We’re giving away a split pot of up to $1 million in stock on Nov. 2nd. Which stock? Vote now!

Stash Financial, Inc.
Privacy Policy

Effective: May 17, 2020

1. Introduction

Welcome to Stash! Your trust is important to us and we’re committed to protecting the privacy and security of your personal information. The personal information you share with us helps us provide a great experience with Stash. That’s why we want to keep you informed of what personal information we collect, how it’s used, and when it is shared. We are dedicated to protecting the personal information we collect from you and ensuring that it is handled with care and attention.

1.1 Scope

This Privacy Policy applies to Stash Financial, Inc. and its affiliates Stash Investments LLC (our registered investment adviser), Stash Capital LLC (our registered broker dealer), Stash Cash Management LLC (our banking services affiliate), and Stash Insurance Services LLC (our insurance services affiliate). In this Privacy Policy, we refer to Stash Financial, Inc. and its affiliates as “Stash”.

This Privacy Policy describes how we collect, use, process, and disclose your personal information, in conjunction with your access to and use of the Stash Platform, including banking services provided by Green Dot Bank and offered through Stash (collectively, the “Services”). Our Services are available to you through a variety of platforms, including, but not limited to, www.stash.com and learn.stash.com (the “Sites”), and our mobile application, which is accessible through a variety of connected devices (the “App”). The Sites and the App are collectively referred to as the “Platform.”

In addition to the information provided in this Privacy Policy, Stash is required by federal law to provide consumers with information regarding our collection and sharing of nonpublic personal information. Please see our Privacy Notice for more information.

1.2 Description of Users and Acceptance of Terms

This Privacy Policy applies to visitors to the Platform, who view publicly accessible content (“Visitors”) and customers who have signed up to access and use the Services offered by Stash through the Platform (“Customers”).

By visiting or browsing the publicly accessible areas of the Sites or the App, Visitors are acknowledging that they have read, understood, and agree to be legally bound by this Privacy Policy and our Terms of Use. If you do not agree to any of the terms in this Privacy Policy or the Terms of Use, you may not access or use the Sites or the App.

By signing up, accessing, or using the Platform or our Services, each Customer is agreeing to the terms of this Privacy Policy, the Terms of Use, and any applicable customer agreements.

1.3 Exclusions

The following exclusions apply to this Privacy Policy:

  • This Privacy Policy does not apply to anonymized or aggregated Customer data (i.e. information about our Customers that we combine together so that it no longer identifies or references an individual Customer). Anonymization is a data processing technique that removes or modifies personal information so that it cannot be associated with a specific individual. Types of data we may anonymize include, transaction data, click-stream data, performance metrics, and fraud indicators. We may use anonymized or aggregate customer data for any business purpose, including to better understand Customer needs and behaviors, improve our products and services, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third parties.
  • This Privacy Policy does not apply to third party products, websites, links, services or the practices of companies that we do not own or control, including other companies you might interact with on or through the Services.
  • Stash does not monitor, recognize, or honor any opt out or do not track mechanisms, including general web browser “Do Not Track” settings and/or signals.
  • The Stash Platform and Services are intended for citizens or lawful residents of the United States and who are located in the United States. The Platform, the Services and their servers are controlled and operated in the United States, and are not intended to be accessed from outside the United States.

2. Information We Collect or Receive

In the course of operating the Platform and providing the Services, we collect or receive the following categories of information, which collectively comprise “Personal Information”.

2.1 Categories of Personal Information

When you register to become a Customer, you will be asked to provide us with certain information about you, such as:

  • Your name, alias, date of birth, Tax ID number, citizenship and passport number, visa information, home address, telephone number, email address, social security number, bank account number, bank routing number, bank account login credentials, bank name, employer name, employment status, and job position.
  • Certain features of the Services will allow you to link your credit card, debit card, and bank accounts to your Stash account(s) by providing your account number, billing address and similar information.
  • Whether you are a “politically exposed person,” whether you are a “control person” (pursuant to FINRA Rule 3210), annual income range, total net worth range, and other information as appropriate for our legitimate business needs.
  • We may collect information derived or resulting from voluntary surveys.
  • We may record any customer service calls and maintain such recordings to better improve our Services.
  • We may also collect Personal Information when you voluntarily provide us with Personal Information as a Visitor, such as when you use our “Contact Us” form.

