Date Last Revised: October 19, 2017
- are available through the Services (as defined below);
- we control, or own; or
We regularly re-evaluate our privacy and security policies and adapt them as necessary to deal with new changes in legislation and security standards. The term
means any information relating to an identified or identifiable natural person and includes, but is not limited to, such information as your name, address, phone number, fax number, email address, government identification number, location data, certain online identifiers (e.g., IP address, cookie) and financial data that consists of Financial Account Login Credentials and Financial Account Data (as defined below), but excludes business contact information.
We are committed to maintaining the confidentiality, integrity and security of any Personal Information about our Users. Salt Edge employs advanced data protection and security techniques to safeguard Users against identity theft and/or other related illicit access, use or disclosure of Users’ Personal Information. We will use commercially reasonable methods to secure your Personal Information in our files and systems.
1. Your Privacy and Personal Information is not for Sale
Salt Edge is concerned about controlling unsolicited commercial e-mail, or "spam". Salt Edge will not sell, lease or rent its e-mail subscriber lists to third parties who might use that information to spam our Users, nor will we transfer any other Personal Information to third parties unless you have consented to such transfer (e.g., by subscribing for a third party service that utilizes our Services). While we continue to review and implement new technology, we cannot guarantee that there is any technology that will totally prevent the transmission of unsolicited e-mail. Using junk e-mail tools and being cautious about the sharing of your e-mail address(es) in our public forums or blogs will reduce the amount of unsolicited e-mail you receive. Simply put, we do not and will not sell, lease or rent your Personal Information to anyone, for any reason, at any time.
2. The Services
3. Collection of Information
Although you can access some of our Services without registration, there are other Services for which you must either submit, or agree to the collection of, your Personal Information in order to enjoy their full functionality. We collect information in order to provide or improve the Services offered to all of our Users. The information is collected primarily in three ways:
- Information you give us. You may give us information directly through the Services. For example, some of the Services require you to register an account with us. In this case we will ask for Personal Information, like your name, email address, telephone number, zip code or credit card ("Registration Information"). In order for a Developer to use our Services, as part of the Registration Information we will also ask for additional information like Developer’s corporate name, address and contact information. If an End User wishes to access his/her financial account through the Services, then the End User will also be required to provide any security or access information used to authorize the End User when accessing End User’s financial account in End User’s Financial Institution, including but not limited to username, access number, password, security questions and answers, token/SMS codes, multifactor information, biometric information and device information ("Financial Account Login Credentials"). By submitting this information End User will be able to benefit from the full functionality of the Services (e.g., automated data import from Financial Institutions). We may, from time to time, request other Personal Information to provide you with other benefits of the Services. Salt Edge reserves no rights whatsoever to collect and use extra information without your consent.
Information that we collect from Financial Institutions.
Where you use the Services (either directly or through a Developer’s application) to access your financial account(s) with Financial Institution(s), we will retrieve and collect the information about your financial account
("Financial Account Data")
with that Financial Institution for the purpose of providing the Services to you, including but not limited to the following information:
- financial account holder details (including by way of example and without limitation name, address, email, phone number);
- financial account details (including by way of example and without limitation account number, type, currency, balance); and
- transactions details (including by way of example and without limitation transaction amount, date, description, currency).
- Information we get from your use of the Services. We may collect information about the Services that you use and how you use them. This includes the information collected from the use of: cookies, web beacons and other anonymous online identifiers. In addition to any Personal Information or other information that you choose to submit to us, we and our third party service providers may use a variety of technologies that automatically (or passively) collect certain information whenever you visit or interact with the Services. This information may include without limitation the browser that you are using, the URL that referred you to the Services, all of the areas within the Services that you visit, and the time of day when you access and use the Services. We may use the collected information in an anonymized aggregate way (i.e., it is not personally identifiable in this state) for a variety of purposes, including but not limited to enhancing or otherwise improving and promoting the Services. In addition, we collect your IP address or other unique identifier for your computer, mobile or other device used to access the Services.
- Web beacons - web beacons are images (single-pixel gifs) embedded in a web page or email for the purpose of measuring and analyzing website usage and activity. Web beacons or similar technologies help us better manage content on our Services by informing us what content is effective, count Users of the Services, monitor how Users navigate the Services, count how many e-mails that we send are actually opened or how many particular articles or links are actually viewed. We do not link the information gathered by web beacons to our Users’ Personal Information.
4. Use of Information
Use of Personal Information.
