Privacy Policy

What We Collect

We collect your email address, company name, and ACH batch files you upload for scanning. We do not collect or permanently store individual employee banking details, Social Security numbers, or personally identifiable financial information beyond what is contained in your uploaded file during the scan process.

How We Use It

Solely to provide the compliance scanning and fraud detection service you requested. We do not sell, share, license, or monetize your data in any form. Your data is never used to train AI models.

How We Protect It

All data is encrypted in transit using TLS 1.2+ and encrypted at rest using AES-256. ACH files are processed in memory and are not permanently stored after scan completion. Audit logs are stored in isolated, access-controlled Google Cloud Firestore collections with strict tenant-level isolation — your data is never accessible to other users.

Data Retention

Compliance certificates and SHA-256 audit logs are retained for 7 years in accordance with Nacha Operating Rules record-keeping requirements, unless you request earlier deletion. ACH file content is not retained after the scan is complete.

Your Rights

You may request deletion of your account and all associated data at any time by emailing privacy@nachaguard.com. We will confirm deletion within 5 business days. You may also request a copy of all data we hold about you.

Third-Party Services

NachaGuard is built on Google Cloud Firebase infrastructure. Identity verification is provided by Plaid Inc. AI analysis is powered by Google Gemini. Each of these providers maintains their own privacy and security certifications. We do not share your ACH file data with any of these providers beyond what is necessary to perform the scan.

Contact

Privacy questions: privacy@nachaguard.com