If you have provided us with any Personal Information, you may access, review, and/or make changes, by making the changes in your registered account settings page or by contacting us.

2.2 Nonpublic Personal Information

When you register to become a Customer and at certain times following initial registration during the provision of our Services to you, we will also collect your nonpublic personal information which means (i) any information you provide to us to obtain a financial product or service from us, (ii) any information about you resulting from any transaction involving a financial product or service between us and you, (iii) any information about a transaction, purchase or sale you are seeking to execute through through the Platform, or (iv) any information we otherwise obtain about you in connection with providing a financial product or service to you (collectively, the “Nonpublic Personal Information”). We may also collect Nonpublic Personal Information from Visitors, who are consumers of our Platform.

2.3 Investment Style Information

When you register as a Customer, you will be asked to provide information about your investment preferences and investment style such as, your risk tolerance, time horizon, liquidity needs, investment objectives and investment experiences (collectively, the “Investment Style Information”). Investment Style Information may be updated or modified following initial registration during the provision of our Services to you.

2.4 Geolocational Information

Certain features and functionalities of the Services are based on your location. In order to provide these features and functionalities while you are using a mobile device, we may, with your consent, automatically collect geolocation information from your mobile device, wireless carrier, or certain third-party service providers. Such information is collectively called the "Geolocational Information." Collection of such Geolocational Information occurs only when the App is running on your mobile device. You may decline to allow us to collect such Geolocational Information, in which case Stash will not be able to provide certain features or functionalities to you.

2.5 Information We Collect From You Automatically

We may automatically collect or receive information about you, your use of our Platform, your interactions with us and our advertising, as well as information regarding your computer or other devices used to access our Platform, such as:

  • Online Identifiers: browser fingerprint, operating system, browser name and version, and/or personal IP addresses.
  • Device information: type of device, Universally Unique Identifier, advertising identifiers (“IDFA” or “AdID”), operating system and version, wireless carrier, and network type.
  • Usage data: authentication data, security questions, click-stream data, public social networking posts, and other data collected via web beacons, pixel tags, embedded links, cookies, and other similar tracking techniques.
  • Cookies: A cookie is a piece of information that the computer that hosts our Platform gives to your browser when you access the Platform. Our cookies help provide additional functionality to the Platform and help us analyze the Platform usage more accurately. For example, our Platform may set a cookie on your browser that allows you to access the Platform without needing to reenter your password each time. In all cases in which we use cookies, we will not collect Personal Information unless we obtain your permission. Please refer to the “help” section on your browser’s toolbar for information on how to receive notification when you are receiving a new cookie and how to turn cookies off. If you do not want Stash to place cookies in your browser, you can opt out by setting your browser to reject cookies or to notify you when a website tries to put a cookie in your browser software. If you choose to disable cookies in your browser, you can still use the Platform, although your ability to use some of the features may be affected.
  • Third-Party analytics: We may use third-party analytics services (for example, we use Google Analytics, Mixpanel, Braze, and others) to evaluate your use of the Platform, compile reports on activity, analyze performance metrics, and collect and evaluate other information relating to the Platform and mobile and Internet usage. For more information on these third parties, including how to opt out from certain data collection, please visit www.google.com/analytics, www.mixpanel.com/privacy/, or www.braze.com/privacy/. Please be advised that if you opt out of any service, you may not be able to use the full functionality of the Platform.

2.6 Children’s Data

Stash is not directed to children under the age of 18, and therefore we do not knowingly collect or receive Personal Information from children under the age of 18. If a user submitting personal information is suspected of being younger than 18 years of age, Stash will require the user to close his or her account and will not allow the user to continue using our Services. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent access to our Services.

