Privacy Policy

1. Who We Are

Voldier is a product of MIURATA SOLUTIONS LLC, a Florida limited liability company. This Privacy Policy describes how we collect, use, and protect information when you use our accounts receivable automation and payment reconciliation platform.

Contact: [email protected]

2. Information We Collect

2.1 Information You Provide

• Account data: Name, email address, company name, role, and password (hashed with bcrypt)
• Business data: Customer names, email addresses, phone numbers, invoice amounts, and payment records you enter into the platform
• Payment method: Credit/debit card data processed by our payment processor (Stripe). We never store full card numbers.

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, timestamps, and actions taken within the application
• Device and browser data: IP address, browser type, operating system, and device identifiers
• Log data: Server logs for security and troubleshooting purposes (retained 90 days)

2.3 Bank Connection and Payment Notification Data

When you use our payment reconciliation features, we may collect bank transaction data through verified read-only bank connections, process payment notification emails you forward, or ingest bank statement files you upload. We may collect:

• Payment amount, date, and sender/reference number
• ACH trace numbers, Zelle transaction IDs, or Wire reference numbers
• Account metadata, transaction descriptions, and provider-issued connection tokens needed to maintain the read-only bank connection

We do not initiate transfers, store online banking passwords, or access unrelated inbox content. For forwarded emails, we do not retain full inbox contents outside the payment records you intentionally submit.

3. How We Use Your Information

• To provide, maintain, and improve the Service
• To automatically match payment notifications to open invoices in your account
• To send payment reminders to your customers on your behalf (only when you instruct us to)
• To generate financial reports and analytics for your business
• To send you service-related notifications and product updates
• To detect fraud, abuse, and security incidents
• To comply with legal obligations

We do not use your data to train AI/ML models sold to third parties. We may use aggregate, anonymized data to improve our own matching algorithms.

4. Information Sharing

We share your information only in the following circumstances:

• Service providers: We use third-party providers to operate the Service (e.g., cloud hosting, email delivery, SMS delivery). These providers are contractually bound to protect your data and may only process it as instructed.
• Payment processors: As of today, payment processing is handled by Stripe Inc. and Moov Financial Inc., both Money Services Businesses registered with FinCEN. They act as independent controllers of cardholder and bank-account data under their own privacy notices and security frameworks (PCI-DSS Level 1, GLBA where applicable). The list of integrated processors may change over time; we will reflect updates in this policy.
• Bank connectivity providers: When you authorize a bank connection, approved service providers may process bank account metadata, access tokens, and transaction data solely to maintain the read-only connection and deliver data to Voldier.
• Legal requirements: We may disclose information if required by law, court order, or to protect the rights, property, or safety of Voldier, our users, or the public.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

We do not sell, rent, or share your personal data with advertisers, data brokers, or marketing firms.

4.1 Financial Privacy (GLBA) Notice

When payment processing or banking features are enabled, certain information about you or your customers may constitute Non-Public Personal Information ("NPI") under the Gramm-Leach-Bliley Act, 15 U.S.C. §6801 et seq. ("GLBA"). Voldier is not itself a financial institution under GLBA; however, our payment-processing and bank-connectivity partners are. We process NPI only as a service provider to those partners and the merchant, subject to GLBA's Safeguards Rule and the partner's privacy notice.

We do not disclose NPI to any non-affiliated third party except to provide the Service, to comply with legal obligations, or with your express direction (for example, when you elect to submit a financing application through a referred partner).

4.2 Trust-On-Payment™ and Affiliate Referrals

Trust-On-Payment is a Miurata-operated B2B payment-reputation product computed from the Service's reconciliation data. It is not a consumer credit bureau, is not a Consumer Reporting Agency under the Fair Credit Reporting Act (15 U.S.C. §1681), does not produce consumer credit decisions, and is not used to make adverse-action decisions in the consumer-credit sense. Aggregated, B2B-only reputation signals may be displayed to counterparties at the merchant's direction or with the merchant's consent.

Third-party referrals. When the Service displays offers from independent third-party providers (lenders, BNPL networks, accounts-receivable financing partners, working-capital providers, card issuers, insurance partners, accounting platforms), submitting an application transmits your application data to that third party. From that point forward, the third party's privacy policy governs that data. Voldier may receive referral compensation as disclosed in our Terms of Service §14.5 (FTC 16 CFR Part 255).

You may opt out of referral surfaces in account settings or by contacting [email protected].

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. After account termination:

• Account and business data is retained for 30 days post-cancellation, then purged
• Financial transaction records may be retained for up to 7 years to comply with accounting and tax regulations
• Backup snapshots are purged within 90 days of deletion

6. Security

We implement industry-standard security measures including TLS 1.3 for data in transit, AES-256 encryption for sensitive data at rest, bcrypt password hashing, and regular security audits. However, no method of transmission over the internet or electronic storage is 100% secure.

7. Your Rights

All Users

• Access: Request a copy of the personal data we hold about you
• Correction: Correct inaccurate or incomplete data
• Deletion: Request deletion of your account and personal data (subject to legal retention requirements)
• Portability: Export your data in a machine-readable format (JSON)
• Opt-out of marketing: Unsubscribe from marketing emails at any time using the unsubscribe link

California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. This right is not applicable to Voldier's current practices.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond what is necessary to provide the Service

To exercise your rights, email [email protected] with the subject "Privacy Request — [Right you are exercising]". We will respond within 45 days.

You may also submit a data deletion request at: Account Settings → Delete Account

Canadian Residents (PIPEDA)

If you are located in Canada, we process your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access your personal information and challenge its accuracy. Our Privacy Officer can be reached at [email protected].

8. Cookies and Tracking

We use the following types of cookies:

• Essential cookies: Required for authentication and session management. Cannot be disabled.
• Analytics cookies: Used to understand how users interact with the Service (anonymized). You may opt out.

We do not use advertising or tracking cookies. We do not use third-party ad networks.

9. International Data Transfers

Voldier is operated by Miurata Solutions LLC (Florida, USA) on dedicated servers hosted by Hetzner Online GmbH in Germany and Finland (EU). If you access the Service from Canada or any other jurisdiction, your data may be transferred to and processed in the EU. We implement appropriate safeguards for cross-border data transfers, including EU Standard Contractual Clauses (SCCs). When Voldier uses AI models, processing occurs on Miurata-operated infrastructure — your data is never sent to third-party AI vendors (OpenAI, Google, Anthropic, etc.).

10. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us immediately at [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you via email at least 14 days before material changes take effect. The "last updated" date at the top of this page will reflect the most recent revision.

12. Contact and Data Requests

For any privacy questions, requests, or concerns: