Stash Financial, Inc.
Effective: May 17, 2020
Table of Contents
Welcome to Stash! Your trust is important to us and we’re committed to protecting the privacy and security of your personal information. The personal information you share with us helps us provide a great experience with Stash. That’s why we want to keep you informed of what personal information we collect, how it’s used, and when it is shared. We are dedicated to protecting the personal information we collect from you and ensuring that it is handled with care and attention.
1.2 Description of Users and Acceptance of Terms
- Stash does not monitor, recognize, or honor any opt out or do not track mechanisms, including general web browser “Do Not Track” settings and/or signals.
- The Stash Platform and Services are intended for citizens or lawful residents of the United States and who are located in the United States. The Platform, the Services and their servers are controlled and operated in the United States, and are not intended to be accessed from outside the United States.
2. Information We Collect or Receive
In the course of operating the Platform and providing the Services, we collect or receive the following categories of information, which collectively comprise “Personal Information”.
2.1 Categories of Personal Information
When you register to become a Customer, you will be asked to provide us with certain information about you, such as:
- Your name, alias, date of birth, Tax ID number, citizenship and passport number, visa information, home address, telephone number, email address, social security number, bank account number, bank routing number, bank account login credentials, bank name, employer name, employment status, and job position.
- Certain features of the Services will allow you to link your credit card, debit card, and bank accounts to your Stash account(s) by providing your account number, billing address and similar information.
- Whether you are a “politically exposed person,” whether you are a “control person” (pursuant to FINRA Rule 3210), annual income range, total net worth range, and other information as appropriate for our legitimate business needs.
- We may collect information derived or resulting from voluntary surveys.
- We may record any customer service calls and maintain such recordings to better improve our Services.
- We may also collect Personal Information when you voluntarily provide us with Personal Information as a Visitor, such as when you use our “Contact Us” form.
If you have provided us with any Personal Information, you may access, review, and/or make changes, by making the changes in your registered account settings page or by contacting us.
2.2 Nonpublic Personal Information
When you register to become a Customer and at certain times following initial registration during the provision of our Services to you, we will also collect your nonpublic personal information which means (i) any information you provide to us to obtain a financial product or service from us, (ii) any information about you resulting from any transaction involving a financial product or service between us and you, (iii) any information about a transaction, purchase or sale you are seeking to execute through through the Platform, or (iv) any information we otherwise obtain about you in connection with providing a financial product or service to you (collectively, the “Nonpublic Personal Information”). We may also collect Nonpublic Personal Information from Visitors, who are consumers of our Platform.
2.3 Investment Style Information
When you register as a Customer, you will be asked to provide information about your investment preferences and investment style such as, your risk tolerance, time horizon, liquidity needs, investment objectives and investment experiences (collectively, the “Investment Style Information”). Investment Style Information may be updated or modified following initial registration during the provision of our Services to you.
2.4 Geolocational Information
Certain features and functionalities of the Services are based on your location. In order to provide these features and functionalities while you are using a mobile device, we may, with your consent, automatically collect geolocation information from your mobile device, wireless carrier, or certain third-party service providers. Such information is collectively called the "Geolocational Information." Collection of such Geolocational Information occurs only when the App is running on your mobile device. You may decline to allow us to collect such Geolocational Information, in which case Stash will not be able to provide certain features or functionalities to you.
2.5 Information We Collect From You Automatically
We may automatically collect or receive information about you, your use of our Platform, your interactions with us and our advertising, as well as information regarding your computer or other devices used to access our Platform, such as:
- Online Identifiers: browser fingerprint, operating system, browser name and version, and/or personal IP addresses.
- Device information: type of device, Universally Unique Identifier, advertising identifiers (“IDFA” or “AdID”), operating system and version, wireless carrier, and network type.
- Usage data: authentication data, security questions, click-stream data, public social networking posts, and other data collected via web beacons, pixel tags, embedded links, cookies, and other similar tracking techniques.
