The Privacy Playbook
Chapter 5

Operational Privacy

Your LLC is only as private as your habits. This chapter covers the daily practices that maintain privacy — or destroy it.

May 1, 202614 min read

The Habit Problem

Here's a pattern we see constantly:

Someone spends $600 on a perfectly structured Wyoming LLC. Their name is off the filing. The registered agent's address is public. Everything is clean.

Then they:

  • Use their home address for the bank account
  • Put their personal email on the website contact form
  • Register the domain with their home address in WHOIS
  • Sign a lease with the LLC but give their personal cell
  • Ship products with their home address as the return address

Within six months, their "anonymous LLC" is connected to their home in multiple databases. Anyone with a people-search subscription can find them.

Structure is the foundation. Operations are what you build on top.


The Address Problem

Your address is the most commonly leaked piece of information. Here's where it gets exposed:

Bank Account Opening

Banks require a physical address. This goes into KYC records, is shared with credit bureaus, and becomes part of the financial intelligence ecosystem.

Mitigation: Use a commercial mail receiving agency (CMRA) or virtual office address if your bank accepts it. Some banks require residential addresses; in that case, you're choosing between banking convenience and absolute address privacy.

Vendor and Supplier Accounts

Every vendor you sign up with asks for a billing address. Many share this data or sell it.

Mitigation: Use your business mailing address consistently. Don't give your home address to office supply companies.

Insurance Policies

Business insurance applications ask for addresses. This goes into insurance databases, which are widely shared.

Mitigation: Use your business address. For vehicle or property insurance, you may need to disclose the actual location, but correspondence address can be separate.

Shipping and Returns

If you ship products, your return address appears on every package. If you receive products at home, your home address is in shipping databases.

Mitigation: Use a separate fulfillment address. Receive business packages at a commercial address or mail service.

Professional Licenses

Many professional licenses require a physical address and become public record.

Mitigation: Check if your state allows a business address. Some require residential; in those cases, you're making a trade-off.

Domain Registration

WHOIS data is often public. If you register a domain with your home address, it's searchable.

Mitigation: Use WHOIS privacy (most registrars offer it) or use your business address.


The Email Problem

Email is the connective tissue of your digital identity. Here's how it leaks:

Personal Email for Business

If you use your personal email (john.smith@gmail.com) for business, you've connected your personal identity to every vendor, customer, and service.

Mitigation: Use a domain-based email for business (info@yourcompany.com). Keep personal email separate.

Email Aggregation

Data brokers collect email addresses and associate them with other information. If the same email appears in a data breach, on a business website, and in a social media profile, the connection is trivial.

Mitigation: Use different email addresses for different purposes:

  • Public customer-facing email
  • Admin/internal email
  • Sensitive accounts (banking, registration)
  • Personal email (entirely separate)

Email Provider Choice

Some email providers scan content, build advertising profiles, and have extensive data-sharing relationships.

Mitigation: For sensitive business email, consider a privacy-focused provider (ProtonMail, Tutanota, Fastmail) or self-hosted email. For low-sensitivity correspondence, Gmail is fine with awareness of its data practices.


The Phone Number Problem

Phone numbers are unique identifiers that connect multiple databases.

Personal Cell as Business Number

If your personal cell is on your website, business cards, and vendor accounts, it's a direct line to your personal identity.

Mitigation: Use a separate business number. Options:

  • VoIP service (Google Voice, OpenPhone, Grasshopper)
  • Separate business cell line
  • Virtual phone service

Carrier Records

Your mobile carrier has extensive records connecting your phone to your identity, location history, and billing address.

Mitigation: For high-threat models, consider a separate carrier for business. For most people, just keeping the number separate from public listings is sufficient.

SMS as Two-Factor

Using SMS for two-factor authentication on sensitive accounts creates SIM-swap vulnerability and connects your phone to those accounts.

Mitigation: Use authenticator apps or hardware keys instead of SMS where possible. Keep the phone number used for unavoidable SMS 2FA off public listings.


The Digital Footprint Problem

Even with clean legal structure and good address hygiene, your digital behavior can connect the dots.

Browser Fingerprinting

Your browser configuration (plugins, fonts, screen size, time zone) creates a unique fingerprint. If you browse personal sites and business sites from the same browser, they're linkable.

Mitigation: For high-threat models, use separate browsers or browser profiles for business vs. personal. For most people, awareness is enough — perfect fingerprint isolation is hard.

Social Media

If your business social media and personal social media are linked (same email, following each other, posting from same device), the connection is trivial.

Mitigation: Maintain real separation if you want real privacy. Different emails, different devices if necessary, no cross-following.

Search and Login History

If you're logged into Google while searching for business topics, that data is associated with your personal profile.

Mitigation: Use separate browser profiles or private browsing for sensitive searches. Log out of personal accounts when doing business research.

IP Address

Your IP address appears in logs everywhere you connect. If you access personal and business accounts from the same IP, they're linkable.

