Information • Business name, type, and registration details • Employer Identification Number (EIN) or other business identifiers • Industry classification and regulatory profile 2.3 Payment Information • Billing name and address • Credit or debit card information (processed by our third-party payment processor) • Transaction history and subscription records We do not store full payment card numbers on our systems. All payment data is processed and stored by our PCI-DSS compliant payment processor. 2.4 Compliance Documents & Uploaded Content • BSA/AML policies, procedures, and internal documents • Risk assessments, audit materials, and related compliance records • Any other documents or data you voluntarily submit through the platform 2.5 Account & Usage Data • Login credentials (stored in hashed/encrypted form) • Platform activity logs, feature usage, and access timestamps • Device information, browser type, IP address, and operating system 2.6 Communications Data • Correspondence with our support or compliance team • Feedback, inquiries, and responses to surveys

3. How We Collect Information

We collect information in the following ways: • Directly from you when you register an account, subscribe to the Services, upload documents, or contact us • Automatically through cookies, log files, and similar tracking technologies when you interact with our platform • From third parties such as payment processors, identity verification providers, or publicly available business registries, where applicable

4. How We Use Your Information

We use the information we collect for the following purposes: • To create, manage, and maintain your account and subscription • To deliver, operate, and improve the Services • To process payments and manage billing • To provide customer support and respond to inquiries • To send administrative notices, service updates, and renewal reminders • To monitor platform usage for security, fraud prevention, and compliance purposes • To comply with applicable legal and regulatory obligations • To enforce our Terms of Service and other applicable agreements We do not use your information for automated decision-making or profiling that produces legal or similarly significant effects.

5. Disclosure of Information

We do not sell, rent, or trade your personal information. We may disclose your information only in the following limited circumstances: 5.1 Service Providers & Subprocessors We engage trusted third-party vendors to support platform operations, including: • Cloud hosting and infrastructure providers • Payment processors (e.g., for billing and subscription management) • Training content delivery partners • Analytics and security monitoring providers All such vendors are contractually required to process your data only as necessary to provide services to us and to maintain appropriate data protection standards. 5.2 Legal Obligations We may disclose information when required to do so by law, regulation, court order, or governmental authority, including in response to lawful requests by law enforcement agencies. 5.3 Protection of Rights We may disclose information where necessary to protect the rights, property, or safety of Soflo Consulting, our clients, or others, including to prevent fraud or enforce our Terms of Service. 5.4 Business Transfers In the event of a merger, acquisition, reorganization, or sale of substantially all of our assets, your information may be transferred as part of that transaction. We will provide notice prior to any such transfer and prior to your information becoming subject to a materially different privacy policy.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Services. These may include: • Strictly necessary cookies required for core platform functionality and security • Functional cookies to remember your preferences and session settings • Analytics cookies to understand how users interact with the platform You may adjust your browser settings to refuse or delete cookies; however, doing so may affect certain features of the Services. We do not currently respond to "Do Not Track" browser signals.

7. Data Retention

We retain your personal information for as long as your account remains active or as necessary to fulfill the purposes described in this Policy, including: • Maintaining subscription and billing records for a minimum of 7 years as required by applicable law • Retaining uploaded compliance documents for the duration of your active subscription plus 7 years following termination • Preserving records required for legal, regulatory, or audit purposes for 7 years or the period mandated by applicable law, whichever is longer Upon expiration of applicable retention periods, data will be securely deleted or anonymized.

8. Data Security

We implement and maintain commercially reasonable administrative, technical, and physical safeguards designed to protect your information against unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to: • Encryption of data in transit using TLS/SSL protocols • Encryption of stored credentials and sensitive data at rest • Access controls limiting data access to authorized personnel • Regular security assessments and vulnerability monitoring Notwithstanding the foregoing, no security system is impenetrable. We cannot guarantee the absolute security of your information. In the event of a data breach affecting your information, we will notify you in accordance with applicable law and without undue delay.

9. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"): 9.1 Right to Know. You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for which it is used, and the categories of third parties with whom it is shared. 9.2 Right to Delete. You have the right to request deletion of personal information we have collected from you, subject to certain exceptions permitted by law. 9.3 Right to Correct. You have the right to request correction of inaccurate personal information we maintain about you. 9.4 Right to Opt-Out of Sale or Sharing. We do not sell or share personal information for cross-context behavioral advertising purposes. No opt-out is required at this time, but we will honor any such requests received. 9.5 Right to Non-Discrimination. We will not discriminate against you for exercising any of your rights under the CCPA. 9.6 Exercising Your Rights. To submit a CCPA request, please contact us at info@sofloconsulting.net with the subject line "CCPA Privacy Request." We will respond within forty-five (45) days as required by law. We may require verification of your identity before processing your request. 9.7 Authorized Agent. You may designate an authorized agent to submit requests on your behalf. We may require written proof of authorization before processing agent-submitted requests.

10. Children's Privacy

The Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected information from a person under 18, we will take prompt steps to delete such information. If you believe we have collected information from a minor, please contact us at info@sofloconsulting.net.

11. Third-Party Links

The Services may contain links to third-party websites, tools, or resources. This Policy does not apply to any third-party sites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Policy

We reserve the right to update or modify this Policy at any time. Material changes will be communicated via email to the address associated with your account or through a prominent notice on the platform, no fewer than thirty (30) days prior to the change taking effect. Your continued use of the Services following the effective date of any update constitutes acceptance of the revised Policy. We encourage you to review this Policy periodically to stay informed of how we protect your information.

13. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at: Soflo Consulting LLC 1718 Capitol Ave Cheyenne, WY 82001 Email: info@sofloconsulting.net

View Terms of Service →

Submit a Privacy Request

Exercise your data rights or reach out with any privacy-related questions. We respond within 45 days as required by law.