Privacy Policy
Check Command is provided by Lexaro, Inc. ("Lexaro", "we", "us", "our"). This policy explains how we collect, use, and share information when you use our websites and services.
Contents
1. Scope
This policy applies to our websites (including checkcommand.io) and the CheckCommand application and related services (collectively, the "Service"). If you access third-party services through our integrations, their policies apply to their handling of your data.
2. Information We Collect
- Account & Firm Info: names, firm name, emails, roles, billing and subscription details.
- Operational/Client Data: information uploaded or entered to process payouts and approvals (e.g., payee name, check details, amounts, documents, approval routes).
- Usage & Device Data: IP address, device/browser info, log events, pages or features used, timestamps.
- Communications: messages you send us (support, feedback) and related metadata.
- Payment Data: processed via payment providers (e.g., Stripe). We do not store complete card numbers.
3. How We Use Information
- Provide, maintain, and secure the Service, including identity and access management.
- Process settlement payouts, check writing, routing, and audit trails.
- Detect, prevent, and investigate fraud, abuse, or security incidents.
- Improve features, usability, and performance; develop new capabilities.
- Billing, account management, and communicating product updates or service notices.
- Comply with applicable law and enforce our EULA.
4. Legal Bases (GDPR)
Where the GDPR applies, we process personal data based on:
- Contractual necessity (to provide the Service to you/your firm).
- Legitimate interests (e.g., to secure and improve the Service, prevent abuse).
- Legal obligations (e.g., accounting, compliance, responding to lawful requests).
- Consent where required (e.g., certain marketing or optional cookies).
7. Security
We implement administrative, technical, and physical safeguards designed to protect information, including encryption in transit, access controls, and auditing. No method is 100% secure; we maintain a security program aimed at industry best practices appropriate to the nature of the data we process.
8. Data Retention
We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Upon contract end or request (subject to legal limits), we will delete or de-identify data within a reasonable period and may maintain backups for a limited time.
9. International Transfers
We may process and store information in the United States and other countries. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for cross-border data transfers.
10. Your Rights
Depending on your location, you may have rights to access, correct, delete, or port your personal information, or to object to or restrict certain processing. You can exercise these rights by contacting us at privacy@checkcommand.io. We will verify requests as required by law. If your data is controlled by your firm, we may refer your request to them.
California: We disclose categories of information as described above; we do not sell personal information as defined by the CCPA/CPRA.
You may opt out of marketing emails using the unsubscribe link; we may still send transactional or service messages.
11. Children's Privacy
The Service is not directed to children under 18, and we do not knowingly collect personal information from them.
12. Changes to this Policy
We may update this policy from time to time. We will post the updated version with a new "Last updated" date and, for material changes, provide additional notice where appropriate.
13. Contact
For questions or requests, contact:
Lexaro, Inc.
Privacy Team — privacy@checkcommand.io