Article 8 — Is my data secure with Alice?

Destination: MKT-EE Theme: Trust, security Footnote stack: Alice Card terms; Trademarks; Tax & legal advice Target keywords (SEO): is Alice Financial secure, Alice data security, Alice commuter benefits privacy, PCI compliance commuter benefits, Alice encryption Internal links to add: /privacy-compliance-soc2, https://thisisalice.com/privacy-policy/

Draft body

Is my data secure with Alice?

Yes. Alice uses bank-grade encryption in transit and at rest, operates under PCI DSS compliance for card data through our card issuer and processor, does not sell employee data, and does not share employee data with third-party marketers.

What data Alice collects

To process a pretax commuter benefit, Alice needs a small set of information: your name, your work email, your payroll deduction details, and the transactions you make on the Alice Card. We collect what is necessary to issue the card, run the pretax payroll reclassification, and answer your support questions.

How it is protected

  • In transit: TLS 1.2 or higher on every connection.
  • At rest: AES-256 encryption on stored data.
  • Card data: Handled under PCI DSS through Stripe (the card processor) and Celtic Bank (the card issuer). Alice does not store full card numbers on its own systems.
  • Access controls: Role-based access, single sign-on for internal staff, audit logging on production systems.

Who can see what

  • You: All of your own data, on demand, through the Alice app.
  • Your employer: Aggregate and individual participation and contribution data, the same kind they see in payroll. Employers do not see merchant-level transaction detail.
  • Alice support: Only the records needed to resolve a specific support ticket, behind access controls.
  • Third-party marketers: Never. Alice does not sell employee data and does not share it for marketing purposes.

Card data specifics

The Alice Card is a Visa commercial credit card issued by Celtic Bank, powered by Stripe, with program funds held at Fifth Third Bank, N.A. (Member FDIC). Those partners are bound by federal banking and card-network security standards in addition to Alice's own controls.

Compliance posture

> [To be filled by Alice content team: confirm current SOC 2 status. Per Avi: SOC 2 Type 1 is complete, Type 2 is not yet. See companion article on privacy, compliance, and SOC 2 status.]

How to delete your data

If you leave your employer or want a copy of your data, email support@thisisalice.com. The full policy is at thisisalice.com/privacy-policy.

--- Pretax Hero Visa Commercial Card is powered by Stripe and Alice Card is issued by Celtic Bank. Program funds held at Fifth Third Bank, N.A. (Member FDIC). Use of card and program is subject to the cardholder terms and related agreements presented at issuance.

Trademarks, brands, and product names referenced in this article are the property of their respective owners. References are for descriptive purposes only and do not imply endorsement. For definitive information about a third party's products or services, contact that party directly.

Alice does not provide tax, legal, or financial advice. Consult your own tax preparer, lawyer, or financial advisor for guidance specific to your situation.

Still need help? Contact Us Contact Us