Privacy Policy

Effective Date: April 10, 2026

ChiLock Investments LLC d/b/a ChiLock Services ("ChiLock," "we," "our," or "us") respects your privacy and is committed to protecting the personal and financial information you share with us through our website, customer portal, ERPNext-based application, and related services.

This Privacy Policy explains what information we collect, how we use it, how we protect it, and when we may share it. It also describes how we use Plaid Inc. ("Plaid") and Stripe, Inc. ("Stripe") in connection with payment processing, account verification, and bank-linked payment workflows.

1. Scope

This Privacy Policy applies to information collected through:

• our website and customer portal;
• our ERPNext-based application and related login pages;
• communications with clients, subcontractors, and vendors;
• bank-linked payment, payment processing, and account verification workflows, including Plaid Link and Stripe.

2. Information We Collect

Depending on how you interact with us, we may collect the following categories of information:

2.1 Business and Contact Information

• Name
• Business name
• Email address
• Phone number
• Billing address or service address
• Contract, invoice, or purchase order information

2.2 Payment and Financial Information

• Bank account and routing information
• Payment instructions
• Invoice and remittance details
• Transaction status and payment history
• Payment processor transaction data (e.g., Stripe transaction IDs, payment status)

2.3 Information Collected Through Plaid

If you choose to connect a bank account through Plaid, we may receive certain financial information from Plaid, such as:

• account and routing information;
• account ownership or identity-related information;
• account balance information, where applicable;
• transaction or account verification information needed to support ACH payments or account authentication.

We collect and use this information only as necessary to support authorized payment, account verification, fraud prevention, and related business operations.

2.4 Information Collected Through Stripe

We use Stripe, Inc. ("Stripe") as our payment processor for invoice payments, including ACH Direct Debit and card payments. When you make a payment through our portal, certain information is transmitted to and processed by Stripe, including:

• tokenized bank account and routing information (for ACH Direct Debit payments);
• account ownership and identity-related information, where applicable;
• account balance information used to verify funds availability, where applicable;
• payment method details, transaction amounts, and payment status;
• Stripe transaction IDs and related payment records.

Where you connect a bank account through Stripe Financial Connections, Stripe collects and processes bank account data on our behalf to facilitate instant account verification and ACH payment authorization. ChiLock does not store full bank account numbers or card numbers. All payment data is processed and secured by Stripe in accordance with its security and compliance standards, including PCI DSS where applicable.

We store this data only in the United States. We do not share Stripe-collected financial data with third parties except as described in Section 6 of this Policy.

2.5 Technical and Usage Information

• IP address
• Browser type and device information
• Login activity and security logs
• Application usage information

3. How We Use Information

We may use the information we collect to:

• provide, operate, and improve our services;
• create and manage customer, subcontractor, or vendor accounts;
• process invoices, payments, remittances, and account verification requests, including through Stripe and Plaid;
• facilitate ACH payments and bank-linked transactions;
• verify account ownership and reduce fraud risk;
• communicate with you regarding services, invoices, support, or account activity;
• maintain security, detect unauthorized activity, and protect our systems and users;
• comply with legal, regulatory, contractual, and recordkeeping requirements.

4. How We Use Plaid

We use Plaid to help authenticate bank accounts, support bank-linked payment workflows, and reduce fraud risk. By using Plaid Link, you authorize Plaid to retrieve financial information from your financial institution on our behalf, as permitted by you and by Plaid's services.

Your use of Plaid is also subject to Plaid's own privacy policy. You can review it at: https://plaid.com/legal/

5. How We Use Stripe

We use Stripe to process invoice payments from clients, including ACH Direct Debit bank payments and card payments made through our customer portal. Stripe Financial Connections may be used to facilitate instant bank account verification as part of the ACH payment authorization process.

By completing a payment or connecting a bank account through our portal, you authorize ChiLock and Stripe to process the relevant payment and account information as described in this Policy. Your use of Stripe's services is also subject to Stripe's own Privacy Policy. You can review it at: https://stripe.com/privacy

For information specific to Stripe Financial Connections, please review: https://stripe.com/legal/financial-connections-account-data

6. How We Share Information

We do not sell personal information. We may share information only as needed with:

• service providers and software platforms that support our operations, such as hosting, email, ERP, and payment providers;
• Plaid, Stripe, financial institutions, payment processors, and related partners to support authorized account verification and payment activity;
• professional advisors, auditors, insurers, or legal counsel where reasonably necessary;
• government authorities, law enforcement, regulators, or courts when required by law or legal process;
• a successor entity in connection with a merger, acquisition, restructuring, or sale of assets, subject to applicable confidentiality protections.

7. Data Security

We use administrative, technical, and organizational safeguards designed to protect personal and financial information against unauthorized access, loss, misuse, or alteration. These safeguards include role-based access controls, multi-factor authentication on critical systems, payment verification procedures, and incident response controls.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Data Retention

We retain personal and financial information for as long as reasonably necessary to provide services, complete transactions, maintain business and legal records, resolve disputes, enforce our agreements, and comply with applicable law and contractual obligations.

9. Your Choices and Rights

Depending on your relationship with us and applicable law, you may request access to, correction of, or deletion of certain personal information we maintain about you, subject to legal, contractual, security, and recordkeeping limitations.

To make a privacy-related request, contact us using the information below.

10. Third-Party Services and Links

Our application or website may include links to third-party sites or services. We are not responsible for the privacy, security, or content practices of third parties, except as required by applicable law.

11. Children's Privacy

Our services are intended for business and commercial use and are not directed to children under 13. We do not knowingly collect personal information from children.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. Your continued use of our website, application, or services after an updated policy is posted constitutes acceptance of the revised policy to the extent permitted by law.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact:

ChiLock Investments LLC d/b/a ChiLock Services
5900 Balcones Drive, Suite 26653
Austin, TX 78731
Email: compliance@chilockinvestments.com
Website: https://chilockinvestments.com