Legal

Messaging, Voice & Video Policy

Operating rules for ITAM Magic Messaging and counterparty voice and video — including the default-visibility rule, the server-side and end-to-end encrypted confidential modes, retention, lawful access, and acceptable-use enforcement.

Last updated: May 5, 2026
This document is provided in English. Translations of other parts of the site are for convenience only; the English version governs.

1. Scope

This Messaging, Voice & Video Policy ("Policy") sets out the operating rules for the messaging, voice, video, file-transfer, and structured-artifact features of the ITAM application (collectively, "Communications Features"), including the feature marketed as PayServices Magic Messaging. It supplements Section 13 (Counterparty messaging, voice, and video) of the Terms of Service and is incorporated by reference into them.

In case of inconsistency between this Policy and the Terms of Service, the Terms of Service govern as to any matter expressly addressed in them, and this Policy governs as to operational and procedural matters.

2. Definitions

Capitalized terms not defined here have the meaning given in the Terms of Service.

  • "Communication" means any text message, voice call, video call, file, image, structured artifact (such as a quote, invoice, contract, payment request, or barter offer), or other content exchanged between Members through a Communications Feature.
  • "Content" means the substantive payload of a Communication: the body of a message, the audio of a call, the video stream, the bytes of a file, or the fields of a structured artifact.
  • "Metadata" means information about a Communication that is not its Content, including the identity of the parties, the time and duration of the Communication, its size, the type of Feature used, the device used to initiate it, and routing information.
  • "Confidential Mode" means a Communications Feature setting that, when elected at the time the Communication is placed, reduces or suppresses the Bank's routine access to Content as described in Section 6. Confidential Mode is server-side: the Bank holds the necessary cryptographic material and is technically capable of accessing Content, but does not do so in the absence of a basis described in Section 6.
  • "E2E Confidential Mode" means a Communications Feature setting in which the Communication is end-to-end encrypted between the parties' devices, the Bank does not hold and does not have access to the cryptographic key material required to decrypt the Content, and the Bank is therefore technically unable to read the Content of the Communication. Where E2E Confidential Mode is in effect, the application discloses that fact to both parties before the Communication is placed.

3. Eligibility and Member-to-Member rule

The Communications Features are available only between verified Members of the PayServices Network. Both sides of any Communication are identified by their Digital Passport credential. The Bank does not interconnect the Communications Features with the public switched telephone network, with SMS, or with third-party messaging platforms. A Communication addressed to or from a person who is not a Member will not be delivered.

4. Not a substitute for emergency services

The Communications Features are not a substitute for emergency services. They may not be used to place emergency calls (including 911 in the United States, 112 in the European Union, or any equivalent service in any jurisdiction). The application does not transmit your location to any emergency-services provider and the Bank cannot guarantee that a call placed through the Features will reach any responder. If you have an emergency, use a regulated telephony service.

5. Default visibility — Bank access to Content

The default rule. Communications conducted through the Communications Features — including the Content of text messages, voice calls, video calls, files, and structured artifacts — are visible to the Bank by default. The Bank may access, monitor, store, and review the Content and the Metadata of these Communications.

Permitted purposes. The Bank's access to Content and Metadata is for one or more of the following purposes:

  • Operating the PayServices Network and the Communications Features themselves;
  • Complying with applicable law, including AML/CFT, sanctions, anti-fraud, anti-corruption, anti-bribery, and consumer-protection obligations, and the production of records to competent authorities;
  • Detecting, preventing, and investigating fraud, abuse, and violations of the Terms of Service, this Policy, or applicable law;
  • Producing the books and records the Bank is required to maintain as a regulated financial institution;
  • Resolving disputes between Members, including disputes over the existence, terms, or performance of a transaction described in a Communication;
  • Improving the security, reliability, and quality of the Services, in accordance with the Privacy Notice.

Capacity in which the Bank acts. The Bank's access to Communications under this section is in its capacity as the operator of the Network and not as a party to the underlying Communication. The Bank does not become a party to a contract by virtue of having visibility into a Communication that proposes or memorializes that contract.

6. Confidential mode and E2E confidential mode

Three modes. The Communications Features support three modes of operation, each with a different relationship between the Bank and the Content of a Communication:

  • Default mode — the Bank can read Content, on the terms of Section 5. This is the default unless the parties elect otherwise.
  • Confidential Mode (server-side) — the Bank is technically capable of reading Content but, by policy, does not do so in the absence of a basis described in this section.
  • E2E Confidential Mode (end-to-end encrypted) — the Bank is technically unable to read Content, because the Content is end-to-end encrypted between the parties' devices and the Bank does not hold the decryption key.

