Privacy Statement
These terms are inapplicable to customers who signed contracts starting on or after March 1, 2024 and that incorporate by reference the terms at https://www.nmi.com/legal/
Last updated: 9/16/2021
IRIS is committed to protecting the privacy of its users. This privacy statement represents the policies of IRIS (Integrated Reporting is Simple, LLC, a Nevada limited liability company with an office at 1785 East Sahara Ave Suite 490-830 Las Vegas, NV 89104 (“IRIS”) with respect to information that it collects to provide a suite of services (the “Services”) to help independent sales organizations (each an “ISO”) collect, store and organize information, contracts and other business information (collectively, “User Data”). The Services are provided pursuant to terms of use that each ISO and each of its users (each a “User”) are required to accept before using the Services (the “Terms of Use”). Access to the Services is subject to the Terms of Use.
1. Sites
This statement applies to User Data collected through www.iriscrm.com (collectively with other IRIS sites, the “Site”).
2. User Data Collected and Stored
The information that IRIS collects concerning each User is called User Data. In general terms, IRIS will collect most of the information relevant to the operation of your independent sales organization (“ISO”) business, such as your: name, address, company name, credit card information, bank account information, dbas, logos, email addresses, telephone numbers, recordings of telephone calls, User IP addresses, processors, processor pricing, processor platform passwords, and other credentials, processor ISO portfolio reporting, agent names, agent addresses, agent telephone numbers, agent email addresses, agent pricing, agent IRIS preferences, merchant application forms, merchant pricing, merchant names, merchant addresses, merchant phone numbers, merchant email addresses, merchant telephone numbers, merchant reporting preferences, User patterns of activity and such other information that Users may elect to input into IRIS.
User Data, excluding Google & Microsoft User Data which is covered separately through our Google & Microsoft user Data Policy in Section 3, is collected and stored for at least the term of the User’s use of the Services. IRIS reserves the right to delete all User Data within thirty (30) days of the termination of the User’s Terms of Use.
3. Use of User Data
IRIS will use User Data in order to provide its Services. Such uses include, but are not limited to archiving merchant portfolio data and using such archives to generate reports requested by Users. Taking User Data and User instructions to forward User Data to third parties, such as processors, merchants or other Users. User Data will be available for online access only and will be accessible by any User that has been granted permission to access the User Data, as per the Terms of Use.
User instructions to IRIS will be generally followed, which instructions may include explicit or implicit consent to distribute User Data to third parties.
Excluding, Google & Microsoft User Data, IRIS may use aggregated and anonymized User Data to compile statistics and may distribute those anonymized statistics to third parties. IRIS may also use User Data to offer Users additional features within the Services or services of third parties that IRIS believes are compatible User interests.
IRIS will use User payment account information to either take payment of its fees or relay such information to processors or other third parties as per User instructions.
IRIS will not use User Data other than as per the Terms of Use.
Google & Microsoft User Data Policy
IRIS uses Client data which originates or is derived from a User’s Google or Microsoft account, solely for the purpose of providing and improving the User’s expected experience of using an email and calendar system through IRIS’ CRM services. CRM services are integrated independently with these providers in order to sync User data between the CRM and a User’s Google or Microsoft’s authenticated User accounts which Users permit IRIS to access through an email or calendar sync with their Google and Microsoft services. The Client data which is collected from these services is solely used for the purpose of delivering our Clients a superior and productive CRM experience and is not used for any other purpose. A User or Client is able to revoke the syncing of services between the CRM and Google and Microsoft at any time without prior notice to IRIS through User Account settings within the CRM.
IRIS only transfers Client data to other services if it is necessary to provide access to IRIS for email features that are prominent for general CRM usage by Users. IRIS may also transfer data as necessary to comply with applicable law or as part of a merger, acquisition, or sale of assets with notice to users. All other transfers or sales of Client data are prohibited within IRIS. IRIS does not use or transfer Client data for serving ads, including retargeting, personalized, or interest-based advertising; and IRIS services do not allow humans to read the data received from Google and Outlook unless IRIS has first obtained the Client’s affirmative agreement for specific message types.