Notwithstanding the above, if you establish a Stash custodial account with us that is governed by the Uniform Gifts to Minors Act or the Uniform Transfers to Minors Act that is for the benefit of a child under the age of 13, only the individual establishing the account provides Personal Information to us necessary to establish the account for the child under the age of 13. Subsequent to the creation of the account, we will only collect and use Personal Information related to the child for the limited purpose of providing the Services, and except as set forth in this Privacy Policy, such information will not be shared with third parties for any purpose not required or permitted by law, including marketing.

3. Sources of Personal Information

3.1 Information Collected by or Received from Third-Party Sources

We may also collect Personal Information about you from third-party sources, such as banking verification services, consumer reporting agencies, unaffiliated third parties, brokers, banks, or government databases. We may combine data we collect about you from third-party data sources with data we collect from you and may use and share such data as described in this Privacy Policy. All information we collect or receive from such third-party sources is referred to as “Third-Party Information.”

  • For example, we use Plaid Inc. (“Plaid”) and Quovo, Inc. (“Quovo”) for account linking services and to gather your data from financial institutions. This data may include information from all your sub-accounts (e.g., checking, savings, and credit card) accessible through a single set of account credentials, even if only a single sub-account is designated by you. By using our Services, you grant us, Plaid, and Quovo the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid Privacy Policy (https://plaid.com/legal/#end-user-privacy-policy) and by Quovo in accordance with the Quovo Privacy Policy (https://www.quovo.com/legal/privacy-policy/). To the extent your account linking and data gathering was previously or is currently provided by Quovo, you expressly authorize Quovo to transmit any information or data arising out of those services to Plaid so that Plaid can provide you such services.
  • If you have a Stash Banking account, you agree to your personal and financial information being transferred by Green Dot Bank to us in accordance with the Green Dot Bank Privacy Policy.
  • We have partnered with ClickSWITCH, LLC (“ClickSWITCH”) to assist Customers with a Stash Banking account to switch their direct deposit and/or other similar automatic payments from their existing financial institution to their Stash Banking account. This process involves ClickSWITCH collecting, sharing, storing and/or using certain of your Personal Information. By using these services, you agree to your Personal Information being collected, shared, stored and/or used in accordance with the ClickSWITCH Privacy Policy, as amended.

3.2 Information Collected by or Through Third-Party Advertising

We may share information about you with third parties that Stash has selected and approved for ad distribution and ad optimization (including tailoring, behavioral or contextual targeting or retargeting, analyzing, managing, reporting, and optimizing of ads). These third parties may use cookies, pixel tags, and other technologies to collect information about you for such purposes. Pixel tags enable us and these third-party advertising companies to recognize a browser’s cookie when a browser visits the site on which the pixel tag is located in order to learn which advertisement brings a user to a given site. In addition, we may receive information about you from advertisers and/or their service providers such as advertising identifiers, IP addresses, and post-conversion data. You may choose to opt out of this type of tracking and sharing of information at any time by selecting the specific partners you wish to exclude from these websites: http://www.aboutads.info/choices and http://optout.networkadvertising.org/.

4. How The Information Is Used

Our primary purpose in collecting information about you is to provide you with a secure, smooth, efficient, and customized experience. We may use information about you to (1) provide, understand, improve, and develop the Stash Platform and Services, (2) create and maintain a trusted and safe environment (such as to comply with our legal obligations) and (3) provide, personalize, measure, and improve our advertising and marketing.