We use and disclose your Personal Information only as follows:
- To provide End User information (including Financial Account Data) to Developer through the Services where the Developer has received End User’s consent, through End User’s acceptance of Developer’s terms of service and/or applicable end user license agreement, that such information be shared with that Developer.
- To provide the Services to you and End Users, including providing updates on the Services and responding to your requests.
- To bill and collect money owed to us. This includes sending you e-mails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number.
- To send you and End Users system alert messages.
- To enforce compliance with our Terms of Service and applicable law.
- To provide customer support.
- To protect the rights and safety of our Users and third parties, as well as our own.
- To support and improve the Services we offer.
- To communicate with you about your account for informational, not promotional, reasons.
- To send you informational and promotional content that you may choose (or "opt in") to receive. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.
- We may provide our registered Users with summaries of their accounts and email alerts. From time to time, we may transmit emails promoting Salt Edge or third party goods or services. Any subscriber wishing to opt-out of receiving our promotional emails and to terminate their newsletter subscriptions may do so by following the instructions in the emails. Users should note that opting out in this manner will not end transmission of service-related emails, such as email alerts.
- Users’ Personal Information may be visible to our technicians and IT staff when they are troubleshooting and analyzing data import errors or other technical errors that may occur during your use of the Services.
Use of Non-Personal Information.
Salt Edge may make anonymous aggregate Personal Information and disclose such data only in a non-personally identifiable manner, including but not limited to:
- Advertisers and other third parties for their marketing and promotional purposes, such as the number of Users who apply for a credit card or click on a particular Salt Edge Partner Offer;
- Organizations approved by Salt Edge that conduct research into consumer spending; and
- Users of the Services for purposes of comparison of their personal financial situation relative to the broader community.
5. Children’s Privacy
Protecting the privacy of young children is especially important to us. For that reason, we do not knowingly collect or maintain Personal Information from persons under thirteen (13) years of age. If we learn that Personal Information of persons less than thirteen (13) years of age has been collected on or through the Website and/or Services, we will take the appropriate steps to delete this information.
6. Third Party Websites and Advertising
7. Blogs and Forums on our Website
Information submitted in our public forum, blog and bulletin board (collectively, "Forums") can be collected, read and used by other Users. Such information can also be used to send you spam or other unsolicited messages. Salt Edge is not responsible for any damage incurred whatsoever, whether known or unknown, as a result of the use of your Personal Information submitted at any Forum on our Website. The Forums may be hosted by Salt Edge or by one of our third party service providers on Salt Edge's behalf. Salt Edge encourages all Users to embrace pseudonymous identities when you are in our Forums or any other public areas of the Website.
8. Your Participation in Programs
9. Banks Integration Program
10. Contests, Giveaways and Surveys
11. Disclosures and Transfers
We have put in place contractual and other organizational safeguards with our third party service providers
("Third Party Providers")
Section 4 "Use of Information"
Section 13 "Transfer of Ownership").
Our Third Party Providers may include:
- Software developers
- Hardware vendors
- System integrators
- Payment processors
- Hosting Providers
- We may disclose your Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other Website Users, other Users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. We may disclose Personal Information when we believe in good faith that such disclosure is required by and in accordance with the law.
12. Situations that may Compel us to Disclose your Personal Information
Salt Edge, notwithstanding the foregoing, herewith reserves the right (and you authorize Salt Edge) to share or disclose your Personal Information when Salt Edge determines, in its sole discretion, that the disclosure of such information is necessary or appropriate:
- to enforce our rights against you or in connection with a breach by you of Salt Edge’s Terms of Service;
- to help curb prohibited or illegal activities that affect or hurt the interests of Salt Edge;
- when demanded by any applicable law, existing regulation, subpoena or other legal process; or
- to provide information to representatives and advisors, like attorneys and accountants, to help us comply with legal, accounting, or security requirements.
13. Transfer of Ownership
14. Data Deletion Policy
You have the right to request that your Personal Information be deleted from our primary production servers. You own your data. Anytime you want your data removed from our systems, you can request us to delete your account from our production servers by contacting us at firstname.lastname@example.org. As a result, your data will be excised permanently from our production servers and further access to your account will be impossible. Additionally, any connection(s) we’ve established to your financial account(s) in Financial Institution(s) will be disconnected. However, for purposes of ensuring continued ability to serve you in case of malfunction or damage to our production servers, we retain backups of portions of your data derived from your Financial Account Data on our backup servers. Your anonymous aggregate data may be stored on these servers indefinitely. We reserve the right to use any anonymous aggregate data derived from or incorporating your Personal Information, but we will use all reasonable endeavors to ensure that such anonymous aggregate data will not include any of your Personal Information.
