Stash Financial, Inc.
Effective: December 21, 2022
Table of Contents
Welcome to Stash! Your trust is important to us, and we’re committed to protecting the privacy and security of your personal information. The personal information you share with us helps us provide a great experience with Stash. That’s why we want to keep you informed of what personal information we collect, how it’s used, and when it is shared. We are dedicated to protecting the personal information we collect from you and ensuring that it is handled with care and attention.
1.2 Description of Users and Acceptance of Terms
- Stash does not respond to general web browser “Do Not Track” settings and/or signals.
- The Stash Platform and Services are intended for citizens or lawful residents of the United States and who are located in the United States. The Stash Platform, the Services, and their servers are controlled and operated in the United States and are not intended to be accessed from outside the United States.
2. Information We Collect or Receive
In the course of operating the Stash Platform and providing the Services, we collect or receive the following categories of information, which collectively comprise “Personal Information”.
2.1 Categories of Personal Information
When you register to become a Customer, you will be asked to provide us with certain information about you, such as:
- Your name, alias, date of birth, citizenship and passport number, visa information, home address, telephone number, email address, Social Security number, bank account number, bank routing number, bank account login credentials, bank name, employer name, employment status, and job position.
- Certain features of the Services will allow you to link your credit card, debit card, and bank accounts to your Stash account(s) by providing your account number, card number, and other identifying information relating to your debit or credit card, billing address, and similar information.
- Whether you are a “politically exposed person,” whether you are a “control person” (pursuant to FINRA Rule 3210), annual income range, total net worth range, and other information as appropriate for our legitimate business needs.
- We may collect information derived or resulting from voluntary surveys. We may also collect Personal Information when you voluntarily provide us with Personal Information as a Visitor, such as when you use our “Contact Us” form.
- We may record any customer service calls and maintain such recordings to better improve our Services.
If you have provided us with any Personal Information, you may access, review, and/or make changes by making the changes in your registered account settings page or by contacting us at email@example.com or (800) 205-5164.
2.2 Nonpublic Personal Information
When you register to become a Customer, and at certain times following initial registration during the provision of our Services to you, we will also collect your nonpublic personal information, which means (i) any information you provide to us to obtain a financial product or service from us, (ii) any information about you resulting from any transaction involving a financial product or service between you and us, (iii) any information about a transaction, purchase or sale you are seeking to execute through the Stash Platform, or (iv) any information we otherwise obtain about you in connection with providing a financial product or service to you (collectively, the “Nonpublic Personal Information”). We may also collect Nonpublic Personal Information from Visitors who are consumers of our Platform.
2.3 Investment Style Information
When you register as a Customer, you will be asked to provide information about your investment preferences and investment style, such as, your risk tolerance, time horizon, liquidity needs, investment objectives, and investment experiences (collectively, the “Investment Style Information”). Investment Style Information may be updated or modified by you following initial registration during the provision of our Services to you.
2.4 Geolocational Information
Certain features and functionalities of the Services are based on your location. In order to provide these features and functionalities while you are using a mobile device, we may, with your consent, automatically collect geolocation information from your mobile device, wireless carrier, or certain third-party service providers. Such information is collectively called "Geolocational Information." You may decline to allow us to collect such Geolocational Information, in which case Stash may not be able to provide certain features or functionalities to you.
2.5 Information We Collect From You Automatically
We may automatically collect or receive information about you, your use of the Stash Platform, your interactions with us and our advertising and/or marketing messaging, as well as information regarding your computer or other devices used to access the Stash Platform, such as:
- Online Identifiers: operating system, browser name and version, and/or personal IP addresses.
- Biometric information: distinguishing physical or behavioral biological human characteristics used to identify a person, including, but not limited to, fingerprints, hand or facial geometry or patterns, voice characteristics, typing cadence, and signatures, and screen behavior, either singly or in combination with other identifying data.
- Device Information: type of device, device ID, Universally Unique Identifier, advertising identifiers (“IDFA” or “AdID”), operating system and version, wireless carrier, and network type.
- Usage Data: authentication data, security questions, click-stream data, public social networking posts, login data, transaction data and use of the Stash Platform (including, but not limited to, linking your external bank account to the Stash Platform, depositing funds onto the Stash Platform, or purchasing an investment), and other data collected via web beacons, pixel tags, embedded links, cookies, and other similar tracking techniques.
- Third-Party analytics: We may use third-party analytics services (for example, we use Google Analytics, Mixpanel, Braze, and others), and/or incorporate one or more third-party technologies that may collect Usage Data, Online Identifiers, and/or Device Information to evaluate your use of the Stash Platform, compile reports on activity, analyze performance metrics, and collect and evaluate other information relating to the Stash Platform and mobile and Internet usage. For more information on these third parties, including how to opt-out from certain data collection, please visit www.mixpanel.com/privacy/ or www.braze.com/privacy/. For Google, you can use the Google Analytics opt-out browser add-on at https://tools.google.com/dlpage/gaoptout?hl=en. Please be advised that if you opt out of any service, you may not be able to use the full functionality of the Stash Platform.
