Back to Home

Privacy Policy

Effective Date: March 28, 2026  |  Last Updated: March 28, 2026  |  Version 2.0

1. Introduction

Welcome to Iris Secure Technology Solutions. We are committed to protecting your privacy and handling your data transparently. This Privacy Policy explains how we collect, use, store, and protect your information when you use any of our platforms and services.

Contact Information

2. Scope — Platforms & Services Covered

This Privacy Policy applies to all Iris Secure platforms and services, including:

Iris Secure Website

Main website, portfolio, blog, contact forms, and newsletter

Iris Workspace

Project management, team collaboration, and business tools

Iris Financial

Financial management, invoicing, expense tracking, and bank integrations via Plaid

Iris Pay

Cross-border payment collection, commission management, and local currency payouts via Stripe & Wise

IrisMeet

Video conferencing, polls, scheduling, and meeting management

PawaPay Integration Hub

Mobile money payment processing and transaction relay

3. Information We Collect

3.1 Information You Provide

Account Registration:

  • Name (first and last)
  • Email address
  • Password (encrypted via bcrypt, never stored in plain text)
  • Company name and business information
  • Phone number (optional)
  • Country and region (for Iris Pay sellers)

Financial Data (Iris Financial & Iris Pay):

  • Bank account connections (via Plaid for Iris Financial)
  • Transaction details and payment history
  • Invoices and client information
  • Expense and income records
  • Budget and financial goals
  • Seller payout information (bank details, mobile money, via Wise for Iris Pay)
  • Stripe payment data (processed by Stripe, not stored by us)

Meeting & Communication Data (IrisMeet):

  • Meeting schedules and calendar data
  • Poll responses and voting data
  • Guest names and emails (for poll participation)
  • Video/audio streams (processed in real-time, not stored by Iris Secure)

3.2 Information Collected Automatically

  • IP address
  • Browser type and version
  • Device information and operating system
  • Usage data and session information
  • Page views and interaction analytics

3.3 Information from Third Parties

  • Plaid (Iris Financial): Bank account information, transaction history (up to 24 months), account balances, and account holder names. Only with your explicit consent through Plaid's secure connection flow.
  • Stripe (Iris Pay): Payment confirmations, customer payment details, and Shopify order data. Card details are processed entirely by Stripe and never touch our servers.
  • Wise (Iris Pay): Payout status confirmations and exchange rate data.
  • PawaPay: Mobile money transaction callbacks and deposit/refund status notifications.
  • Video Conferencing Provider (IrisMeet): Session tokens for video conferencing. No video/audio data is stored.

4. How We Use Your Information

4.1 Primary Purposes

  • Service Delivery: Provide expense tracking, invoicing, bank transaction syncing, financial reports, payment collection, cross-border payouts, video conferencing, polls, and team collaboration features.
  • Account Management: Create and maintain your account, authenticate users, and provide customer support.
  • Financial Operations: Connect to bank accounts via Plaid, process payments via Stripe, manage commissions, convert currencies, and execute payouts via Wise.
  • Communication: Send appointment confirmations, meeting reminders, poll notifications, and service alerts.

4.2 Secondary Purposes

  • Service improvement and analytics
  • Security monitoring and fraud prevention
  • Legal compliance and regulatory reporting
  • Newsletter and marketing communications (with your consent)

5. How We Share Your Information

5.1 Service Providers

ProviderPurposeData Shared
PlaidBank account aggregation (Iris Financial)Bank credentials (never stored by us), transaction data
StripePayment processing (Iris Pay)Payment amounts, customer info (PCI DSS compliant)
WiseCross-border payouts (Iris Pay)Recipient bank details, payout amounts
PawaPayMobile money processingPhone numbers, transaction amounts
Video Conferencing ProviderVideo conferencing (IrisMeet)Session tokens only (no stored media)
SMS ProviderSMS message deliveryPhone numbers, message content
Cloud Hosting ProviderApplication hosting & databaseEncrypted storage and transmission

5.2 Legal Requirements

We may disclose your information to comply with legal obligations, respond to lawful requests, protect our rights, or prevent fraud.

5.3 What We Never Do

  • We never sell your personal data to third parties.
  • We never share your mobile number or SMS opt-in data with third parties for marketing purposes.
  • We never store raw bank credentials or credit card numbers on our servers.

