SFSimpli-FI Pay

Simpli-FI Pay Pilot Privacy Notice

Readiness date: 2026-06-23.

This pilot/readiness notice is for counsel, store-review preparation, and the public privacy-policy page. Final production language still requires counsel approval before public store submission or live money movement.

Product scope

Simpli-FI Pay is being prepared as a controlled pilot for verified payment requests. The intended production flow is: a payer scans or opens a verified payment request, links a bank account through Plaid, chooses an eligible checking or savings account, and authorizes an approved one-time payment or approved recurring schedule to a verified payee.

Current public readiness status: live ACH and recurring money movement remain disabled until provider approval, legal review, production authentication, durable encrypted storage, support operations, and client payee readiness are complete.

Information handled

The app and API may handle:

The app must not store raw account numbers, routing numbers, Plaid secrets, Plaid access tokens, or production credentials in source code or public files.

Camera use

The camera is used only to scan payment request QR codes. Camera frames are not stored by default.

Plaid

Bank-linking is intended to be provided through Plaid in approved sandbox, development, or production environments. Plaid may collect and process information according to Plaid's own privacy practices and account-linking disclosures shown during the Plaid Link flow.

Sharing

Payment data may be shared only as needed to provide the service:

Retention

ACH authorization, recurrence, receipt, audit, return, and support records should be retained for the period required by applicable law, NACHA rules, banking partners, tax/accounting needs, and dispute-resolution obligations. Exact retention periods require counsel and partner review before production launch.

User controls

Users should be able to:

Production launch gates

Before this policy is published for store submission, complete legal review, confirm final data flows, confirm third-party processors, add entity contact information, add region-specific privacy rights, and deploy the policy at the URL configured in the mobile app.