Privacy Policy for Iris Financial Ecosystem

Introduction

Welcome to Iris Financial. We are committed to protecting your privacy and handling your data transparently. This Privacy Policy explains how we collect, use, store, and protect your information when you use our financial management and payment processing services.

1. Information We Collect

1.1 Information You Provide

Account Registration (All Products)

• Name (first and last)
• Email address
• Password (encrypted and never stored in plain text)
• Company/Business name and information
• Phone number (optional or required based on product)
• Physical address (for business verification)
• Country/Region of operation

Iris Secure Financial (Web Platform) Specific

• Bank account connections (via Plaid)
• Transaction details from bank imports
• Invoices and client information
• Expense and income records
• Budget and financial goals
• Team member information

Iris Money (Mobile App) Specific

• Business Information: Business category, website URL, tax ID
• Payment Information: Bank account details for payouts
• Payment Link Data: Product/service descriptions, prices, currency preferences
• Transaction Records: Sales history, payment amounts, customer details
• Branding Assets: Profile picture, logo, brand colors
• Subscription Tracking Data: Third-party subscriptions you choose to track (Netflix, AWS, etc.)

1.2 Information Collected Automatically

Web Platform

• IP address
• Browser type and version
• Device information
• Usage data and session information
• Cookies and session tokens

Mobile App

• Device Information: Device type, operating system version, unique device identifiers
• App Usage Data: Features used, screens viewed, session duration
• Push Notification Token (iOS only, if notifications enabled)
• Location Data: Country/region based on IP address (not precise GPS location)
• Log Data: App version, crash reports, error logs

1.3 Information from Third Parties

Plaid Integration (Iris Secure Financial Only)

Bank account information, transaction history (up to 24 months), account balances, and account holder names. We receive this information only with your explicit consent through Plaid's secure connection flow.

Plaid Privacy Policy: https://plaid.com/legal/#privacy-policy

Payment Processors (Iris Money Only)

Google Authentication (Optional)

If you sign in with Google, we receive: Name, Email address, Profile picture (optional).

2. How We Use Your Information

2.1 Primary Purposes

Iris Secure Financial (Web)

• Service Delivery: Expense tracking, invoicing, bank transaction syncing, financial reports, team access management
• Account Management: User authentication, customer support
• Financial Operations: Connect to bank accounts via Plaid, import and categorize transactions, track income and expenses

Iris Money (Mobile)

• Payment Processing: Create and manage payment links, process payments via Stripe and PawaPay, handle customer transactions
• Payout Management: Process payout requests to your bank account, track payout status
• Business Tools: Generate sales analytics, track subscription expenses, manage customer disputes
• Account Management: Verify business information, manage pricing tier/subscription, provide customer support

2.2 Secondary Purposes (Both Products)

• Service improvement and analytics
• Security and fraud prevention
• Legal and regulatory compliance
• Push notifications for important updates (mobile app only)
• Marketing communications (with your consent)

3. How We Share Your Information

3.1 Service Providers

Financial Services

Infrastructure Providers

• Hosting Providers (Vercel, Abacus AI, AWS): Application hosting and database storage — Encrypted storage and transmission, SOC 2 Type II certified
• Database Hosting: PostgreSQL database hosting — Encryption at rest and in transit

Communication Services

• Email Service Providers: For transactional emails, support communications
• Push Notification Services (iOS only): Apple Push Notification Service (APNs)

Analytics & Monitoring

• Error Tracking: Crash reporting and performance monitoring (anonymized)
• Usage Analytics: Feature usage patterns (aggregated and anonymized)

3.2 Legal Requirements

We may disclose your information to:

• Comply with legal obligations (court orders, subpoenas)
• Respond to lawful requests from government authorities
• Protect our rights, property, or safety
• Prevent fraud, security threats, or illegal activity
• Enforce our Terms of Service

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and prominent notice in the app/website.

