Privacy Policy

1. Who we are

BankChangeGuard ("BankChangeGuard," "we," or "us") is a software-as-a-service product for verifying vendor bank-account changes, operated by Muhammad Hassaan Javed, an individual sole proprietor based in Pakistan, doing business as BankChangeGuard. You can reach us using the contact details at the end of this Policy.

BankChangeGuard currently operates as a sole proprietorship; a postal address for legal notices is available on request at the contact above.

2. Our role: controller and processor

We handle two distinct categories of data in two distinct roles.

• As controller for account, billing-support, website, security, support, and business-contact data. For this data we determine the purposes and means of processing, and the legal bases in Section 5 are ours.
• As processor (or sub-processor)for the vendor data, QuickBooks Online data, verification responses, and audit records we process on behalf of a customer. For this data we act only on the customer's documented instructions under our Data Processing Addendum. The customer (as controller, or as processor for its own client) is responsible for establishing the lawful basis and for the notices owed to the vendor contacts and other individuals whose data it brings into the Service.

3. What data we collect

We collect the following categories of personal data:

• Account data: your email address and account preferences. BankChangeGuard has no password of its own; you sign in by connecting your QuickBooks Online account through Intuit.
• QuickBooks Online data (via OAuth, processed as processor): read-only access to your vendor list, including vendor names and contact emails. We do not receive bank-account numbers from QuickBooks Online; QuickBooks Online does not expose vendor bank-account data to the Service.
• Account-change reference data: when a vendor bank-account change is logged, we store only the last four digits of the old and new account, as entered by your team for verification context. We do not store full bank account numbers, routing numbers, card numbers, payment credentials, or bank-login credentials.
• Verification data (processed as processor): one-time codes sent during callback verification (stored only as a hash), recipient responses and attestation text, channel (email), timestamps, and evidence hashes.
• Billing data: handled by Polar, our Merchant of Record. We do not store your full payment card details. Polar provides us with a customer ID and the last 4 digits of your card for support purposes.
• Technical data: IP address, browser user agent, request timestamps, error logs. We do not include your email or other personal identifiers in our application logs.

4. Vendor contacts

When a customer uses BankChangeGuard to verify a vendor bank-account change, we process the vendor contact's name, email address, verification response and attestation text, and channel and timestamp metadata. This data is obtained from the customer (or from the customer's connected QuickBooks Online account), not from the vendor directly.

For this vendor data we generally act as a processoron the customer's behalf, and the customer (the controller) is responsible for the notices and lawful basis owed to its vendor contacts. As a transparency measure, every verification email we send on a customer's instruction identifies that BankChangeGuard is processing the response on the customer's behalf, why, and links back to this Policy. A vendor contact who wants to exercise rights or learn more can contact us at privacy@bankchangeguard.com and we will route the request to the relevant customer (the controller) and assist in responding.

5. Why we collect it (purposes and legal bases)

The legal bases below apply to the data for which we act as controller (account, billing-support, website, support, and security data).

• To provide the Service (legal basis: contract performance, GDPR Art. 6(1)(b)): account administration, billing-status sync, and operating the verification workflow.
• To prevent fraud and abuse (legal basis: legitimate interest, GDPR Art. 6(1)(f)): rate limiting, security monitoring, abuse detection.
• To comply with legal obligations that apply directly to us (legal basis: legal obligation, GDPR Art. 6(1)(c)): for example, retaining tax and accounting records.
• To communicate with you (legal basis: contract performance / consent): transactional emails are always sent; marketing emails (such as product updates) are sent only with your consent.

For the vendor data, QuickBooks Online data, verification responses, and audit records we process on a customer's behalf, we act as a processorand process the data only on the customer's documented instructions under our Data Processing Addendum. The legal basis for that processing, and the retention of audit-trail records to support a customer's own Nacha or other evidence needs, is determined by the customer as controller, not by us. We do not treat a customer's Nacha evidence needs as a legal obligation that applies to us.

6. Sub-processors

We maintain a single canonical list of the subprocessors that process Customer Data on our Subprocessors page, including each provider's role, region, and privacy link. That page is the authoritative source; the Terms, this Policy, the Compliance and Security page, and the Data Processing Addendum all reference it so the list cannot drift between pages.

We will notify customers at least 30 days before adding or replacing a subprocessor that processes Customer Personal Data, except where urgent security, availability, or legal reasons require shorter notice. Customers may object on reasonable data-protection grounds.

We do not sell personal data or disclose it to advertisers. We disclose Customer Data only to the authorized subprocessors listed on our Subprocessors page, to the extent necessary to provide, secure, support, and maintain the Service, or as required by law.

7. International transfers

BankChangeGuard primarily hosts and processes data in the United States (Vercel iad1 region, Neon US East). The operator administers and accesses the Service from Pakistan, which has no EU/UK adequacy decision; that access from Pakistan is itself a restricted transfer.