4.1 Provide, Improve, and Develop the Stash Platform and Services

We may use Personal Information to provide, improve, and develop the Stash Platform and Services, including, for example:

  • To enable you to access and use the Stash Platform and Services.
  • To fulfill our contractual obligations to you or any requests by you for support.
  • To provide you personalized suggestions and recommendations about trade recommendations, budgeting, saving money, spending, or other financial products, services or offers that we believe may help you, based on information about your transactions, purchases, or account balances.
  • To share Personal Information with Green Dot Bank as needed for Green Dot Bank to deliver its banking services to you and for us to fulfill our contractual obligations to Green Dot Bank.
  • To maintain or service Customer accounts, process or fulfill orders and transactions, verify Customer information, or process payments.
  • To engage other companies to perform certain functions on our behalf, including, for example, website hosting, mailing information, maintaining databases, ID verification, processing applications, processing payments and completing transactions.
  • To operate, protect, improve, and optimize the Stash Platform and Services, such as by performing analytics and conducting research, such as by compiling aggregated and anonymized information about our Customers’ demographics, interests and behaviors, in order to better understand our Customer base and to develop new products, features or services.

We process your Personal Information for these purposes given our legitimate interest in improving the Stash Platform and Services and our Customers’ experience with it, and where it is necessary for the adequate performance of our contractual obligations with you.

4.2 Create and Maintain a Trusted and Safe Environment

We may use Personal Information to create and maintain a trusted and safe environment, including, for example:

  • To comply with our legal obligations, including to detect and prevent fraud, spam, abuse, security incidents, and other harmful or illegal activity, or to conduct security investigations and risk assessments.
  • To verify or authenticate information or identifications provided by you, or to conduct checks against databases and other information sources, including background or police checks, to the extent permitted by applicable laws and with your consent where required.
  • To ensure compliance with and enforce our Terms of Service, Privacy Policy, or other policies, agreements or terms and conditions.
  • To resolve any disputes with any of our Customers and enforce our agreements with third parties.
  • To conduct debugging to identify and repair errors.
  • To share your Personal Information with any of our parent companies, affiliates, subsidiaries, joint ventures, or other companies that we control, are controlled by, or are under common control with us.
  • To comply with our obligations in the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event. If your Personal Information is part of the transferred assets, you will be notified via email and/or a prominent notice on our Platform of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
  • To comply with a court order or other lawful request or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Stash, (iii) act in urgent circumstances to protect the financial security of users of the Platform or the public against fraud or other harm, or (iv) protect against legal liability.

We process your Personal Information for these purposes given our legitimate interest in protecting the Stash Platform and Services, to measure the adequate performance of our contractual obligations with you, and to comply with applicable laws.

4.3 Provide, Personalize, Measure, and Improve our Advertising and Marketing

We may use Personal Information to provide, personalize, measure, and improve our advertising and marketing, including, for example:

  • To send you promotional messages, marketing, advertising, and other information that may be of interest to you based on your preferences (including information about Stash or partner campaigns and services).
  • To personalize, measure, and improve our advertising.
  • To administer referral programs, rewards, surveys, sweepstakes, contests, or other promotional activities or events sponsored or managed by Stash or its third party partners.
  • To conduct profiling on your characteristics and preferences to send you promotional messages, marketing, advertising and other information that we think may be of interest to you.
  • To share your Personal Information with third parties, including but not limited to third-party market research firms for analysis purposes and to help such third parties generate anonymized and aggregated market research data for us. However, under no circumstances will we ever sell your Personal Information to third parties.

We will process your Personal Information for the purposes listed in this section given our legitimate interest in undertaking marketing activities to offer you products or services that may be of interest to you.

4.4 Opt-In Consent

We will not share your Personal Information with non-affiliated third parties that may use your Personal Information to market to you, without obtaining your opt-in consent. If you have opted-in for this kind of sharing of your Personal Information, then you may: (i) choose to opt out of such sharing; or (ii) request certain information regarding our disclosure of your Personal Information to such non-affiliated third parties, in each case by contacting us by following the instructions in the “Contact Us” section below. If you have signed up for a Stash Banking account, you will not be able to opt out of us sharing Information with Green Dot Bank, the provider of the Stash Banking account.