2.6 Children’s Data
3. Sources of Personal Information
3.1 Information Collected by or Received from Third-Party Sources
- We also use certain third-party service providers to assist with operating the Stash Platform, including, but not limited to, detecting or preventing fraud, spam, abuse, security incidents, and other harmful or illegal activity, conducting security investigations or risk assessments, or verifying or authenticating certain information or identifications provided by you. You agree to Stash sharing your information with such third-party service providers.
3.2 Information Collected by or Through Third-Party Advertising
3.3 Opt-In Consent to Marketing
Distinct from the general third-party advertising described in the above section 3.2, Stash will not share your Personal Information with non-affiliated third parties that may use your Personal Information to market to you without first obtaining your opt-in consent. By providing your opt-in consent, Stash may share your Personal Information with such non-affiliated third parties, and you permit such non-affiliated third parties to send marketing advertisements to you. If you have opted-in for this kind of sharing of your Personal Information, then you may: (i) choose to opt-out of such sharing; and/or (ii) request certain information regarding our disclosure of your Personal Information to such non-affiliated third parties in accordance with Section 8 below, in each case by contacting us by following the instructions in the “Contact Us” section below.
4. How The Information Is Used
Our primary purpose in collecting information about you is to provide you with a secure, smooth, efficient, and customized experience. We may use information about you to (1) provide, understand, improve, and develop the Stash Platform and Services, (2) create and maintain a trusted and safe environment (such as to comply with our legal obligations) and (3) provide, personalize, measure, and improve our advertising and marketing.
4.1 Provide, Improve, and Develop the Stash Platform and Services
We may use Personal Information to provide, improve, and develop the Stash Platform and Services, including, for example:
- To enable you to access and use the Stash Platform and Services.
- To fulfill our contractual obligations to you or any requests by you for support.
- To provide you with personalized suggestions and recommendations about trade recommendations, budgeting, saving money, spending, or other financial products, services, or offers that we believe may help you, based on information about your transactions, purchases, or account balances.
- To maintain or service Customer accounts, process or fulfill orders and transactions, or verify Customer information.
- To engage third-party service providers to perform certain functions on our behalf, including, for example, website hosting, mailing information, maintaining databases, ID verification, processing applications, processing and completing transactions.
- To operate, protect, improve, and optimize the Stash Platform and Services, such as by performing analytics and conducting research, such as by compiling aggregated and anonymized information about our Customers’ demographics, interests and behaviors, in order to better understand our Customer base and to develop new products, features or services.
We process your Personal Information for these purposes given our legitimate interest in improving the Stash Platform and Services and our Customers’ experience with it, and where it is necessary for the adequate performance of our contractual obligations with you. Further, to the extent you add a widget to the App through the interactive instructions displayed on your iOS or Android device, you are expressly authorizing Stash to display certain of your Personal Information, including but not limited to the value of your account, outside of the App on your iOS or Android device.
4.2 Create and Maintain a Trusted and Safe Environment
We may use Personal Information to create and maintain a trusted and safe environment, including, for example:
- To comply with our legal obligations, including detecting and preventing fraud, spam, abuse, security incidents, and other harmful or illegal activity, or to conduct security investigations and risk assessments.
- To verify or authenticate information or identifications provided by you, or to conduct checks against databases and other information sources, including background or police checks, to the extent permitted by applicable laws and with your consent where required.
- To resolve any disputes with any of our Customers and enforce our agreements with third parties.
- To conduct debugging to identify and repair errors.
- To share your Personal Information with any of our parent companies, affiliates, subsidiaries, joint ventures, or other companies that we control, are controlled by, or are under common control with us.
- To share your Personal Information with any of our third-party service providers who perform services for us and help us operate our business.
- To comply with our obligations in the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event. If your Personal Information is part of the transferred assets, you will be notified via email and/or a prominent notice on our Platform of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
- To comply with a court order or other lawful request or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Stash, (iii) act in urgent circumstances to protect the financial security of users of the Stash Platform or the public against fraud or other harm, or (iv) protect against legal liability.
We process your Personal Information for these purposes given our legitimate interest in protecting the Stash Platform and Services, to measure the adequate performance of our contractual obligations with you, and to comply with applicable laws.
4.3 Provide, Personalize, Measure, and Improve our Advertising and Marketing
We may use Personal Information to provide, personalize, measure, and improve our advertising and marketing, including, for example:
- To send you promotional messages, marketing, advertising, and other information that may be of interest to you based on your preferences and your Personal Information (including information about Stash or partner campaigns and services).
- To personalize, measure, and improve our marketing and advertising efforts.