In-app disclosure. Before any Communication is placed, the application discloses to both parties which of the three modes applies to that Communication. If a Communication is in E2E Confidential Mode, the application says so clearly. If a Communication leaves E2E Confidential Mode for any reason during a session, the application says so before any further Content is exchanged. A party who is not satisfied with the mode disclosed may decline to place or continue the Communication.

Election. Where the application offers Confidential Mode or E2E Confidential Mode for a particular message, call, file, or session, you and your counterparty may elect that mode at the time the Communication is placed. Election is made through the in-app interface and is recorded.

6.1 Confidential Mode (server-side)

Effect on Content. When Confidential Mode is elected for a particular Communication, the Bank's routine access to the Content of that specific Communication is reduced or suppressed in the manner described in-app at the time of the election. The Bank remains technically capable of accessing the Content; the commitment is one of policy, not of cryptographic impossibility.

What Confidential Mode does not change. Even when Confidential Mode is elected:

  • The Bank retains access to the Metadata of the Communication, including the identity of the parties, the time, the duration, the size, and the type of Feature used. The fact that the Communication occurred is not concealed from the Bank;
  • Records the Bank is required by law or by its recordkeeping policy to maintain or produce will be maintained or produced regardless of the election;
  • The Bank may suspend, override, or disregard the election where required by law, by an order of a court or regulator, or where necessary to prevent imminent harm or unlawful activity. Where the Bank does so, it will document the basis for doing so;
  • The acceptable-use rules in Section 11 continue to apply, and the Bank's enforcement powers under Section 12 continue in force.

Nature of the feature. Confidential Mode is a Service feature, not a representation that the Bank is technically incapable of accessing Content. It is a representation that, in the circumstances in which Confidential Mode is in effect, the Bank will not access Content in the absence of one of the bases described above.

6.2 E2E Confidential Mode (end-to-end encrypted)

The cryptographic commitment. When E2E Confidential Mode is elected and is in effect for a particular Communication, the Content of that Communication is end-to-end encrypted between the parties' devices using cryptographic key material that the Bank does not hold and does not have access to. The Bank cannot read the Content of an E2E Confidential Mode Communication. The application says so before the Communication is placed.

What E2E Confidential Mode does not conceal from the Bank. E2E Confidential Mode protects Content. It does not protect Metadata. Even when E2E Confidential Mode is in effect:

  • The Bank retains access to the Metadata of the Communication — the identity of the parties, the time, the duration, the size of the payload, and the type of Feature used;
  • The Bank retains a record of the encrypted payload (the ciphertext) for the retention periods set out in Section 8, but cannot decrypt it;
  • The fact that the parties communicated, and that they did so under E2E Confidential Mode, is itself a fact known to the Bank.

What the Bank can and cannot do under E2E Confidential Mode. Because the Bank cannot read Content under E2E Confidential Mode:

  • The Bank cannot perform routine, content-based AML/CFT, sanctions, or fraud screening on the Content of E2E Confidential Mode Communications. The Member is responsible for the lawfulness of what the Member sends under E2E Confidential Mode;
  • The Bank cannot retroactively decrypt past E2E Confidential Mode Communications, including in response to legal process, an internal investigation, a regulatory request, or an emergency. Section 9 (Lawful access and disclosure) describes what the Bank can produce in those circumstances;
  • The Bank can, prospectively, disable E2E Confidential Mode for an account, suspend or terminate the account under Section 18 of the Terms of Service, refuse to deliver further Communications, take action on the basis of Metadata or Member-reported abuse under Sections 11 and 12, and report Metadata to competent authorities on lawful request;
  • The Bank cannot place a "back door" into E2E Confidential Mode that would allow it, or any third party, to read Content while E2E Confidential Mode is represented in-app as being in effect. If a back door becomes legally compulsory in a jurisdiction in which the Bank operates, the Bank's response will be to withdraw E2E Confidential Mode in that jurisdiction rather than to misrepresent its operation.

Loss of decryption capability. Because the Bank does not hold the decryption key, loss of access to a Member's device or to the Member's own key material may result in the Member's loss of access to the Content of past E2E Confidential Mode Communications. The Bank is not liable for that loss. The application may offer optional Member-controlled key-recovery facilities; where it does, the application discloses how those facilities work and how they affect the Bank's access.

Discontinuation of E2E Confidential Mode. The Bank may discontinue E2E Confidential Mode generally, or in a particular jurisdiction, on prospective notice. Discontinuation does not retroactively decrypt past Communications.

