Privacy Policy

Effective date: March 16, 2026

Who We Are

CheckDeposit.io ("we," "us," "our") is operated by Shoeboxed, Inc., a corporation organized under the laws of North Carolina, with its principal office in Durham, NC. This Privacy Policy describes how we collect, use, disclose, and protect information when you use the CheckDeposit.io website and services (the "Service").

Information We Collect

Information You Provide

When you use CheckDeposit.io, you may provide us with:

  • Deposit slip information: Account holder name, company name, mailing address, bank routing number, bank account number, account type, deposit date, and check details (payee names and amounts).
  • Contact information: First name, last name, email address, and phone number.
  • Account credentials: If you create an optional account, your email address and a password (which is cryptographically hashed and never stored in plain text).

Information Collected Automatically

When you visit CheckDeposit.io, our servers automatically collect:

  • Log data: IP address, browser type and version, operating system, referring URL, pages viewed, date and time of access.
  • Cookies: Session cookies necessary to maintain your logged-in state. We do not use third-party advertising or tracking cookies.

How We Use Your Information

We use the information we collect to:

  • Generate and store your deposit slips so you can print, reprint, or reuse them.
  • Generate printable mailing envelopes addressed to your bank.
  • Send you a link to access your deposit slip (if you provide an email address).
  • Maintain and improve the Service.
  • Respond to support requests.
  • Detect and prevent fraud or abuse of the Service.

We do not sell, rent, or share your personal or banking information with third parties for their marketing purposes.

Banking Information

We understand that banking information is sensitive. Here is how we handle it:

  • Account numbers are encrypted at rest using industry-standard encryption (AES-256-GCM) and are never stored in plain text in our database.
  • Routing numbers are not considered confidential (they are published by the Federal Reserve) and are stored in plain text to enable our routing number lookup features.
  • We do not initiate transactions, access your bank account, or connect to your bank in any way. We generate a printable document only.
  • We are not a bank, financial institution, or money services business. We are a document formatting tool.

Data Retention

Deposit slip data is retained indefinitely so that you can reprint or reuse past deposit slips. If you request deletion of your account, we will delete all associated deposit slips, checks, and personal information within 30 days. Anonymized, aggregated data (e.g., total deposits per bank) may be retained for analytics purposes.

Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information:

  • All data transmitted between your browser and our servers is encrypted via HTTPS/TLS.
  • Account numbers are encrypted at rest using AES-256-GCM.
  • Passwords are hashed using bcrypt and never stored in plain text.
  • Our application is hosted on Heroku, which maintains SOC 2 compliance and physical security controls.
  • Access to production data is restricted to authorized personnel.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You use the Service at your own risk.

Cookies

CheckDeposit.io uses only essential cookies required for the Service to function:

  • Session cookie: Maintains your login session if you create an account. Expires when you close your browser or after a period of inactivity.
  • CSRF token: A security cookie that prevents cross-site request forgery attacks.

We do not use analytics cookies, advertising cookies, or third-party tracking pixels. We do not participate in ad networks or cross-site tracking.

Third-Party Services

We use the following third-party services to operate CheckDeposit.io:

  • Heroku (Salesforce) — Application hosting and database hosting.
  • Cloudflare — DNS and DDoS protection (if applicable).

These service providers may process your data as part of providing their services to us. They are bound by their own privacy policies and data processing agreements.

Children's Privacy

CheckDeposit.io is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at teller@checkdeposit.io.

Your Rights

All Users

Regardless of where you live, you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate personal information.
  • Delete your account and all associated data.
  • Export your deposit slip data in a portable format.

To exercise any of these rights, email us at teller@checkdeposit.io. We will respond within 30 days.

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose.
  • The right to request deletion of your personal information.
  • The right to opt out of the sale of your personal information. We do not sell your personal information.
  • The right to non-discrimination for exercising your privacy rights.

European Residents (GDPR)

If you are located in the European Economic Area, our legal basis for collecting and using your information is:

  • Contract performance: Processing necessary to provide the Service you requested (generating deposit slips).
  • Legitimate interest: Processing necessary for our legitimate business interests (security, fraud prevention, service improvement), balanced against your rights.
  • Consent: Where required by law, we obtain your consent before processing.

You have additional rights under the GDPR, including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority.

Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, or as otherwise required by applicable law. We will also notify relevant regulatory authorities as required.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page with a new effective date. Your continued use of CheckDeposit.io after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Shoeboxed, Inc.
Attn: Privacy
Email: teller@checkdeposit.io