Plaid Compliance & Policy Index

Purpose

This page consolidates the policies, security controls, and contact information that Joliez Agency publishes in support of its integration with Plaid Inc. (“Plaid”). It is provided as a single reference for Plaid’s production-access review, ongoing vendor due diligence, and any third-party audits performed by Plaid or its regulators.

All linked documents are publicly accessible, maintained under version control, and reviewed at least annually — or sooner when laws, contractual obligations, or business processes change.

Primary Privacy & Data-Handling Documentation

Document	URL & Scope
Privacy Notice	https://joliezagency.com/privacy.php Lawful basis and consent, the Plaid integration (encryption at rest, tokenization, phishing-resistant MFA gate before every Plaid Link launch), data retention schedule, secure deletion / crypto-erasure, and user deletion rights. Consent for collection, processing & storage: privacy.php#consent Financial Account Connections (Plaid): privacy.php#plaid Data Retention, Deletion & Disposal: privacy.php#retention
Terms of Service	https://joliezagency.com/terms.php Includes §7 Security and Technical Controls (TLS 1.2+, AES-256 at rest, RBAC, audit logging) and the banking / ACH authorization terms users accept before any Plaid Link launch.

Document

URL & Scope

Privacy Notice

https://joliezagency.com/privacy.php
Lawful basis and consent, the Plaid integration (encryption at rest, tokenization, phishing-resistant MFA gate before every Plaid Link launch), data retention schedule, secure deletion / crypto-erasure, and user deletion rights.

Consent for collection, processing & storage: privacy.php#consent
Financial Account Connections (Plaid): privacy.php#plaid
Data Retention, Deletion & Disposal: privacy.php#retention

Terms of Service

https://joliezagency.com/terms.php
Includes §7 Security and Technical Controls (TLS 1.2+, AES-256 at rest, RBAC, audit logging) and the banking / ACH authorization terms users accept before any Plaid Link launch.

Security Policies

Document	URL & Scope
Multi-Factor Authentication Policy	https://joliezagency.com/mfa_policy.php FIDO2 / WebAuthn-only standard. Every Plaid Link launch — first connection, reconnection, or update — is gated by a fresh WebAuthn ceremony bound to the user’s device (Face ID, Touch ID, Windows Hello, or a hardware security key). SMS codes and email links are not accepted as a second factor.
Access Control Policy	https://joliezagency.com/access_control_policy.php Role-based access control, principle of least privilege, joiner/mover/leaver process, quarterly access reviews, and privileged-action audit logging.
Vulnerability Management Policy	https://joliezagency.com/vulnerability_policy.php Scanning cadence, severity-based remediation SLAs, responsible-disclosure intake, and patching standard.

Cookies & Tracking

Cookie Policy

https://joliezagency.com/cookie_policy.php
Cookie categories, server-side audit logging of consent events, and the user-facing withdrawal mechanism.

Security & Privacy Contacts

General inquiries: contactus@joliezagency.com

Security disclosures / incident notifications: security@joliezagency.com

Privacy / data-subject requests: privacy@joliezagency.com

Governance

All policies referenced on this page are owned by the Chief Executive Officer, enforced by the Chief Technology Officer, and reviewed at least annually. Material changes (e.g. new processing purposes, new sub-processors, changes to the MFA standard) are published with an updated “Last updated” date and, where the change affects end-users, re-consent is captured at the next sign-in.

Document Status

This index page is intended for use by Plaid Inc. and other regulated financial-data partners. It is excluded from search-engine indexing (robots: noindex). The linked policies themselves are public.