Effective Date: January 4, 2026 | Last Updated: July 12, 2026 | Version: 2.2
Introduction
Welcome to Iris Financial. We are committed to protecting your privacy and handling your data transparently. This Privacy Policy explains how we collect, use, store, and protect your information when you use our financial management and payment processing services.
This policy covers:
Iris Secure Financial
Web-based accounting and expense management platform
Subscription Tracking Data: Third-party subscriptions you choose to track (Netflix, AWS, etc.)
1.2 Information Collected Automatically
Web Platform
IP address
Browser type and version
Device information
Usage data and session information
Cookies and session tokens
Mobile App
Device Information: Device type, operating system version, unique device identifiers
App Usage Data: Features used, screens viewed, session duration
Push Notification Token (iOS only, if notifications enabled)
Location Data: Country/region based on IP address (not precise GPS location)
Log Data: App version, crash reports, error logs
1.3 Information from Third Parties
Plaid Integration (Iris Secure Financial Only)
Bank account information, transaction history (up to 24 months), account balances, and account holder names. We receive this information only with your explicit consent through Plaid's secure connection flow.
Hosting Providers (Vercel, Abacus AI, AWS): Application hosting and database storage — Encrypted storage and transmission, SOC 2 Type II certified
Database Hosting: PostgreSQL database hosting — Encryption at rest and in transit
Communication Services
Email Service Providers: For transactional emails, support communications
Push Notification Services (iOS only): Apple Push Notification Service (APNs)
Analytics & Monitoring
Error Tracking: Crash reporting and performance monitoring (anonymized)
Usage Analytics: Feature usage patterns (aggregated and anonymized)
3.2 Legal Requirements
We may disclose your information to:
Comply with legal obligations (court orders, subpoenas)
Respond to lawful requests from government authorities
Protect our rights, property, or safety
Prevent fraud, security threats, or illegal activity
Enforce our Terms of Service
3.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and prominent notice in the app/website.
4. Data Security
4.1 Security Measures
Encryption
TLS 1.2+ for all client-server communications, HTTPS enforced
PostgreSQL database encryption at rest
Password hashing using bcryptjs (cost factor 10)
JWT tokens stored as HTTP-only cookies (web), secure storage (mobile)
Access Controls
Role-Based Access Control (RBAC): ADMIN, MEMBER roles
Multi-Tenant Isolation: All queries enforce tenant-level separation
Automatic session expiry (30 days web, configurable mobile)
Essential Cookies: Session management, authentication (required for service)
Analytics Cookies: Usage patterns, feature adoption (optional, can be disabled)
Preference Cookies: UI settings, language preferences
Mobile App (Iris Money)
No Cookies: Mobile apps use secure storage instead of browser cookies
Analytics: In-app analytics for crash reporting and feature usage (can be disabled in settings)
Session Tokens: Stored securely in device keychain (iOS) or secure storage (Android)
Cookie Control
Web: Control via browser settings or cookie consent banner
Mobile: Control via app settings > Privacy
Note: Disabling essential cookies/storage may affect service functionality
8. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.
If we discover that we have collected information from a child under 18, we will delete the information immediately, terminate the account, and notify the email address on file.
If you believe a child has provided us with personal information, contact: [email protected]
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States (cloud hosting, payment processors), the European Union (data centers), and other countries where our service providers operate.
Safeguards
Standard Contractual Clauses (SCCs): For EU data transfers
Adequacy Decisions: Transfer to countries with adequate data protection
Encryption: All data encrypted in transit and at rest
Contractual Protections: Data processing agreements with all vendors
10. Third-Party Links and Services
Our services may contain links to third-party websites, apps, or services (e.g., payment processors, social media).
Important:
We are not responsible for the privacy practices of third parties. Please review their privacy policies before providing information.
Selective Notifications: App Settings > Notifications (choose which types)
Note: Disabling may delay important account updates
iOS Only: Push notifications currently supported on iOS. Android support coming soon.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices, new features or services, legal or regulatory requirements, and user feedback.
Notification of Changes
Material Changes: Email notification + in-app/website banner
Minor Changes: Updated "Last Updated" date + website posting
Effective Date: Changes take effect 30 days after notification
Your Options: Continued use = acceptance; object = account closure option
Version History
Version 1.0 (January 4, 2026): Initial policy for Iris Secure Financial
Version 2.0 (April 19, 2026): Updated to cover Iris Money mobile app and unified ecosystem
Version 2.1 (July 3, 2026): Added Section 15 (SMS Communications) covering the Iris Financial SMS program, Text-to-Give, and opt-in/opt-out disclosures
Version 2.2 (July 12, 2026): Updated Section 15 to describe the guided, reply-based Text-to-Give flow with card-on-file (removing payment-link references), corrected opt-in keyword list (organization keyword plus START/YES/UNSTOP; removed GIVE as a universal keyword), clarified YES as a transactional confirmation token, and confirmed STOPALL as a supported opt-out keyword
13. Product-Specific Privacy Information
Iris Secure Financial (Web)
Primary Data Flow: Plaid → Bank Transactions → Our Database → Your Dashboard
Key Risk: Bank account access via Plaid (you control, can revoke anytime)
Data Sharing: Only with Plaid for bank connection functionality
Unique Feature: Team access (admins can see all org data)
Iris Money (Mobile App)
Primary Data Flow: Customer Payment → Stripe/PawaPay → Our Database → Your Account
Key Risk: Payment processing (PCI-DSS compliant, we don't store card numbers)
Data Sharing: With Stripe and PawaPay for payment processing
Unique Feature: Public payment links (customer info shared only after payment)
14. Contact Us
For questions, concerns, or requests regarding this Privacy Policy:
Iris Financial (operated by Iris Secure Technology Solutions LLC) sends transactional SMS messages to users who have explicitly opted in. Messages are sent exclusively through the Iris Financial platform at irisfinancial.tech. This SMS program is fully independent from any other Iris Secure product — consent collected here is never used for communications from irissecure.tech, Iris Workplace, or WeMeet.
