Last Revised: March 2020
Our mission is to enable companies to build and launch best-in-class financial services. In order to do so, we provide the technology link between our partner bank(s) and our partners (Platforms), enabling our Platforms to enable users like you to have access to certain banking services.
In this Policy, “Services”refers to any products, services, content, features, technologies, or functions made available to you by Synapse as a technology service provider of our partner bank(s) via the website and/or phone application of the Platform. The terms “Synapse,” we”, “us” or“our” shall refer to Synapse Financial Technologies, Inc. The terms “you” or“your” shall refer to any individual or entity who accepts this Policy.
We may, in our sole and absolute discretion, change or modify this Policy, and any policies or agreements which are incorporated herein, at any time, and such changes or modifications shall be effective immediately upon posting to the Website. No revision or update will apply to a dispute which we had actual notice of prior to the date we posted the changes or modifications. We will notify you of such changes or modifications by posting them to the Website, and your use of theServices after such changes or modifications have been posted (as indicated by a “Last Revised” date) shall constitute your acceptance of the Policy as last revised. If you do not agree to the Policy as last revised, do not use (or continue to use) the Services.
Applicability and Scope
Information provided to third parties, such as our Platforms, shall be controlled by their respective privacy policies. We encourage you to review the privacy policies or notices of the Platform or other third parties for information about their practices.
Collection of Information.
We collect public and non-public information (i) when you visit our Website; (ii) when you communicate with us via our customer support channels; (iii) when you apply or sign up to use any of our Services via a Platform; (iv) when you communicate with our partner bank(s) or Platform; (v) we collect through third-party service providers and other sources; (vi) through online research on social media and websites, which may not be publicly available; and (vii) when you use any of our Services directly or via a Platform.
As a third-party service provider and agent of the bank partner(s) we collect data on behalf of the partner bank(s) to comply with applicable law and financial services regulation.
We also collect information in order to verify your identity when you apply or sign up to receive a service from us or our partner bank(s).
Types of Personal Data Collected
The information we collect may vary according to the Service we will be providing to you and your use of the Services.
We may collect the following information about individuals or businesses (“Data”):
Individuals’ Information: name or aliases, physical address, work address, phone number, email address, IP address, date of birth, gender, social security number or other tax identification number, result of sanctions screenings, government ID, photo identification, selfie, or video authorization, images of your face on your identification document (e.g., government-issued identification card) and/or video, your biometric facial identifiers, and other additional information you may provide, or additional information we may additionally request you to provide;
Business’ Information: entity legal name or aliases, including “doing business as” names, physical address, phone number, legal entity type, industry, organizational documents (e.g. articles of incorporation and bylaws), employer identification number, or other information relating to your authorized signors or beneficial owners, which may include the Individuals’ Information as provided above, or additional information we may additionally request you to provide;
External Bank Account Information: external financial institution name, account name, account type, branch number, account number, routing number, international bank account number (“IBAN”), information, data, passwords, authentication questions, materials or other content, transaction and available balance information;
Financial Data of Your Account With Us and Our Partner Bank: transactions and transaction history, including but not limited to ACH, Wire and card transactions, available account balance, card data, loan and debit amounts, loan types, payment plan, loan balance, linked bank accounts, salary and other income, sources of wealth, and other assets;
Background Check Data: background check information including credit and criminal checks, supporting research, and screenings, to the extent required or permitted by local law;
Recipients’ or Senders’ Data: when you send or request money through the Services, we may collect data such as name, postal address, telephone number, IP address, date of birth, and financial account information about the recipient or sender of the funds. The extent of data required about a recipient or sender may vary depending on the Services you are using to send or request money;
Third-Party Sources: we may obtain information from third-party sources such as Platform, merchants, recipients and senders of funds, data providers, identity verification providers, and credit bureaus, where permitted by law.
Digital Identity Information:
Services Metadata: when you interact with the Services, metadata is generated that provides additional context about the way you interact with the Services.
Log Data: our servers may automatically collect information about your visit to the Website and to Platform’s websites or mobile applications, including IP addresses and associated information, the address of the website visited before using the Website, browser type and settings, the date and time the Services were accessed and used, information about browser configuration and plugins, language preferences.