5. How We Protect Your Information

The security of your Personal Information is of utmost importance to us. Stash handles sensitive financial customer data, so we’ve taken steps to secure critical systems and information. For example, we use encryption to protect and secure all of your information, from personal data (like your social security number) to your transaction history. We take commercially reasonable technical, administrative, and physical safeguards to protect information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. To learn more about how we protect your information visit https://www.stash.com/security.

If you know or have reason to believe that your Personal Information or Stash account has been stolen, misappropriated, or otherwise compromised, or if you receive an unsolicited email or other electronic communication that appears to be from Stash but you suspect it may be from some other source or fraudulent, please contact us by following the instructions in the “Contact Us” section below.

6. Retention of Your Information

We will retain your Personal Information for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We will also retain and use your Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If your customer relationship with Stash ends, we will not destroy your Information unless required or permitted by law. We will continue to treat your Personal Information in accordance with this Privacy Policy and applicable laws.

Information connected to you that is no longer necessary and relevant to provide our Services may be de-identified or aggregated with other non-personal data to provide insights which are commercially valuable to Stash, such as statistics of the use of the Services.

7. Communication Preferences

You have choices on the messages you choose to receive.

  • As a user of the Services we and/or our custodian(s), will send you administrative and transactional communications that are necessary to provide the Services, such as billing, brokerage, fraud or service notifications. You cannot opt out of receiving such communications.
  • When you sign up for our Services or newsletter(s), we will send periodic emails to you regarding the Services or to tell you about services we believe will be of interest to you. To opt out of marketing emails, simply click the link labeled “unsubscribe” at the bottom of any email we send you.
  • By providing your phone number you expressly consent to Stash and/or its agents calling or texting you using an automated telephone dialing system and / or prerecorded messages, even if you incur charges for receiving such communications. For example, we may send you informational text messages to your mobile device in order to better service your account. You can revoke your consent to receiving informational text messages at any time by replying “STOP” or following any other instructions included in these text messages.

8. California Privacy Rights

Effective January 1, 2020, the California Consumer Privacy Act (CCPA) allows California residents, upon a verifiable consumer request and subject to applicable exemptions, to request that we give you access, in a portable and (if technically feasible) readily usable form, to the specific pieces and categories of personal information that we have collected about you, the categories of sources for that information, the business or commercial purposes for collecting the information, and the categories of third parties with which the information was shared. California residents also have the right to submit a request for deletion of information under certain circumstances. Consistent with California law, Stash will not discriminate against those who exercise their rights. Specifically, if you exercise your rights, we will not deny you services, charge you different prices for services or provide you a different level or quality of services. To submit a data request, please contact us by following the instructions in the “Contact Us” section below. Please note that you must verify your identity and request before further action is taken. As a part of this process, government identification may be required. Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government issued identification, and the authorized agent’s valid government issued identification.

We do not sell Personal Information to third parties. We do allow third parties to collect personal information through our Service and share personal information with third parties for the business purposes described in this Privacy Policy, including without limitation advertising and marketing on our Service and elsewhere based on users’ online activities over time and across different sites, services, and devices.

California law permits consumers who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those third parties. Stash does not share Personal Information with third parties for their own direct marketing purposes without your prior consent. Accordingly, you can prevent disclosure of your Personal Information to third parties for their direct marketing purposes by withholding consent.

9. Changes To This Privacy Policy

We may modify this Privacy Policy from time to time which will be indicated by changing the date at the top of this page. If we make any material changes, we will notify you by email (sent to the email address specified in your account), by means of a notice on the Platform prior to the change becoming effective, or as otherwise required by law. Your continued access to or use of the Platform after we make any changes to this Privacy Policy, will be subject to the revised Privacy Policy.

10. Contact Us

If you have questions or concerns regarding this Privacy Policy, or about Stash’s information handling practices, or if you have a complaint, please contact us by visiting ask.stash.com, or emailing us at support@stash.com, or calling us at (800) 205-5164.

Get Stash