- To administer referral programs, rewards, surveys, sweepstakes, contests, or other promotional activities or events sponsored or managed by Stash or its third-party partners.
- To communicate with you in response to your inquiries and to provide you with any requested information and updates about our Services.
- To develop one or more automated models, algorithms, or similarly designed technologies that conduct profiling based on your Personal Information, characteristics, and preferences, in order to send you promotional messages, marketing, advertising, and other information that we think, may be of interest to you.
- To share your Personal Information with third parties, including but not limited to third-party market research firms for analysis purposes and to help such third parties generate anonymized and aggregated market research data for us, or to third-party marketing partners for external ad distribution and ad optimization (including targeting or retargeting, analyzing, managing, or optimizing of ads). However, under no circumstances will we ever sell your Personal Information to third parties.
We will process your Personal Information for the purposes listed in this section, given our legitimate interest in undertaking marketing activities to offer you products or services that may be of interest to you.
5. How We Protect Your Information
The security of your Personal Information is of utmost importance to us. Stash handles sensitive financial customer data, so we’ve taken steps to secure critical systems and information. For example, we use encryption to protect and secure all of your information, from personal data (like your Social Security number) to your transaction history. We take commercially reasonable technical, administrative, and physical safeguards to protect information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. To learn more about how we protect your information, visit https://www.stash.com/security.
If you know or have reason to believe that your Personal Information or Stash account has been stolen, misappropriated, or otherwise compromised, or if you receive an unsolicited email or other electronic communication that appears to be from Stash but you suspect it may be from some other source or fraudulent, please contact us by following the instructions in the “Contact Us” section below.
6. Retention of Your Information
Information connected to you that is no longer necessary and relevant to provide our Services may be de-identified or aggregated with other non-personal data to provide insights that are commercially valuable to Stash, such as statistics of the use of the Services.
7. Communication Preferences
You have choices on the messages you choose to receive.
- As a user of the Services, we and/or our custodian(s) will send you administrative and transactional communications that are necessary to provide the Services, such as billing, brokerage, fraud, or service notifications.
- When you sign up for our Services or newsletter(s), we will send periodic emails to you regarding the Services or to tell you about services we believe will be of interest to you. To opt out of marketing emails from Stash, simply click the link labeled “unsubscribe” at the bottom of any such email we send you.
- By providing your phone number, you expressly consent to Stash and/or its agents calling or texting you using an automated telephone dialing system and/or prerecorded messages, even if you incur charges for receiving such communications. For example, we may send you informational text messages to your mobile device in order to better service your account. You can revoke your consent to receiving informational text messages at any time by replying “STOP” or following any other instructions included in these text messages. For more information about receiving marketing communications through calling or texting, please see our Stash Messaging Terms and Conditions.
8. California Residents' Privacy Rights
Effective January 1, 2023, the California Privacy Rights Act (“CPRA”), in addition to the rights already established under the California Consumer Privacy Act of 2020 (“CCPA”) (collectively referred to in this notice as “CPRA”), allows California residents, upon a verifiable consumer request and subject to applicable exemptions, to request that we give you access, in a portable and (if technically feasible) readily usable form, to the specific pieces and categories of personal information that we have collected about you, the categories of sources for that information, the business or commercial purposes for collecting the information, and the categories of third parties with which the information was shared. Where CPRA is applicable, California residents may also have the right to submit a request for deletion of information under certain circumstances. Please note that the CPRA does not apply to non-public personal information collected by financial institutions governed by certain federal regulations. As a result, the CPRA does not apply to most of the personal information that Stash collects from you as a customer.
Stash will not discriminate against those who exercise their rights. Specifically, if you exercise your rights, we will not deny you services, charge you different prices for services, prevent you from applying for future employment with Stash, or provide you a different level or quality of services. To submit a data request, please contact us by following the instructions in the “Contact Us” section below. Please note that you may be required to verify your identity before further action is taken. Please be prepared to provide us with information such as: your first and last name, the last four digits of your Social Security number, and proof of California residency to verify your identity, along with identifying with specificity which CPRA right you wish to exercise. As a part of this process, government identification may be required. Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester's valid government-issued identification, and the authorized agent's valid government-issued identification.
In the last 12 months, we collected certain categories of personal information including, but not limited to: identifiers (such as name, email address and IP address), Internet or other electronic network activity information (such as engagement with promotional messages and ads). For more details about the categories of information we collect and the categories of sources of this information, please see the “Information We Collect or Receive” and the “Sources of Personal Information” sections above. We share this information with the categories of third parties described in the “How the Information Is Used” section above.
California law permits consumers who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information, disclosed to those third parties. Stash does not share Personal Information with third parties for their own direct marketing purposes without your prior consent. Accordingly, you can prevent the disclosure of your Personal Information to third parties for their direct marketing purposes by withholding or withdrawing consent.
10. Contact Us