Last revised: October 10, 2017
When you establish an Account, We may ask you to provide Us with contact information in order for Us to identify and communicate with you, including your first and last name as well as your email address. We will retain your email address solely for the purpose of communicating with you about the Service. As part of our primary offering, We also ask that you provide your account information, including log in credentials, for each bank/retailer/service provider (each, an "Institution") with which you wish to use the Service. As We expand the Service, we may request other information.
When you are using the Service, We collect information about your Institutions' account transactions and trust relationships and other account information.
When you visit the Site, We also collect your IP address and standard web log information, such as your browser type, the pages you accessed on the Site, the time and date of your visit, the time spent on those pages and other statistics.
Finally, We may collect additional anonymous information from or about you or your Institutions, including but not limited to an Institution's APR rates, reward information, and similar information.
Our primary purpose in collecting information is to provide you with a safe, secure, effective and efficient experience and to improve the Service and Site. We may use your information to: provide the Service; process transactions; troubleshoot problems; prevent prohibited activities; customize and improve the Service; communicate with you; and perform other duties as required by law.
We also may use anonymized, aggregated data that includes your information to evaluate and compare the use and effectiveness of the Service.
We do not share your information with third parties for promotional or marketing purposes. However, We may share your information:
• With the Institutions you register with Us in order to provide the Service;
• As part of, or following, an acquisition or other change of control including a merger or sale of assets involving Us; and
We use the vendors identified below to facilitate delivery of the Service and to store personal and financial information and other bank credentials which you provide to Us and which is necessary for you to use, and for us to provide, the Service. These parties are prohibited from using your Personal Information for any other purposes.
WE use MX Atrium to securely connect to your bank and fetch your bank transactions. We store and process your personal and financial information and electronic copies of all correspondence through Amazon Web Services and VGS. This information is protected by physical, electronic and procedural safeguards in compliance with applicable US federal and state regulations. The privacy policies and security systems utilized by these parties can be viewed at https://aws.amazon.com/privacy/, https://www.mx.com/privacy-policy, and https://www.verygoodsecurity.com/.
For international users, please note that it may be necessary to transfer your information internationally and, in particular, your information may be transferred to and processed in the United States. For residents of the European Union: the data protection and other laws of other countries outside of the European Union may not be as comprehensive as those of the European Union. Please be assured that we take steps to ensure that your privacy is protected as described in this policy. By using the Services, you agree to have your information transferred to and used in the United States as set forth in this policy.
California Do Not Track Notice:
Because there are not yet common, industry accepted “do not track” standards and systems, Our Application does not respond to Do Not Track signals.
California Disclosure Information:
Although We do not collect or retain, and therefore will not disclose to any third parties for their marketing purposes, any personally identifiable information, California residents are entitled to receive the following disclosure information under California law:
Under California Law, California residents have the right to request in writing from businesses with which they have an established business relationship, (1) a list of the categories of personally identifiable information, such as name, address, date of birth, social security number, email address, and any other types of personally identifiable information that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties' direct marketing purposes, and (2) the names and addresses of all such third parties. We will respond to such written requests within 30 days following receipt at the email or mailing address specified below under “Contact Us”. If We receive your request at a different email or mailing address, We will respond within a reasonable period of time, but not to exceed 150 days from the date received. Please note that we are required to respond to each customer only once per calendar year.
We comply with state and federal rules of the United States regarding the collection, use and retention of personally identifiable information and data. The recipients of users' personally identifiable data, and more generally these disclosures, may be located in the United States or other jurisdictions that might not provide a level of protection equivalent to the laws in your jurisdiction. If you submit personally identifiable data to us, you consent to the transfer of such personally identifiable data outside your jurisdiction.