Mitigation: VPNs help but aren't perfect. For high-threat models, use different networks or VPN servers for different identities.


The Consistency Principle

Operational privacy boils down to one principle:

Whatever separation you've created in your legal structure, maintain in your daily operations.

If your LLC is separate from your personal identity, don't give vendors your personal email.

If your business address is a mailbox, don't put your home address on invoices.

If you've invested in privacy, don't undermine it with inconsistent habits.

This isn't paranoia — it's coherence. The structure and the operations should match.


The Operational Privacy Checklist

Here's a practical checklist for maintaining operational privacy:

Addresses

  • Business mailing address that isn't your home
  • Registered agent address on state filings
  • Business address on bank accounts (where accepted)
  • Business address on vendor accounts
  • Business address as shipping return address
  • WHOIS privacy on domain registrations

Email

  • Business email on your own domain
  • Separate personal email
  • Different emails for different sensitivity levels
  • Privacy-respecting provider for sensitive email

Phone

  • Business phone number separate from personal
  • Business number on website and cards
  • Personal number only for personal contacts

Digital

  • Separate browser profiles or browsers for business
  • Not logged into personal accounts while doing business
  • Social media accounts properly separated
  • VPN awareness for sensitive activities

Documents

  • Business name and address on invoices
  • Consistent name usage across platforms
  • Review of what you sign with your personal name

Calibrating to Your Threat Model

Not everyone needs military-grade opsec. Calibrate your practices to your actual risks:

Low Threat (Casual Privacy)

You want to avoid spam, data brokers, and nosy neighbors.

  • Use a business address consistently
  • Separate business and personal email
  • Use WHOIS privacy
  • Basic awareness

This handles 90% of casual search attempts.

Medium Threat (Professional Privacy)

You're a doctor, lawyer, executive, or public figure. People might specifically search for you.

  • All of the above, plus:
  • Separate phone number
  • Careful social media separation
  • Regular data broker removal
  • Awareness of what's public in professional databases

High Threat (Adversarial Privacy)

You face stalking, harassment, or determined investigation.

  • All of the above, plus:
  • Separate devices for different identities
  • VPN and network separation
  • Minimal social media presence
  • Physical security awareness
  • Possibly international components

Most business owners fall into medium threat. The high-threat category is for specific situations — journalists, activists, domestic abuse survivors, high-conflict divorces, high-profile litigation.


When Perfect Privacy Isn't Possible

Some situations require trade-offs:

Banking

Banks must know who you are. You can't hide from your bank. You can choose which address goes on the account (sometimes), but they have your identity.

Accept this and focus privacy efforts elsewhere.

Professional Licensing

Many licenses require public information. A medical license, law license, or real estate license may publish your name and address.

Mitigate where possible (use office address, not home), but accept that some exposure is the price of licensure.

Tax Filing

The IRS knows who you are. Your tax returns connect your entities to your Social Security Number.

This isn't public, but it exists. Privacy architecture reduces public exposure, not government knowledge.

Court Records

If you're involved in litigation, court records may become public.

Structure can reduce what's discoverable, but once you're in court, much becomes visible.

The goal isn't perfect privacy — it's appropriate friction for your situation.


Summary

  • Structure without operational discipline is wasted — your habits must match your legal architecture
  • Address is the #1 leak point — use a consistent business address everywhere
  • Email connects identities — separate business and personal, use your own domain
  • Phone numbers are identifiers — get a separate business line
  • Digital footprints matter — browser profiles, social media, and login patterns all create connections
  • Calibrate to your threat model — not everyone needs extreme opsec, but everyone needs basic hygiene
  • Accept trade-offs — banks, licenses, and taxes require some disclosure; focus on reducing public exposure

Frequently asked questions

What's the most common operational privacy mistake?
Using your home address inconsistently. People form an anonymous LLC, then use their home address for the bank, the insurance company, the vendor account, and shipping — undoing the privacy they just paid for.
Do I need separate email for my business?
Yes. Your business email should not be your personal email. Ideally, use a domain you own (not Gmail) and separate inboxes for different purposes — customer-facing, admin, sensitive.
What about phone numbers?
Your personal cell shouldn't be your business number. Use a VoIP service or separate business line. This keeps your personal number off vendor forms, websites, and business listings.
How important is digital privacy for business owners?
Very. Your browser fingerprint, social media activity, and email habits can connect your personal identity to your business even if your legal structure is clean. Digital operational security is a companion to legal privacy.
Is this paranoid?
It depends on your threat model. For someone avoiding casual searches, basic operational hygiene is enough. For someone facing stalking or litigation risk, rigorous operational security is prudent. Calibrate to your actual situation.

Tags

operational securityopsecbusiness privacymailing addressdigital privacyhabits

Put this chapter into practice

Browse the vetted directory to compare every tool, or run a free check on your own exposure.