You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of Registration Information. If your Personal Information changes, or if you no longer desire our Services, you may amend, supplement or delete the information by making the change at any time via the Services or by contacting us at email@example.com. However, in some instances we cannot delete all the information we hold about you. Please see further Section 17 "Data Retention" below.
15. Data Security
a) Online Confidentiality
b) Notice of Security Breach
Nobody is 100% safe from hackers. If a security breach causes an unauthorized intrusion into our systems that materially affects you or, in the case of Developer, Developer’s End Users, then Salt Edge will notify you of the security breach without undue delay and, where feasible, not later than seventy-two (72) hours after having become aware of it, by describing the nature of the security breach, the data that has been, or Salt Edge reasonably believes to have been, compromised and the immediate actions taken by Salt Edge with respect thereto. Salt Edge will later report the measures we’ve taken to mitigate potential adverse effects and prevent continuing or similar security breaches in the future.
c) Safeguarding your Information
Our Services ensure secure communications with encryption. From the time you submit your credentials, these communications between your computer and our Services are encrypted. This enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering and message forgery. To maintain your security of online sessions, and to protect Salt Edge accounts and systems from unauthorized access, Salt Edge uses a combination of firewall barriers, encryption techniques and authentication procedures, among others. Our system will always prompt you to enter your credentials for your privacy and security. The information that is collected, for example your Registration Information, is transmitted securely to our servers. Our servers may be located in different countries and the local authorities of these countries may request access to the data located on these servers. For more information, please see further Section 11 "Disclosures and Transfers". Access to our systems requires multiple levels of authentication, including biometric recognition procedures. Security personnel monitor the systems 7 days a week, 24 hours a day. Salt Edge databases are both physically and logically protected from general employee access. We enforce physical controls to our building. We make sure that your Services credentials are encrypted such that they can never be recovered even by us. No employee by Salt Edge, whether knowingly or unknowingly, should put any sensitive content on any insecure machine. Salt Edge has been verified for its use of SSL encryption technologies and audited for its privacy practices. Salt Edge tests its systems, the Website and Services infrastructure for any failure points that might allow hacking. However, it is important to understand that these precautions apply only to our Website, systems and Services. We exercise no control over how your information is stored, maintained or displayed by third parties or on third party websites.
d) Data Pseudonymisation
In addition to the technical and organizational security measures employed by Salt Edge to ensure security, confidentiality and integrity of your Personal Information, Salt Edge also uses data pseudonymisation technique when processing and storing your Personal Information in our systems by replacing the data fields which are the most identifying in a data record with pseudonyms. Personal Information which has undergone pseudonymisation can no longer be attributed to a specific individual without the use of additional information, and such additional information is kept by Salt Edge separately and is subject to technical and organizational security measures to ensure that such pseudonymised Personal Information is not attributed to an identified or identifiable natural person.
16. Access and Accuracy
You have the right to access the Personal Information we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses, handling and processing of that information. Upon receipt of your written request (which can be submitted by contacting us at firstname.lastname@example.org), we will provide you with a copy of your Personal Information stored in our systems without undue delay and at the latest within one (1) month, although in certain limited circumstances we may not be able to make all relevant information available to you such as where that information also pertains to another User. In such circumstances we will provide reasons for denial to comply with your request or any part thereof. We will endeavor to deal with all requests for access, modification or deletion of Personal Information in a timely manner.
We use our commercially reasonable efforts to keep your information accurate and up-to-date. This notwithstanding, we do not guarantee that information imported through the Services (including without limitation Financial Account Data) will at all times be accurate, complete, error-free and/or up-to-date. However, we will do our best to fix any detected errors or inconsistencies. You will have the ability to update your Financial Account Login Credentials via the Services or destroy all your Financial Account Data and Financial Account Login Credentials by deleting the connection established to your financial account in Financial Institution. Your Financial Account Data cannot be updated by Salt Edge since it's imported from your Financial Institution.
17. Data Retention
If we are processing or controlling your Personal Information, you may have a right to lodge a complaint about our data protection or privacy practices with your local privacy and data protection regulatory body. For more information, please consult the applicable privacy and data protection regulatory body for the jurisdiction in which you reside.
20. Contact Us
Salt Edge Inc.
40 King Street West, Suite 2100