Privacy Policy

Last Modified: September 22, 2025

This Privacy Policy explains how we collect, use, disclose, retain, and delete information about you when you use our websites, applications, and services (collectively, the “Service”). Your use of the Service is subject to this Policy and our Terms of Service. By using the Service you consent to the practices described here.

Consent

By accessing or using the Service, you agree that your information will be handled as described in this Policy and in our Terms of Service, including limitations on damages and dispute resolution.

What Information Do We Collect?

We collect information directly from you and automatically when you use the Service.

Information We Collect Directly

• Account information. Name, email, phone number, and settings when you create an account or communicate with us.
• Service content. Content you upload or create in the Service (e.g. uploaded receipts)
• Payment and bank connections. We use third party providers to connect financial accounts and process payments. We do not receive your bank credentials. We may store tokens or identifiers returned by the provider.
• Support information. Messages, attachments, and troubleshooting details when you contact support.

Information We Collect Automatically

Like many online services, we collect information through cookies and similar technologies. This includes IP address, device identifiers, browser and OS type, pages viewed, links clicked, and the time spent using the Service. We use analytics services to help us understand usage patterns and improve the Service. Most browsers accept cookies by default; you can change settings to block or delete cookies.

Once you connect a credit or debit card through a third-party provider, we monitor transactions on that card, including merchant identifier and amount.

How Do We Use Your Information?

We use information to:

- Provide, maintain, and improve the Service.
- Authenticate users and secure accounts.
- Operate third party financial connections through providers.
- Respond to inquiries and provide support.
- Monitor and protect the Service against misuse, fraud, and security risks.
- Comply with legal obligations and enforce our terms.

How Do We Share Your Information?

We do not sell your personal information. We may share information as follows:

- With service providers. Vendors that host, support, or operate parts of the Service, send communications, or provide analytics, under contracts that limit use to our instructions.
- Business transfers. In connection with a merger, financing, acquisition, or sale of assets.
- Legal requirements. To comply with law, legal process, or a valid request from authorities.
- Protection. To investigate and address fraud, security issues, and violations of our terms.
- Aggregate or de-identified data. We may share information that cannot reasonably identify you.

Security of Personal Information

We use administrative, technical, and physical safeguards to protect information, including access controls, MFA, encryption in transit and at rest, logging and monitoring, and regular reviews. No security measures are perfect. If we discover a breach, we will investigate and take steps required by law.

Reviewing, Modifying, or Deleting Your Information

You can request access to, correction of, or deletion of certain personal information by contacting us. We may need to verify your identity and retain some information where required by law or for legitimate business needs.

Retention and Deletion

We retain information only as long as necessary for the purposes described above or as required by law or contract. Unless a legal hold applies, we follow these rules:

- Third party accounts with restricted data (for example, Plaid linked accounts and bank tokens): we deprovision within 1 month of your account deactivation. Tokens are revoked and internal references removed.
- Logs: kept 12 months through log group retention and lifecycle rules.
- Customer support data: kept 24 months, unless earlier deletion is requested and allowed.
We also minimize what we store, encrypt restricted data in transit and at rest, and use cryptographic deletion when feasible by rotating or destroying keys. If you request deletion, we remove data that is not needed for legal, security, or fraud prevention reasons. Backup copies expire on their normal schedule and are not restored except where required by law.

International Transfers

If we transfer personal data across borders, we use legally required mechanisms and take steps to ensure an adequate level of protection.

Children

The Service is not directed to children under the age of majority, and we do not knowingly collect personal data from children.

Do Not Track

We currently do not respond to browser Do Not Track signals.

Changes to This Policy

We may update this Policy to reflect changes to the Service or to applicable laws. We will post updates with a new effective date.

Contact Us

Questions or requests about privacy can be sent to seamus@presspass.ai.

Effective Date: September 22, 2025