6. Data Security

6.1 Security Measures

  • Encryption: TLS 1.2+ for data in transit; AES-256 encryption at rest for database storage; AES-256-GCM for Iris Pay token encryption.
  • Authentication: bcrypt password hashing (cost factor 10), JWT session tokens with HTTP-only cookies, session expiry after 30 days.
  • Access Controls: Role-based access control (RBAC) with Admin, Member, and Super Admin roles; multi-tenant data isolation.
  • Infrastructure: Secure cloud hosting with SOC 2 certified providers, DDoS protection, rate limiting on authentication endpoints.
  • Monitoring: 24/7 security monitoring, automated dependency vulnerability scanning, HMAC webhook verification for payment integrations.
  • Payment Security: Stripe PCI DSS compliance for card handling; Plaid bank-level encryption for financial data.

6.2 Data Breach Notification

In the event of a data breach, we will notify affected users within 72 hours with details of the breach scope and remediation steps. Breach-related logs are retained for 3 years for forensic purposes.

7. Your Privacy Rights

Right to Access

Get a copy of your data in machine-readable format (JSON/CSV) within 30 days.

Right to Rectification

Correct inaccurate or incomplete data.

Right to Deletion

Request account and data deletion (30-day grace period; financial records retained 7 years for tax compliance).

Right to Restrict Processing

Limit how we use your data.

Right to Data Portability

Receive your data in a portable, structured format.

Right to Object

Opt out of certain processing activities.

Right to Withdraw Consent

Revoke consent at any time without affecting prior lawful processing.

Right to Opt Out of SMS

Reply STOP to any SMS message at any time.

To exercise any of these rights, contact: [email protected]

8. Data Retention

Data TypeRetention PeriodDisposal Method
Financial transactions7 years (tax compliance)Secure database deletion
Invoices7 yearsSecure database deletion
Active account dataDuration of accountN/A
Closed account data90 days after closurePermanent deletion
Plaid access tokensActive connection + 30 daysToken invalidation + deletion
Iris Pay seller data7 years (financial records)Anonymized after deletion
PawaPay transactions7 yearsSecure database deletion
SMS opt-in records4 years (TCPA compliance)Secure deletion
SMS delivery logs12 monthsAutomated purge
System logs90 daysAutomated purge
Database backups30–365 days (rotating)Secure overwrite
Deleted user data30-day grace periodPermanent deletion

9. Cookies and Tracking

We use essential cookies for session management and authentication. We may also use analytics cookies (such as Google Analytics) to understand how visitors use our site. You can control cookies through your browser settings, though disabling essential cookies may affect service functionality.

10. SMS Campaign Privacy

When you opt in to receive SMS messages from Iris Secure, we collect your mobile phone number, name (if provided), opt-in timestamp, opt-in method, and message delivery logs.

SMS Data Usage

We use your mobile number solely to:

  • Send service notifications and security alerts
  • Deliver account verification and two-factor authentication (2FA) codes
  • Send appointment confirmations and reminders
  • Provide Iris Pay transaction alerts and seller notifications
  • Respond to customer support inquiries

SMS Opt-Out

Reply STOP to any SMS message at any time. You may also use: CANCEL, END, QUIT, or UNSUBSCRIBE. You will receive a one-time confirmation and no further messages unless you re-enroll.

SMS Data Sharing

We do not sell, rent, trade, or share your mobile phone number or SMS opt-in data with third parties for their own marketing purposes. SMS data is shared only with our SMS service provider for message delivery and wireless carriers for routing, or as required by law.

11. Children's Privacy

Our services are not directed to individuals under 13 years of age (18 for financial services). We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately.

12. International Data Transfers

Iris Secure operates globally through Iris Pay and other services. Your data may be transferred to and processed in countries other than your own, including the United States. We ensure all international data transfers are protected by appropriate safeguards, including encryption in transit and at rest, and compliance with applicable data protection regulations.

13. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email, in-app notifications, and/or SMS to active subscribers. Changes take effect 30 days after notification. The most current version is always available at https://irissecure.tech/privacy-policy.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy:

Response Time: Within 5 business days

Related Policies

Terms of Service