Privacy Policy

Effective date: July 11, 2026  ·  All Access IDM, LLC  ·  hello@allaccessidm.com

Plain-language summary: We collect only what we need to run the service. We do not sell your data. The data you import into All Access IDM belongs to you.

1. Who We Are

All Access IDM, LLC ("All Access IDM," "we," "us") provides identity governance and access review software to community and regional financial institutions. This Privacy Policy describes how we collect, use, and protect information when you use our website (aaidm.com) and the All Access IDM platform.

2. Information We Collect

2.1 Information You Provide

  • Account registration: Name, work email address, mobile number, and institution name when you sign up.
  • Billing information: Bank account details collected through Stripe for ACH payment. We do not store your bank account number — it is held by Stripe under their own privacy and security controls.
  • Contact and support: Any information you provide when contacting us by email or through our contact forms.

2.2 Information From Your Institution

When you use the platform, you import user account data from your institution's systems (core banking, Active Directory, ancillary applications) into All Access IDM for the purpose of access review reporting. This data is processed solely to provide the service to you and is never used for any other purpose.

When you use the optional AI-assisted import mapping feature, the column header names from your CSV file (field names only — not data values) are transmitted to Anthropic, PBC to identify the appropriate field mapping. No employee names, account identifiers, or other data values are included in this transmission. Use of this feature is voluntary; you may configure import mappings manually without it.

2.3 Institution Verification Data

During signup, we retrieve your institution's publicly available asset size and registration data from the FDIC or NCUA to determine your subscription tier. We do not store this beyond what is necessary to maintain your account record.

2.4 Usage Data

We log standard server access logs (IP address, page accessed, timestamp) for security monitoring and troubleshooting. We do not use third-party analytics services.

3. How We Use Information

  • To create and manage your account
  • To process subscription payments via ACH
  • To provide and improve the All Access IDM platform
  • To send transactional emails (account setup, invoices, renewal notices)
  • To respond to support requests
  • To comply with legal obligations

We do not use your data or your institution's data for advertising, marketing profiling, or sale to third parties.

4. Data Sharing

We do not sell, rent, or share your information with third parties except as follows:

  • Stripe: Payment processing and ACH authorization. Stripe's privacy policy governs their handling of payment data.
  • Amazon Web Services: Cloud infrastructure (compute, database, storage) used to operate the platform. Data is hosted in the United States. AWS acts as a data processor under our AWS Customer Agreement.
  • Anthropic, PBC: When you use the optional AI-assisted import mapping feature, CSV column header names (not data values) are transmitted to Anthropic's API to identify field mappings. Anthropic does not use API-submitted data to train its models. This sub-processor is only engaged when you actively use the Analyze feature.
  • Legal requirements: If required by law, regulation, or valid legal process.

5. Data Security

We implement security controls appropriate for financial services software, including encrypted connections (TLS), access controls, and audit logging. Specific security documentation is available upon request for exam or due diligence purposes.

No system is perfectly secure. We will notify affected customers without undue delay in the event of a data breach that may affect their information.

6. Data Retention

We retain account data for the duration of your subscription and for 90 days after termination, during which you may request a data export. After 90 days, your data is permanently deleted from our systems.

Server logs are retained for up to 90 days for security purposes.

7. Your Rights

You may request access to, correction of, or deletion of your account data at any time by contacting hello@allaccessidm.com. Deletion requests will be honored within 30 days, subject to any legal retention obligations.

8. Cookies

The All Access IDM platform uses a session cookie to maintain your logged-in state. We do not use tracking cookies, advertising cookies, or third-party analytics cookies on this website.

9. Children's Privacy

All Access IDM is a business-to-business service intended for use by financial institutions and their employees. We do not knowingly collect information from individuals under 18 years of age.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify customers by email before material changes take effect. The current version is always available at aaidm.com/privacy.

11. Contact

Privacy questions or requests: hello@allaccessidm.com
All Access IDM, LLC  ·  Texas, USA