15.2 Information We Collect for SMS
When you opt in to receive SMS messages from Iris Financial, we collect:
Mobile phone number
Name (if provided at opt-in)
Date, time, and method of opt-in consent
Exact opt-in language shown at time of consent
IP address at time of consent
Message delivery status and interaction logs
15.3 How We Use SMS Data
We use your mobile phone number solely to send:
Iris Pay transaction confirmations and payment alerts
Text-to-Give donation processing confirmations and receipts
Donor giving statements and church/nonprofit fund notifications
Invoice payment reminders
Supplier order and delivery notifications
PawaPay mobile money transaction confirmations for African market users
Account security alerts specific to the Iris Financial platform
15.4 SMS Data Sharing
Mobile information will not be shared with third parties or affiliates for marketing or promotional purposes. SMS opt-in data is shared only with:
Telnyx Inc. — our SMS delivery provider, solely for message transmission
Wireless carriers — for message routing and delivery
As required by applicable law or court order
SMS consent collected on the Iris Financial platform is never shared with or reused by any other Iris Secure product.
15.5 Opt-In
You may opt in by:
Checking the SMS consent checkbox on the Iris Financial registration or account settings page (checkbox is unchecked by default)
Texting your organization's unique giving keyword (provided by your church or nonprofit) to our number to begin a guided giving conversation
Replying START, YES, or UNSTOP to resume messages after a prior opt-out
Providing written consent during onboarding
The exact consent language shown at opt-in is:
"By providing your mobile number and checking this box, you agree to receive recurring account, transaction, and donation-related text messages from Iris Financial (Iris Secure Technology Solutions LLC). Message frequency varies. Message and data rates may apply. Reply HELP for help and STOP to unsubscribe. Consent is not a condition of any purchase or donation."
Consent is not a condition of any purchase, donation, or use of our services.
15.6 Opt-Out
Reply STOP to any message at any time. Additional opt-out keywords: STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT. You will receive one final confirmation message and no further messages unless you re-enroll. You may also opt out by emailing [email protected] or toggling off SMS notifications in your account settings.
15.7 Message Frequency and Rates
Message frequency varies based on your account activity — up to 4 messages per month on average. Message and data rates may apply depending on your carrier and plan. Iris Financial is not responsible for any carrier charges.
Note: YES also serves as a transactional confirmation within an active giving conversation (for example, confirming a repeat gift we flag as a possible duplicate). In that context YES authorizes that specific gift and is not a general marketing opt-in.
15.10 Donation-Specific Disclosure
Our Text-to-Give feature uses a guided, reply-based conversation — not payment links texted to you. After a donor begins (by texting the organization's unique giving keyword or replying to a prompt), we ask how much they would like to give and, where applicable, which fund. A first gift is completed once through a secure, single-use card page; with the donor's permission the card is then securely saved so future gifts can be completed by confirming via text, and we may ask the donor to confirm an amount before charging. If a saved card is declined, we send a secure link to update it. Donations are charged on the receiving organization's own payment account through our payment processor. Iris Financial does not add fees to SMS donations. Standard message and data rates from your carrier still apply.
15.11 Supported Carriers
All major US wireless carriers including AT&T, Verizon, T-Mobile, and regional carriers. Iris Financial is not liable for delayed or undelivered messages.
15.12 International SMS
For users in DRC, Morocco, Senegal, and other African markets, outbound transaction notifications are sent via registered Alphanumeric Sender ID ("IrisFinancial"). These are one-way notifications — recipients cannot reply to international messages. Opt-out for international users is managed through in-app account settings.
15.13 SMS Data Retention
SMS opt-in consent records: 4 years (TCPA compliance requirement)
Message delivery logs: 12 months then automatically purged
Opt-out records: Maintained indefinitely to prevent future messaging
16. Legal Compliance
This Privacy Policy is designed to comply with:
General Data Protection Regulation (GDPR) — European Union
California Consumer Privacy Act (CCPA) — California, USA
Children's Online Privacy Protection Act (COPPA) — USA
Personal Information Protection and Electronic Documents Act (PIPEDA) — Canada
Payment Card Industry Data Security Standard (PCI-DSS) — Via Stripe
Other applicable international data protection laws
Last Updated: July 3, 2026
Effective Date: January 4, 2026
Version: 2.1
Approved By: Support Team
By using Iris Secure Financial or Iris Money, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.