• For transfers of personal data out of the EEA, we rely on the EU Standard Contractual Clauses (Commission Decision 2021/914).
• For UK transfers, we use the UK International Data Transfer Addendum to those Clauses (or the UK International Data Transfer Agreement).
• For Swiss transfers, we use the Clauses as adapted for Switzerland.
• Transfers from a customer (or its vendor contacts) to BankChangeGuard are governed by the data-transfer terms in our Data Processing Addendum.

BankChangeGuard serves US-based customers during early access and does not currently onboard EU, UK, or Swiss customers. Before serving customers in those regions, BankChangeGuard will execute the applicable transfer mechanisms (the EU Standard Contractual Clauses, the UK Addendum/IDTA, and the Swiss adaptation), including for the operator's own access from Pakistan, and complete a transfer impact assessment.

8. EU / UK representative

BankChangeGuard does not currently target EU or UK customers. If that changes, BankChangeGuard will appoint and name an EU representative (GDPR Art. 27) and a UK representative (UK GDPR Art. 27) before serving customers in those regions.

9. Data retention

• Account data: for the duration of your subscription plus 90 days after cancellation for restore purposes.
• Audit trail records (verifications, evidence hashes, PDFs): up to 7 years from the date of the verification event, to support a customer's own evidence needs. Where we process this data as a processor, retention follows the customer's configuration and instructions; you may request deletion sooner, subject to legal holds (see Section 11).
• Technical logs: 30 days.
• Billing records: as required by applicable tax and accounting law (typically 7 years).

For Customer Personal Data we process as processor, we delete or return the data at the customer's choice on termination, subject to backup deletion cycles and legal retention requirements.

10. Security and breach notice

We use security controls including HTTPS / TLS 1.2+ for all transport, encryption at rest for database and storage, encrypted OAuth tokens with rotation, per-IP rate limiting, and security monitoring. We restrict access to personal data to authorized personnel on a need-to-know basis. No system is perfectly secure; we cannot guarantee absolute security. See the Compliance and Security page for the operational detail.

We will notify affected customers without undue delay after becoming aware of a personal-data breach affecting their Customer Data, with the known facts, the affected data categories, mitigation steps, and a point of contact, and we will provide information reasonably available to help customers meet their own legal obligations. Where BankChangeGuard acts as controller, we will notify supervisory authorities and affected individuals when required by applicable law.

11. Your GDPR rights

If you are in the EEA, UK, or Switzerland, you have the right to:

• Access your personal data and receive a copy
• Correct inaccurate or incomplete data
• Delete your data (subject to retention obligations in Section 9)
• Restrict processing
• Object to processing based on legitimate interests
• Data portability (receive your data in a structured, machine-readable format)
• Withdraw consent (where consent is the legal basis)
• Lodge a complaint with your supervisory authority

To exercise any of these rights, email privacy@bankchangeguard.com. We respond within 30 days. Where we process personal data as a processor on a customer's behalf (for example, vendor-contact verification data), we will forward any rights request to the relevant customer (the controller) and assist them in responding, rather than actioning it directly.

12. Your CCPA / California rights

We do not currently believe we meet the statutory thresholds to be a "business" under the CCPA/CPRA. We do not sell personal information or share it for cross-context behavioral advertising. Where we provide California-style rights, we do so as a matter of policy and do not concede statutory applicability; if we later meet the thresholds, we will update this notice with the required category-by-category disclosures.

If you are a California resident, you may, where required by law:

• Know what personal information we collect, use, and share about you
• Request deletion (subject to retention obligations)
• Correct inaccurate personal information
• Opt out of the sale or sharing of personal information (we do not sell or share)
• Non-discrimination for exercising your rights

You may use an authorized agent to submit a request, and we may verify your identity before acting. To exercise these rights, email privacy@bankchangeguard.com. We do not require an account to submit a request, and we respond within 45 days.

13. Cookies and tracking

BankChangeGuard currently uses only strictly-necessary cookies (session management and CSRF protection). We do not use third-party advertising cookies or cross-site tracking. Because we do not track users across third-party sites and do not sell or share personal information, Do-Not-Track and Global Privacy Control signals do not change our processing. If we add product analytics or such tracking in the future (for example, PostHog), this Policy will be updated, we will request consent where required, and we will honor these signals.

14. Children

The Service is intended for businesses, not individuals under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have collected such data, contact us and we will delete it.

15. Updates to this Policy

We may update this Policy to reflect changes in our services or legal requirements. Material changes will be notified by email to your registered address and posted on this page with a revised "Last updated" date.

16. Contact

For privacy questions or to exercise your rights: privacy@bankchangeguard.com. See also the Terms of Service, the Subprocessors page, and the Data Processing Addendum.