IRIS does not permit emails or calendar events to be accessed by humans. Accessing emails by a human is necessary for investigating a bug, monitoring abuse through the CRM to send emails or security purposes. IRIS complies with applicable laws. IRIS’s use of Google and Microsoft data is limited to internal operations and the data (including derivations) have not been aggregated and have not been anonymized. These internal prohibitions of IRIS apply to the raw data obtained from data aggregated, anonymized, or derived from Google and Outlook. IRIS ensures that employees, agents, contractors, and successors comply with the IRIS’ Google & Microsoft User Data Policy.
Google API Disclosure
IRIS CRM’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
4. Cookies
IRIS uses cookies to personalize the Site for Users and to collect aggregate information about Site usage. The aggregated information is used to understand and analyze Users’ responses, needs, and preferences and to develop, improve, market and/or offer products and services to meet Users’ needs and preferences. A cookie is a text file that our Site transfers to User’s computer’s hard drive for record-keeping purposes and to enhance the quality of your visit to our Site. The cookie assigns a random, unique number to the User’s computer. IRIS cookie may record “clickstream” information (data reporting the URLs or names of the pages on this Site that User has visited). IRIS may use cookies that stay on User’s device after User leaves this Site so that it can recognize User when they return. IRIS also uses cookies that are deleted when User leaves the Site. User can set your browser to refuse cookies, but doing so will limit system performance and may even cause certain features of the Site to malfunction or not work.
5. Solicitation for Additional Services
IRIS reserves the right to use User Data, which excludes Google & Microsoft User Data, to solicit Users with additional services or to allow third parties to use such User Data to do the same, provide that IRIS will not share pricing or ISOs merchant portfolio information with third parties.
6. Public Content / Blogs
IRIS may publish notices, blogs, forums or chats that allow Users to post questions or communicate with each other through the Service. Any information a Users submit in such a forum may be read, collected, or used by others who visit these forums and may be used to send you unsolicited messages. IRIS is not responsible for the personal information a User chooses to post in such forums.
7. Compelled Disclosure
IRIS reserves the right to use or disclose User Data if required by law or if IRIS reasonably believes that use or disclosure is necessary to protect the IRIS’ rights and/or to comply with a judicial proceeding, court order, or legal process.
8. Communication Preferences
IRIS may communicate with Users, their processors and merchants through your account on the Site, email, telephone, SMS, FTP or other means that may be available from time to time. Users are able to set communication preferences in the Services, and IRIS will honor such preferences pursuant and subject to the Terms of Use.
9. Correcting Information
Users can update their User Data at any time through their account on the Site. Users can also discontinue use of the Services by terminating their Terms of Use as per such terms.
10. Security
IRIS has security measures in place in its physical facilities and in its computer systems, databases, and communications networks located in the United States that are designed to reasonably protect information contained within our facilities or systems from loss, misuse or alteration appropriate to the sensitivity of the information. Transmission of information to and from this Site is not secured by encryption except as otherwise required by law or payment card industry data security standards applicable to the storage, processing, and transmission of credit card data. By providing your information to IRIS, User expressly agrees to the above-described cross border transmission of information and manner of transmission. User email transmissions and/or other communications containing information may be unlawfully intercepted or accessed by third parties and/or the Site and the Services may be subject to hostile network attacks or administrative errors. IRIS cannot and does not guarantee the security of any information transmitted over the internet. Once IRIS receives User Data, it takes steps that IRIS believes are commercially reasonable to limit access to User Data to only those employees, business partners and service providers whom IRIS determines need access to the information to provide the requested services, products, offers or opportunities that may be of interest to Users. However, even after IRIS receives User Data, it cannot guarantee that it will not be accessed, disclosed, altered, or destroyed as a result of a breach of our commercially reasonable efforts or as a result of any other event beyond IRIS’ reasonable control. FOR THE AVOIDANCE OF DOUBT, IRIS EXPRESSLY DISCLAIMS ANY REPRESENTATION OR WARRANTY, WHETHER EXPRESS OR IMPLIED, WITH RESPECT TO ENSURING, GUARANTEEING OR OTHERWISE OFFERING ANY DEFINITIVE PROMISE OF SECURITY IN CONNECTION WITH USER DATA, INCLUDING PERSONAL INFORMATION OR USAGE INFORMATION, THROUGH THE SITE. ADDITIONAL INFORMATION: VULNERABILITY DISCLOSURE PROGRAM.
11. Contacting Us
If you have any questions regarding this privacy policy, or if you would like additional information, please contact us at support@iriscrm.com.