Home

Privacy Policy

How we collect, use, and protect your information.

Privacy Policy

Last updated: May 1, 2026

This Privacy Policy describes how System4IPS (operated by DiBro Holdings Inc., "we," "us," or "our") collects, uses, and shares information when you use our billing portal at https://system4ips-billing.vercel.app (the "Service").

If you have questions about this policy or how we handle your information, contact us at privacy@system4ips.com.

1. Who We Are

System4IPS is a facility services management business operated by DiBro Holdings Inc. The Service is a billing portal that allows our customers to securely set up payment methods (bank account or credit card) for the services we provide.

2. Information We Collect

2.1 Information You Provide Directly

  • Business and contact information: Your business name, contact name, and email address
  • Payment authorization: Your selected payment method and consent to electronic payment processing

2.2 Information Collected Through Plaid (for ACH bank debit)

When you choose to pay by ACH bank debit, you connect your bank account through Plaid, Inc. ("Plaid"). Plaid provides us with:

  • Your bank account number and routing number
  • Your bank account type (checking or savings)
  • The name on your bank account (for identity verification)
  • A unique account identifier

Your bank login credentials are entered into Plaid's secure interface and are never seen by us.

2.3 Information Collected Through Stripe (for credit card)

When you choose to pay by credit card, you enter your card details into Stripe, Inc.'s secure payment form embedded in our Service. Stripe provides us with:

  • A token representing your saved card (we never see the full card number)
  • Your card brand, last four digits, and expiration month/year (for display purposes)
  • A customer identifier we use for future charges

2.4 Automatic Collection

  • Authorization audit data: When you sign an electronic ACH authorization, we record the IP address, browser user-agent, timestamp, and the exact terms you agreed to
  • Server logs: Our hosting provider (Vercel) records standard HTTP request logs for operational and security purposes

2.5 Information We Do NOT Collect

  • We do not use cookies for advertising, analytics, or cross-site tracking
  • We do not collect your bank login credentials (Plaid handles authentication directly with your bank)
  • We do not receive or store your full credit card number (Stripe handles card processing)
  • We do not collect biometric data or precise location data

3. How We Use Your Information

We use the information we collect to:

  • Set up and maintain your payment method on file
  • Process payments for invoices we issue you
  • Communicate with you about your account, payments, or service-related matters
  • Maintain audit and compliance records (Nacha authorization records, charge logs)
  • Detect and prevent fraud, security incidents, and unauthorized access
  • Comply with legal obligations (tax reporting, regulatory requirements)

We do not sell your personal information. We do not use your information for advertising or marketing by third parties.

4. How We Share Your Information

We share your information only in the following circumstances:

4.1 Sub-Processors

We use the following third-party services to operate the Service. Each receives only the information necessary to perform its specific function:

Sub-processor Function Data shared
Vercel, Inc. Application hosting All transit data
Supabase, Inc. Database hosting Encrypted records
Stripe, Inc. Card processing Card data, billing identity
Plaid, Inc. Bank account verification Bank login (you enter directly), routing/account, identity
Webster Bank ACH origination Bank routing/account, transaction details
Resend, Inc. Transactional email Email address, message contents

Each sub-processor is contractually bound to handle your information in accordance with applicable laws.

4.2 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or other legal process; to protect our legal rights or those of others; or in connection with the investigation of fraud or security incidents.

4.3 Business Transfers

If System4IPS is acquired by, merges with, or transfers assets to another entity, your information may be transferred as part of that transaction. You will be notified before your information becomes subject to a different privacy policy.

We do not sell your personal information to third parties under any circumstances.

5. Where Your Information Is Stored

Your information is stored on cloud infrastructure operated by:

  • Vercel (United States) — application hosting and edge network
  • Supabase (United States, region-specific) — database
  • Stripe (United States, with global processing infrastructure) — payment data
  • Plaid (United States) — bank verification

If you access the Service from outside the United States, your information will be transferred to and stored in the United States. By using the Service, you consent to this transfer.

6. How Long We Keep Your Information

We retain your information only as long as necessary to provide the Service and comply with our legal obligations. Specifically:

  • Encrypted bank account numbers: Deleted from our database as soon as your bank information is enrolled in our bank's payment system (typically within 7 business days of onboarding)
  • Stripe card data: Retained while you remain a customer; deleted upon request or when our relationship ends, plus a brief retention period for dispute resolution
  • ACH authorization records: Retained for at least 2 years after the date of authorization or 2 years after revocation, whichever is later (required by Nacha rules)
  • Audit logs: Retained for 2 years
  • Account contact information: Retained while you remain a customer plus 2 years for accounting and audit purposes

For full details, see our Data Retention Policy at https://system4ips-billing.vercel.app/data-retention.

7. Your Rights

Depending on where you live, you may have the following rights with respect to your personal information:

  • Access: Request a copy of the information we hold about you
  • Correction: Request that we correct inaccurate information
  • Deletion: Request that we delete your information (subject to legal retention requirements)
  • Portability: Request a machine-readable copy of your information
  • Objection: Object to certain uses of your information
  • Non-discrimination: We will not discriminate against you for exercising any of these rights

To exercise any of these rights, email us at privacy@system4ips.com. We will respond within 30 days (or 45 days if your request is complex). We may need to verify your identity before fulfilling your request.

7.1 Specific State Rights

If you reside in California (CCPA/CPRA), Connecticut (CTDPA), Virginia (VCDPA), Colorado (CPA), or another state with applicable privacy laws, you have the rights provided by your state's law. The rights listed above generally cover these state requirements.

We do not "sell" personal information as defined under California or other state law.

8. Security

We protect your information using industry-standard security practices, including:

  • TLS 1.2 or higher for all data in transit
  • AES-256-GCM encryption for sensitive data at rest
  • Strict access controls (least privilege, role-based access)
  • Encryption keys stored separately from encrypted data
  • Audit logging for all administrative access to sensitive data
  • Regular review of security practices and sub-processor compliance

For more detail, see our Information Security Policy at https://system4ips-billing.vercel.app/security-policy.

No system is 100% secure. If we discover a security incident affecting your information, we will notify you and applicable regulators in accordance with applicable law (typically within 30-72 hours of discovery).

9. Children's Privacy

The Service is not intended for use by anyone under 18. We do not knowingly collect personal information from minors. If we learn that we have collected information from a person under 18, we will delete it.

10. Do Not Track

We do not respond to browser "Do Not Track" signals because we do not engage in cross-site tracking of any kind. The Service does not use third-party advertising or analytics cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this policy reflects the most recent change. If we make material changes, we will notify you by email or through a prominent notice in the Service before the changes take effect.

12. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your information, contact us:

Email: privacy@system4ips.com Mail: DiBro Holdings Inc., Attn: Privacy Officer, [Mailing Address] Phone: [Phone Number]