- Third-Party analytics: We may use third-party analytics services (for example, we use Google Analytics, Mixpanel, Braze, and others) to evaluate your use of the Platform, compile reports on activity, analyze performance metrics, and collect and evaluate other information relating to the Platform and mobile and Internet usage. For more information on these third parties, including how to opt out from certain data collection, please visit www.google.com/analytics, www.mixpanel.com/privacy/, or www.braze.com/privacy/. Please be advised that if you opt out of any service, you may not be able to use the full functionality of the Platform.
2.6 Children’s Data
Stash is not directed to children under the age of 18, and therefore we do not knowingly collect or receive Personal Information from children under the age of 18. If a user submitting personal information is suspected of being younger than 18 years of age, Stash will require the user to close his or her account and will not allow the user to continue using our Services. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent access to our Services.
3. Sources of Personal Information
3.1 Information Collected by or Received from Third-Party Sources
3.2 Information Collected by or Through Third-Party Advertising
4. How The Information Is Used
Our primary purpose in collecting information about you is to provide you with a secure, smooth, efficient, and customized experience. We may use information about you to (1) provide, understand, improve, and develop the Stash Platform and Services, (2) create and maintain a trusted and safe environment (such as to comply with our legal obligations) and (3) provide, personalize, measure, and improve our advertising and marketing.
4.1 Provide, Improve, and Develop the Stash Platform and Services
We may use Personal Information to provide, improve, and develop the Stash Platform and Services, including, for example:
- To enable you to access and use the Stash Platform and Services.
- To fulfill our contractual obligations to you or any requests by you for support.
- To provide you personalized suggestions and recommendations about trade recommendations, budgeting, saving money, spending, or other financial products, services or offers that we believe may help you, based on information about your transactions, purchases, or account balances.
- To share Personal Information with Green Dot Bank as needed for Green Dot Bank to deliver its banking services to you and for us to fulfill our contractual obligations to Green Dot Bank.
- To maintain or service Customer accounts, process or fulfill orders and transactions, verify Customer information, or process payments.
- To engage other companies to perform certain functions on our behalf, including, for example, website hosting, mailing information, maintaining databases, ID verification, processing applications, processing payments and completing transactions.
- To operate, protect, improve, and optimize the Stash Platform and Services, such as by performing analytics and conducting research, such as by compiling aggregated and anonymized information about our Customers’ demographics, interests and behaviors, in order to better understand our Customer base and to develop new products, features or services.
We process your Personal Information for these purposes given our legitimate interest in improving the Stash Platform and Services and our Customers’ experience with it, and where it is necessary for the adequate performance of our contractual obligations with you.
4.2 Create and Maintain a Trusted and Safe Environment
We may use Personal Information to create and maintain a trusted and safe environment, including, for example:
- To comply with our legal obligations, including to detect and prevent fraud, spam, abuse, security incidents, and other harmful or illegal activity, or to conduct security investigations and risk assessments.
- To verify or authenticate information or identifications provided by you, or to conduct checks against databases and other information sources, including background or police checks, to the extent permitted by applicable laws and with your consent where required.
- To resolve any disputes with any of our Customers and enforce our agreements with third parties.
- To conduct debugging to identify and repair errors.
- To share your Personal Information with any of our parent companies, affiliates, subsidiaries, joint ventures, or other companies that we control, are controlled by, or are under common control with us.
- To comply with our obligations in the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event. If your Personal Information is part of the transferred assets, you will be notified via email and/or a prominent notice on our Platform of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
- To comply with a court order or other lawful request or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Stash, (iii) act in urgent circumstances to protect the financial security of users of the Platform or the public against fraud or other harm, or (iv) protect against legal liability.
We process your Personal Information for these purposes given our legitimate interest in protecting the Stash Platform and Services, to measure the adequate performance of our contractual obligations with you, and to comply with applicable laws.
4.3 Provide, Personalize, Measure, and Improve our Advertising and Marketing
We may use Personal Information to provide, personalize, measure, and improve our advertising and marketing, including, for example:
- To send you promotional messages, marketing, advertising, and other information that may be of interest to you based on your preferences (including information about Stash or partner campaigns and services).