Device Information: your device “fingerprint” (e.g. hardware model, operating system and version, unique device identifiers and mobile network information) when you access our Website or use a Service via a Platform.
Location Information: we may receive information from you that helps approximate your location, such as using an IP address received from your browser to determine an approximate location. Further, we may also collect location information from devices in accordance with the consent process provided by your device.
Retention of Information
We retain your information to fulfill our legal or regulatory obligations and for our business purposes. We may retain your Data for longer periods than required by law if it is in our legitimate business interests and not prohibited by law.
All Data are stored in encrypted format in Synapse’s database.
Purposes of Collection and Use of Information
We use the information we collect or receive to operate, improve, and protect the Services we provide and to develop new Services.
More specifically, we collect and use your information:
To provide the Services, perform obligations under our agreements, and carry out related business functions, including performing data and transaction processing, conducting credit checks, handling user inquiries, and managing relationship;
To develop, improve, enhance, modify, add to, and further develop our Services;
To comply with legal obligations and regulations applicable to the Services and to our partner bank(s), including but not limited to “know your customer” obligations based on applicable anti-money laundering and anti-terrorism requirements, economic and trade sanctions, customer due diligence, suspicious activity reporting, foreign exchange and international trade, tax reporting and other applicable laws, regulations, ordinances, and obligations or requirements;
To confirm a person’s authority as a representative or agent of a user;
To conduct record keeping and otherwise manage the business;
To verify you, your identity, that the data provided is credible, and prevent fraud;
To protect you, our Platforms, or Synapse from fraud, malicious activity, and other privacy and security-related concerns;
To provide customer support to you or to our Platforms including to help respond to your inquiries related to our Services or our Platforms’ applications or website;
To send you technical notices, updates, security alerts and support and administrative messages;
To investigate any misuse of our Services or our Platforms’ applications or websites, including criminal activity or other unauthorized access to our Services;
For any other purpose with your consent.
We may use raw data or aggregated and anonymized data for the purposes provided in this Policy.
We use machine learning and facial recognition to verify the legitimacy of your identification documents, verify the factualness and credibility of the information you provide to us, and avoid fraud, by, among other actions, comparing biometric data with data previously or separately obtained. Based on the submitted identification document, Synapse programmatically creates a feature vector of the face displayed in such document and stores it in encrypted format in Synapse’s database. The vector cannot be used to reconstruct the original image. When a new user creates an account, Synapse programmatically compares that user’s vector against others in its database to help detect potential cases of identity theft. As with all Data, Synapse does not sell or rent the image, likeness, or vector to anyone, including marketers or other third parties, and does not use your Data for commercial purposes other than identity verification, financial loss mitigation, and regulatory compliance.
Synapse takes your privacy seriously. We do not sell or rent your information to marketers or other third parties.
We do share your information with third parties as described in this Policy. We may share some of your information:
With the Platform you are using to have access to our Services for the purposes of offering services to you and providing customer service to you. You understand that Platform may have access to all Data;
For our everyday business purposes, such as processing your transactions, maintaining your account(s), or reporting to credit bureaus;
With other companies that provide services to us, such as identity verification service providers, fraud prevention service providers, credit bureaus, or collection agencies;
With other parties to transactions when you use the Services, such as other users, merchants, and their service providers. We may share your information with other parties involved in processing your transactions. This includes other users that you are sending or receiving funds from, and merchants and their service providers. This information might include: (i) information necessary to facilitate the transaction and (ii) information to help other participant(s) resolve disputes and (iii) detect and prevent fraud;
To information technology providers or other service providers around the world that act under our instructions regarding the processing of certain data ("Vendors"). Vendors will be subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the information, and to process information only as instructed;
To independent external auditors or other service providers around the world. Such service providers will be subject to any necessary contractual obligations regarding the protection and processing of such Data;
In connection with a change of ownership or control of all or part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
To support our audit, compliance, and corporate governance functions; and
With your consent or direction.