4. Data Security

4.1 Security Measures

4.2 Data Breach Notification

In the event of a data breach affecting your personal information, we will:

1. Notify affected users within 72 hours with details of the breach
2. Provide information about what data was compromised
3. Explain remediation steps and actions we're taking
4. Notify relevant regulatory authorities as required by law

5. Your Privacy Rights

Region-Specific Rights

Users in other regions may have additional rights under local laws. Contact us to learn more.

6. Data Retention

Retention Periods by Data Type

Data Deletion Process

1. Account Deletion Request: Email [email protected]
2. Verification: We verify your identity
3. Deletion Timeline: Within 30 days of verification
4. Exceptions: Data retained for legal compliance (financial records) will be anonymized where possible
5. Confirmation: You'll receive confirmation when deletion is complete

Note: Some data may persist in backups for up to 90 days but will be inaccessible.

See our full Data Retention Policy for more details.

7. Cookies and Tracking

Web Platform (Iris Secure Financial)

• Essential Cookies: Session management, authentication (required for service)
• Analytics Cookies: Usage patterns, feature adoption (optional, can be disabled)
• Preference Cookies: UI settings, language preferences

Mobile App (Iris Money)

• No Cookies: Mobile apps use secure storage instead of browser cookies
• Analytics: In-app analytics for crash reporting and feature usage (can be disabled in settings)
• Session Tokens: Stored securely in device keychain (iOS) or secure storage (Android)

Cookie Control

• Web: Control via browser settings or cookie consent banner
• Mobile: Control via app settings > Privacy
• Note: Disabling essential cookies/storage may affect service functionality

8. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If we discover that we have collected information from a child under 18, we will delete the information immediately, terminate the account, and notify the email address on file.

If you believe a child has provided us with personal information, contact: [email protected]

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States (cloud hosting, payment processors), the European Union (data centers), and other countries where our service providers operate.

Safeguards

• Standard Contractual Clauses (SCCs): For EU data transfers
• Adequacy Decisions: Transfer to countries with adequate data protection
• Encryption: All data encrypted in transit and at rest
• Contractual Protections: Data processing agreements with all vendors

10. Third-Party Links and Services

Our services may contain links to third-party websites, apps, or services (e.g., payment processors, social media).

Third Parties We Link To:

• Stripe: https://stripe.com/privacy
• PawaPay: https://www.pawapay.io/privacy-policy
• Plaid: https://plaid.com/legal/#privacy-policy
• Google: https://policies.google.com/privacy

11. Push Notifications (Mobile App)

What We Send

• Payment confirmations and receipts
• Payout status updates
• Dispute alerts and customer messages
• Subscription payment reminders
• Important security alerts

Your Control

• Disable Notifications: Device Settings > Iris Money > Notifications
• Selective Notifications: App Settings > Notifications (choose which types)
• Note: Disabling may delay important account updates

iOS Only: Push notifications currently supported on iOS. Android support coming soon.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, new features or services, legal or regulatory requirements, and user feedback.

Notification of Changes

• Material Changes: Email notification + in-app/website banner
• Minor Changes: Updated "Last Updated" date + website posting
• Effective Date: Changes take effect 30 days after notification
• Your Options: Continued use = acceptance; object = account closure option

Version History

• Version 1.0 (January 4, 2026): Initial policy for Iris Secure Financial
• Version 2.0 (April 19, 2026): Updated to cover Iris Money mobile app and unified ecosystem

13. Product-Specific Privacy Information

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy:

15. Legal Compliance

This Privacy Policy is designed to comply with:

• General Data Protection Regulation (GDPR) — European Union
• California Consumer Privacy Act (CCPA) — California, USA
• Children's Online Privacy Protection Act (COPPA) — USA
• Personal Information Protection and Electronic Documents Act (PIPEDA) — Canada
• Payment Card Industry Data Security Standard (PCI-DSS) — Via Stripe
• Other applicable international data protection laws