- To personalize, measure, and improve our advertising.
- To administer referral programs, rewards, surveys, sweepstakes, contests, or other promotional activities or events sponsored or managed by Stash or its third party partners.
- To conduct profiling on your characteristics and preferences to send you promotional messages, marketing, advertising and other information that we think may be of interest to you.
- To share your Personal Information with third parties, including but not limited to third-party market research firms for analysis purposes and to help such third parties generate anonymized and aggregated market research data for us. However, under no circumstances will we ever sell your Personal Information to third parties.
We will process your Personal Information for the purposes listed in this section given our legitimate interest in undertaking marketing activities to offer you products or services that may be of interest to you.
4.4 Opt-In Consent
We will not share your Personal Information with non-affiliated third parties that may use your Personal Information to market to you, without obtaining your opt-in consent. If you have opted-in for this kind of sharing of your Personal Information, then you may: (i) choose to opt out of such sharing; or (ii) request certain information regarding our disclosure of your Personal Information to such non-affiliated third parties, in each case by contacting us by following the instructions in the “Contact Us” section below. If you have signed up for a Stash Banking account, you will not be able to opt out of us sharing Information with Green Dot Bank, the provider of the Stash Banking account.
5. How We Protect Your Information
The security of your Personal Information is of utmost importance to us. Stash handles sensitive financial customer data, so we’ve taken steps to secure critical systems and information. For example, we use encryption to protect and secure all of your information, from personal data (like your social security number) to your transaction history. We take commercially reasonable technical, administrative, and physical safeguards to protect information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. To learn more about how we protect your information visit https://www.stash.com/security.
If you know or have reason to believe that your Personal Information or Stash account has been stolen, misappropriated, or otherwise compromised, or if you receive an unsolicited email or other electronic communication that appears to be from Stash but you suspect it may be from some other source or fraudulent, please contact us by following the instructions in the “Contact Us” section below.
6. Retention of Your Information
Information connected to you that is no longer necessary and relevant to provide our Services may be de-identified or aggregated with other non-personal data to provide insights which are commercially valuable to Stash, such as statistics of the use of the Services.
7. Communication Preferences
You have choices on the messages you choose to receive.
- As a user of the Services we and/or our custodian(s), will send you administrative and transactional communications that are necessary to provide the Services, such as billing, brokerage, fraud or service notifications. You cannot opt out of receiving such communications.
- When you sign up for our Services or newsletter(s), we will send periodic emails to you regarding the Services or to tell you about services we believe will be of interest to you. To opt out of marketing emails, simply click the link labeled “unsubscribe” at the bottom of any email we send you.
- By providing your phone number you expressly consent to Stash and/or its agents calling or texting you using an automated telephone dialing system and / or prerecorded messages, even if you incur charges for receiving such communications. For example, we may send you informational text messages to your mobile device in order to better service your account. You can revoke your consent to receiving informational text messages at any time by replying “STOP” or following any other instructions included in these text messages.
8. California Privacy Rights
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) allows California residents, upon a verifiable consumer request and subject to applicable exemptions, to request that we give you access, in a portable and (if technically feasible) readily usable form, to the specific pieces and categories of personal information that we have collected about you, the categories of sources for that information, the business or commercial purposes for collecting the information, and the categories of third parties with which the information was shared. California residents also have the right to submit a request for deletion of information under certain circumstances. Consistent with California law, Stash will not discriminate against those who exercise their rights. Specifically, if you exercise your rights, we will not deny you services, charge you different prices for services or provide you a different level or quality of services. To submit a data request, please contact us by following the instructions in the “Contact Us” section below. Please note that you must verify your identity and request before further action is taken. As a part of this process, government identification may be required. Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government issued identification, and the authorized agent’s valid government issued identification.
California law permits consumers who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those third parties. Stash does not share Personal Information with third parties for their own direct marketing purposes without your prior consent. Accordingly, you can prevent disclosure of your Personal Information to third parties for their direct marketing purposes by withholding consent.