Subject to applicable law, we may disclose Data if required or permitted by applicable law or regulation, including laws and regulations of the United States and other countries, or in the good faith belief that such action is necessary to: (a) comply with a legal obligation or in response to a request from law enforcement or other public authorities wherever Synapse may do business; (b) protect and defend the rights or property of Synapse; (c) act in urgent circumstances to protect the personal safety of users, Platforms, and contractors/employees of Synapse or others; or (d) protect against any legal liability. In addition, Synapse may share your Data with U.S. regulators and with other self-regulatory bodies to which we are subject, wherever Synapse may do business.
Protection of your Information
Synapse takes commercially reasonable measures to help protect your information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Additionally, we implement policies designed to protect the confidentiality and security of your nonpublic personal information.
Unless otherwise specified in this Policy, Synapse limits access to your information to employees that have a business reason to know such information, and further implements security practices and procedures designed to protect the confidentiality and security of such information and prohibit unlawful disclosure of such information in accordance with its policies.
California Consumer Privacy Act (CCPA) Information
The CCPA requires companies, such as Synapse, to make certain additional disclosures and provides California residents with the ability to request certain additional information about their personal information and Data collected.
CCPA does not apply to personal information and Data that is collected, processed, sold or disclosed pursuant to:
Gramm-Leach-Bliley Act (Public Law 106-102), the federal privacy regulation. Generally, this will apply to any personal information obtained in connection with Synapse enabling you access to the financial products or services or Synapse’s partner banks; or
Fair Credit Reporting Act (12 CFR 1022). Generally, this will apply to personal information and Data related to credit history or credit worthiness.
The CCPA grants California residents certain rights around the personal information and Data that is collected about them, as below:
Right to Know About Personal Information Collected and/or Disclosed:
California residents have the right to request information about their personal information that Synapse has collected in the preceding 12 months. Upon our receipt of a verifiable request from you, we will disclose the following information:
The categories of personal information we have collected about you.
The categories of sources from which the personal information was collected.
The business or commercial purpose for collecting your personal information.
The categories of third parties with whom we share your personal information.
The specific pieces of personal information we have collected about you.
The CCPA allows California residents to submit a maximum of two (2) requests in any 12-month period.
Right to Request Deletion of Personal Information:
California residents have the right to request that Synapse delete any personal information about you which we have collected from you.
This right to request deletion does not apply to any of your personal information that is subject to an exception in the CCPA, for example, where we need to retain the personal information to complete a transaction for which the personal information was collected, to prevent fraud or to comply with a legal obligation.
Right to Opt-Out of the Sale of Personal Information:
Synapse does not sell any Data and will not sell any Data without providing you with prior notice and an opportunity to opt-out, as required by law.
Right to Non-Discrimination:
Synapse does not discriminate against any California resident who exercises any of the rights described above. This includes denying goods or services; charging different prices or rates; or providing a different level of service or quality of goods or services.
CCPA Information Requests
California residents can submit a request, by either by sending an email to firstname.lastname@example.org
or by calling us at +1 (833) 953-1299
, Monday through Friday from 10:00 a.m. to 5:00 p.m. PST.
Synapse is required to verify the identity of the requester before answering to any request for information or deletion of Data.
California residents have the option to designate an authorized agent to submit a request on their behalf. To do this, the authorized agent must inform that an “authorized agent” is submitting the request on a consumer’s behalf and provide all of the required information for identity verification, along with proof of authorization in the form of a notarized authorization form, signed by the California resident who is the subject of the request. We will also contact the California resident directly to verify the request.
We will respond to requests within 45 days and will notify the requester if we need additional time.
Access of Services and Website by Children
This Website and the Services are not directed at children under 13. We do not knowingly collect Data from children under 13. If a parent or guardian becomes aware that his or her child has provided us with Data without the parent or guardian’s consent, he or she should contact us using the information below (“Contact”).
If you have any questions about this Policy, please contact us by email, telephone, or postal mail.
Hours. Customer Service agents are available to answer your calls:
Eastern Time (USA): Monday through Friday: 10:00 AM – 5:00 PM.
Central Time (USA): Monday through Friday: 10:00 AM – 5:00 PM.
Pacific Time (USA): Monday through Friday: 10:00 AM – 5:00 PM.
Postal mail: Synapse Financial Technologies, Inc., P.O. Box 636, 150 Sutter Street, San Francisco, CA 94104-9991