6.3 Mode applies per-Communication

Each Communication carries its own mode. A Member may exchange some Communications in default mode, others in Confidential Mode, and others in E2E Confidential Mode, with the same counterparty. The mode of one Communication does not bind the mode of any other.

7. Recording, monitoring, and notice

Voice and video calls placed through the Communications Features may be recorded by the Bank, in the same circumstances and for the same purposes as set out in Section 5. Where recording occurs, both parties to a call are notified in-app before the call is connected. By proceeding past that notice, each party consents to the recording on the terms described in this Policy.

The in-app notice is intended to satisfy the consumer-protection requirements of jurisdictions that require advance notice of recording, including U.S. state two-party-consent recording statutes, the EU ePrivacy regime, and similar regimes elsewhere. Where local law imposes a more stringent notice or consent requirement, the Bank will comply with that requirement and will adjust the in-app notice accordingly.

8. Retention

Default retention. Records of Communications (Content and Metadata) are retained for the periods required by applicable law and the Bank's recordkeeping policy. Where multiple retention periods could apply, the Bank applies the longest applicable period.

Statutory retention. Records relevant to the Bank Secrecy Act, the USA PATRIOT Act, OFAC sanctions enforcement, and the Bank's other federal regulatory recordkeeping obligations are retained for at least the period prescribed by those laws — generally five years from the date of the related transaction or, where applicable, from the date of the related Suspicious Activity Report. Records relevant to consumer-protection law, including Regulation E and the Remittance Rule, are retained for the periods prescribed by those rules.

Litigation hold. Where the Bank is on notice of actual or anticipated litigation, regulatory action, or enforcement involving Communications, retention is extended for those Communications until the matter is resolved.

Confidential Mode and retention. Confidential Mode does not extend, shorten, or override the retention periods set out above. It governs whether the Bank routinely accesses Content during the retention period, not whether the record exists.

E2E Confidential Mode and retention. Where E2E Confidential Mode is in effect, the Bank retains the ciphertext (the encrypted payload) of the Communication and the corresponding Metadata for the retention periods set out above, but does not retain plaintext and cannot produce plaintext. The retention rule applies to what the Bank holds; the Bank's inability to read the Content is unaffected.

Member access. Members may access their own Communication records through the ITAM application as the application provides for, and may request additional copies in accordance with the data-subject-rights mechanisms set out in the Privacy Notice and the State-Specific Privacy Rights notice.

9. Lawful access and disclosure

Production to authorities. Records of Communications are produced to competent authorities on lawful request, including subpoenas, court orders, search warrants, regulatory examination requests, mutual legal assistance treaty requests, and similar process valid under applicable law.

What the Bank produces under E2E Confidential Mode. Where the legal process concerns a Communication that was conducted under E2E Confidential Mode, what the Bank produces is the Metadata of the Communication, the ciphertext (encrypted payload) the Bank holds for that Communication, and any other records the Bank in fact possesses. The Bank does not produce plaintext, because the Bank does not have plaintext and cannot decrypt the ciphertext. The Bank will so inform the issuing authority. The Bank does not interpret legal process as imposing an obligation to do what is technically impossible, and will resist any process that purports to require it to do so.

Nondisclosure obligations. Where the Bank is the recipient of legal process subject to a nondisclosure obligation — including National Security Letters, grand-jury subpoenas, court orders under 18 U.S.C. § 2705, or similar process — the Bank may be legally unable to inform a Member that the Bank has received the process, that it is responding to it, or that it has produced records about the Member's Communications. Section 18 of the Terms of Service governs the consequences of such nondisclosure obligations for actions the Bank takes in response.

Suspicious Activity Reports. Where the Content or Metadata of a Communication leads the Bank to file a Suspicious Activity Report or any similar regulatory filing, federal law prohibits the Bank from notifying any person involved in the underlying transaction of the existence or contents of that filing. The same rule applies as for transactions generally (see Section 18 of the Terms of Service).

Voluntary information sharing. The Bank may share information about Communications under the voluntary information-sharing program established by section 314(b) of the USA PATRIOT Act with other participating financial institutions, on the safe-harbor and confidentiality terms of that program.

10. Counterparty institutions on the Network

Where you communicate with a Member whose account is held at another bank or financial institution that participates in the PayServices Network, the bank or institution holding that Member's account may also have access to the Communication on the same or similar terms as those set out in this Policy. The privacy and recordkeeping rules of that institution apply to its handling of the Communication; those rules are made available to you, in-app or by hyperlink, at the time you initiate the Communication.

