Privacy Policy

Effective Date: January 4, 2026 | Last Updated: January 4, 2026

Introduction

Welcome to Iris Secure Financial. We are committed to protecting your privacy and handling your data transparently. This Privacy Policy explains how we collect, use, store, and protect your information when you use our financial management services.

Contact Information:

Company Name: Iris Secure Financial
Contact: Support Team
Phone: +1-508-365-9038
Email: [email protected]
Website: https://irissecure.tech/

1. Information We Collect

1.1 Information You Provide

Account Registration:

Name (first and last)
Email address
Password (encrypted and never stored in plain text)
Company name and business information
Phone number (optional)

Financial Data:

Bank account connections (via Plaid)
Transaction details
Invoices and client information
Expense and income records
Budget and financial goals

1.2 Information Collected Automatically

IP address
Browser type and version
Device information
Usage data and session information

1.3 Information from Third Parties

Plaid Integration: Bank account information, transaction history (up to 24 months), account balances, and account holder names. We receive this information only with your explicit consent through Plaid's secure connection flow.

2. How We Use Your Information

2.1 Primary Purposes

Service Delivery: Provide expense tracking, invoicing, bank transaction syncing, financial reports, and team access management
Account Management: Create and maintain your account, authenticate users, provide customer support
Financial Operations: Connect to bank accounts via Plaid, import and categorize transactions, track income and expenses

2.2 Secondary Purposes

Service improvement and analytics
Security and fraud prevention
Legal compliance

3. How We Share Your Information

3.1 Service Providers

Plaid (Financial Data Aggregation):

Purpose: Connect and sync bank accounts
Data Shared: Bank account credentials (never stored by us), transaction data
Privacy Policy: https://plaid.com/legal/#privacy-policy

Hosting Providers (Vercel/Abacus AI, AWS):

Purpose: Application hosting and database storage
Security: Encrypted storage and transmission

3.2 Legal Requirements

We may disclose your information to comply with legal obligations, respond to lawful requests, protect our rights, or prevent fraud.

4. Data Security

4.1 Security Measures

Encryption: TLS 1.2+ for data in transit, encryption at rest for database storage
Access Controls: Role-based access control (RBAC), multi-tenant data isolation, session-based authentication with JWT tokens
Infrastructure: Secure cloud hosting with SOC 2 certified providers, regular security audits
Monitoring: 24/7 security monitoring and intrusion detection

4.2 Data Breach Notification

In the event of a data breach, we will notify affected users within 72 hours with details and remediation steps.

5. Your Privacy Rights

Summary of Your Rights:

✅ Right to Access: Get a copy of your data
✅ Right to Rectification: Correct inaccurate data
✅ Right to Deletion: Request account deletion
✅ Right to Restrict Processing: Limit how we use your data
✅ Right to Data Portability: Receive data in portable format
✅ Right to Object: Opt out of certain processing
✅ Right to Withdraw Consent: Revoke consent at any time

To exercise any of these rights, contact: [email protected]

6. Data Retention

Data Type	Retention Period
Active account data	Duration of account
Closed account data	90 days
Financial transactions	7 years (tax compliance)
Invoices	7 years
Plaid access tokens	Active connection + 30 days
System logs	90 days

For full details, see our Data Retention and Disposal Policy.

7. Cookies and Tracking

We use essential cookies for session management and authentication. You can control cookies through your browser settings, though disabling essential cookies may affect service functionality.

8. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email and in-app notifications. Changes take effect 30 days after notification.

10. Contact Us

For questions, concerns, or requests regarding this Privacy Policy:

Email: [email protected]

Subject Line: "Privacy Inquiry"

Response Time: Within 5 business days

Data Protection Officer: Support Team

Last Updated: January 4, 2026

Effective Date: January 4, 2026

Version: 1.0