Privacy Policy
Effective date: July 12, 2026 · Last updated: July 12, 2026
NoAppPay ("we," "us," "our") operates a pay-by-bank invoicing service that allows small businesses to request one-time ACH debit payments from their customers ("Payers") without requiring those Payers to create an account or download an app. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights.
1. Information we collect
From Recipients (businesses issuing invoices): business name, email address, optional phone number, the invoices they create (amount, memo, payer phone, payer email), and basic usage metadata (timestamps, IP address, browser type).
From Payers (customers being invoiced): payer phone number and/or email (entered by the Recipient), payer name (optional, entered by the Payer during checkout), and the bank-account information described in Section 2 below.
We do not knowingly collect information from anyone under 18.
2. How we use Plaid to access bank data
We use Plaid Inc. ("Plaid") to securely connect to your bank or financial institution and to retrieve the routing and account numbers necessary to initiate a single one-time ACH debit for the invoice you are paying. By clicking "Connect Bank & Authorize," you grant NoAppPay and Plaid permission to:
- Access information about the financial account(s) you select, limited to: institution name, account type, account mask (last 4 digits), and ACH routing & account numbers.
- Use that information solely to initiate the single ACH debit for the invoice you are paying.
Plaid's use of your information is governed by Plaid's End User Privacy Policy, available at https://plaid.com/legal/#end-user-privacy-policy. We encourage you to read it.
What we store, and what we do not. NoAppPay does not store your raw bank routing number, raw bank account number, or your online-banking credentials. We store only: (a) an opaque tokenized reference issued by Plaid, (b) the institution name, and (c) the last four digits of the account, solely so we can display the transaction to you and the Recipient.
3. How we use information
- To create, deliver, and settle invoices between Recipients and Payers.
- To send transactional SMS and/or email — the payment request, settlement receipt, and security notices. We do not send marketing messages without separate opt-in.
- To detect fraud and prevent abuse (e.g., rate-limiting, anomaly detection).
- To comply with our legal and regulatory obligations.
- To improve and maintain the service.
5. Data retention
Invoice records (amount, status, last-4 of bank account, ACH reference, timestamps) are retained for at least seven (7) years to satisfy NACHA, accounting, and tax record-keeping obligations. Plaid access tokens are retained only as long as needed to settle the specific invoice and may be revoked at any time on request.
6. Security
All data is transmitted over TLS 1.2 or higher. Tokens generated by NoAppPay (including payment links sent by SMS or email) are signed with HMAC-SHA256 and expire automatically. Access to production systems is restricted, logged, and reviewed.
7. Your rights
Depending on where you live, you may have the right to:
- Request a copy of the personal information we hold about you.
- Request correction or deletion of your personal information, subject to legal record-keeping requirements (Section 5).
- Object to or restrict certain processing.
- Opt out of the "sale" or "sharing" of personal information (we do not engage in either).
To exercise any of these rights, email privacy@noapppay.com. We will respond within 30 days.
8. Cookies
We use a minimal set of strictly necessary cookies and local-storage entries to keep you signed in and to remember your session. We do not use advertising cookies or third-party tracking cookies.
9. International users
NoAppPay is operated from the United States and is intended for users in the United States. ACH transfers are governed by NACHA Operating Rules. If you access the service from outside the U.S., you do so on your own initiative and are responsible for compliance with local laws.
10. Changes to this policy
We will post any changes on this page and update the "Last updated" date above. Material changes will be communicated via email to active Recipients at least 30 days before they take effect.
11. Contact us
Questions? Email privacy@noapppay.com or write to Pro Bono Legal, LLC · 1625 Centerville Rd, Tallahassee, FL 32308.