The Bank's responsibility for Content and Metadata held at another participating institution is limited to the Bank's own handling of records produced to or from that institution through the Network. The other institution is responsible for its own handling of those records under its own rules and applicable law.

11. Acceptable-use rules

You may not use the Communications Features for any purpose prohibited by Section 14 of the Terms of Service, and in particular you may not use them to:

  • Send unsolicited commercial communications in violation of applicable anti-spam law (including the U.S. CAN-SPAM Act and the EU ePrivacy regime);
  • Harass, threaten, defame, intimidate, dox, or stalk any person;
  • Transmit malware, ransomware, phishing content, or content that infringes the rights of any third party;
  • Transmit child sexual abuse material, content depicting non-consensual intimate imagery, content that promotes terrorism or violent extremism, or content that depicts or facilitates serious violence against any person;
  • Impersonate any person or misrepresent your affiliation with any person or entity;
  • Use the Communications Features to circumvent, evade, or attempt to circumvent the Bank's compliance, fraud-prevention, or recordkeeping controls;
  • Use the Communications Features to facilitate any transaction or arrangement that is itself prohibited under Section 14 of the Terms of Service or applicable law;
  • Use the Communications Features for any purpose that violates the law of the jurisdiction of either Member or of any intermediary jurisdiction through which the Communication must pass.

Marketing to other Members. Sending commercial messages to a Member with whom you do not have an existing transactional relationship is permitted only where applicable anti-spam law allows it and where the recipient has not indicated that they do not wish to receive such messages. The application provides Members with a control to block unwanted marketing messages; that control must be respected.

12. Enforcement, takedown, and appeal

Enforcement powers. Where the Bank determines that a Communication violates this Policy, the Bank may, in its reasonable discretion: (i) block, remove, or refuse to deliver the Communication; (ii) warn the sending Member; (iii) suspend or limit the sending Member's access to the Communications Features; (iv) suspend or terminate the sending Member's account in accordance with Section 18 of the Terms of Service; (v) report the Communication to law enforcement or other competent authorities where required or permitted by law; and (vi) take any other action available to it under the Terms of Service or applicable law.

Notice. Where lawful and operationally feasible, the Bank will notify a Member of an enforcement action affecting that Member and will identify the Policy provision relied on. Where notice is prohibited by a nondisclosure obligation (as described in Section 9), notice will not be given.

Appeal. A Member who believes an enforcement action against them was made in error may request review by the Bank's complaints function in accordance with the Complaints procedure. Review will be conducted by personnel not involved in the original decision, where operationally feasible.

Reporting abuse. Any Member may report a Communication that they believe violates this Policy through the in-app reporting tool or by writing to info@payservices.com. Reports of child sexual abuse material, imminent threats of violence, or terrorism-related content will be triaged with priority and reported to competent authorities as required by law.

Enforcement under E2E Confidential Mode. For Communications conducted under E2E Confidential Mode, the Bank cannot read Content and therefore cannot detect Policy violations through Content review. Enforcement of this Policy with respect to such Communications relies on (i) Metadata-based signals, (ii) reports from recipient Members or other persons, (iii) information voluntarily provided by a Member (including the recipient's own copy of a Communication), (iv) information lawfully obtained by competent authorities and shared with the Bank, and (v) prospective controls including disabling E2E Confidential Mode for an account, suspending or terminating the account, and refusing to deliver further Communications. The Member is reminded that the absence of Bank-side Content review does not authorize the Member to send any Communication that would otherwise violate this Policy or applicable law.

13. Cross-border use and local law

The Communications Features are operated from the United States and made available to Members in jurisdictions where their use is lawful. By using the Communications Features from outside the United States, you do so on your own initiative and are responsible for compliance with the law of your jurisdiction.

Where the law of your jurisdiction grants you a non-waivable right with respect to communications privacy, recording consent, retention, or lawful-access procedures, this Policy is to be read consistently with that right, and any provision of this Policy that is inconsistent with that right is modified or limited only to the minimum extent necessary to comply with the local law. The remainder of the Policy continues to apply.

Some Communications Features may not be available in every country, and the Bank may add, suspend, or withdraw availability in any jurisdiction at any time, including where required by law, by regulator, or by a banking partner.

14. Changes to this Policy

The Bank may update this Policy from time to time. Material changes will be disclosed in-app or by other reasonable means before the changes take effect. Continued use of the Communications Features after the effective date of an updated Policy constitutes acceptance of that updated Policy.

15. Contact us

For questions about this Policy or to report abuse, please contact us at:

PayServices Bank
950 W Bannock Street, Suite 1100
Boise, Idaho 83702-6140
United States

info@payservices.com