Last modified May 11, 2021
2. Data We Collect From You
When you create, update, and/or an account for the Services with us, you provide us with data, including Personal Information, about yourself, including, without limitation:
- your name
- your email address(es)
- your device’s unique identifier
- your username
- your password
- any other information that you elect to share or provide us access to, including Personal Information that may identify you individually
To the extent you choose to use the applicable components of the Services, you are also agreeing to share financial information with us, including, but not limited to, your account credentials, transactional history, account numbers, and balances/limits as well as general identity data including the name(s) and address(es) of all account holder(s). You are enabling us to interact with and through your financial institutions on your behalf and with your consent, which will take place, in part, through Plaid Technologies, Inc., a Third-Party Provider we use to help us facilitate certain aspects of the Services, as described further below in this section.
Additionally, if and when you use the Services to make payments of any kind, you may provide us (or our third-party payment processors) additional Personal Information including financial information (such as your credit/debit card information, address, date of birth, or other information). We endeavor to store very little, if any, payment-related financial information that we collect from you and instead, such payment-related financial information is typically stored by our third-party payment processors. We encourage you to review their privacy policies and to contact them directly if you have questions relating to your data, including Personal Information, as it relates to such payments.
We may also collect other information from you related to your use of the Services and your interactions with our Services (while this information may not typically contain Personal Information, we are not responsible for the content of such information). This information includes any such information that you affirmatively provide to us, and may include the following:
- Log Data. Like most websites and web-based technology services, our servers may automatically collect data when you access or use the Services and record it in log files. Such may include your Internet Protocol (IP) address, Internet service provider (ISP), geographic location, browser type and settings, information about browser plugins, language preference, default email application, referring/exit websites, operating system, date and time stamp, cookie data, and certain user activities.
- Services Activity. We may collect details regarding your activity on the Services, such as search queries, amount of time spent viewing pages, and other performance and usage data.
- Technical Data. We may collect technical data, such as information about devices accessing the Services, including the type of device, device settings, operating system, application software, peripherals, and unique device identifiers, phone number, country, location, and any other data you choose to provide. We do not intentionally relate this to any individual user of the Services.
- Third-Party Services. You may elect to use certain Third-Party Services that we make available in connection with your use of the Services. As noted above, information you provide to such Third-Party Services is subject to the privacy policies and practices of the provider of the applicable Third-Party Service. Additionally, once enabled, it is possible that the Third-Party Services may share certain data with us to effectuate integration between our Services and theirs. You should check the privacy settings and notices of any Third-Party Services you elect to use in connection with the Services to understand what data may be disclosed to MerryDiv. We may receive data regarding your credentials for and use of the applicable Third-Party Services, such as your username, your unique identifier, and your information transmitted from or made available with permissions by such Third-Party Services (e.g., account profile, gender, age range, language, geographic region, etc.).
- Additional Information Provided to Us. We receive data when submitted to or through our Services, or if you contact us (whether by email, telephone, written correspondence, web-based forms, or otherwise), request support, interact with our social media accounts, or otherwise communicate with us.
3. No Sensitive Personal Information; No Children’s Data
We do not intentionally collect, process, or store, and we request that you do not post, upload, store, display, transmit, or submit Sensitive Personal Information on or through the Services, except to the extent directly and expressly requested in connection with the relevant aspect of the Services. “Sensitive Personal Information” includes, but is not limited to, government-issued identification numbers; consumer reports; background checks; any code or password that could be used to gain access to personal accounts (other than your password to your account); genetic data or biometric data; any Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; or data concerning health or sex life or sexual orientation. or similar information. We are not responsible and will not be liable for any loss or damages you or another individual may experience due to your disclosure of Sensitive Personal Information while using the Services.
The Services are not directed to or intended for children, and we do not intentionally collect, process, or store through the Services any Personal Information from any person under 13 years of age. In the event we discover we have inadvertently collected, processed, or stored any Personal Information from a person under 13 years of age without verifiable parental consent, we will promptly take the appropriate steps to delete such data or seek the necessary verifiable parental consent for that collection in compliance with the Children’s Online Privacy Protection Act (“COPPA”). We request that users not provide us with any Personal Information of any person under 13 years of age.
4. How and Why We Use Data
- Providing and Improving the Services. To make the Services available, to manage user requests and interactions with the Services (e.g., login and authentication, modifying settings, etc.), to facilitate hosting and back-end infrastructure for our platform, including by our Third-Party Providers, to analyze and monitor usage, and to monitor and address service performance, security, and technical issues.
- Third-Party Applications/Services. With your permission, third-party applications or services may access your Personal Information. We use standard OAuth (open authorization) to enable you to give permission to share your Personal Information with other websites and services, such as LinkedIn, Facebook and Twitter (e.g., when you agree to a pop-up requesting you to allow another application to access your account information). We also use OAuth to allow us to share information about you that is stored by us without sharing your security credentials.
- Improving the Services. To test features, manage landing pages, heat mapping, traffic optimization, data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using Third-Party Providers to do this.
- Support Services. To respond to support requests and otherwise provide support for and resolve problems with the Services.
- Communications. To send service, technical, and administrative emails, messages, and other communications. Service-related communications about changes to the Services and important Services-related notices, such as maintenance and security announcements, are essential to delivery of the Services and you cannot opt-out of these communications. Marketing communications, if any, about new product features, offerings, and other news about MerryDiv are optional; you have the choice whether or not to receive them and you may opt out by using the unsubscribe mechanism in such communications.
- Account Management. To contact you in connection with account management, feedback, and other administrative matters related to your account with us and the Services.
- Security Purposes. To help prevent and investigate security issues and abuse.
- Legal Obligations. To comply with legal obligations as required by applicable law, legal process, or regulations as described above.
5. How We Share and Disclose Data
We cooperate with law enforcement inquiries, as well as other third parties, to enforce laws such as those regarding intellectual property rights, fraud and other personal rights. WE CAN (AND YOU AUTHORIZE US TO) DISCLOSE ANY INFORMATION ABOUT YOU TO LAW ENFORCEMENT, OTHER GOVERNMENT OFFICIALS OR ANY OTHER THIRD PARTY THAT WE, AT OUR SOLE DISCRETION, BELIEVE NECESSARY OR APPROPRIATE IN CONNECTION WITH AN INVESTIGATION OF FRAUD, INTELLECTUAL PROPERTY INFRINGEMENT OR OTHER ACTIVITY THAT IS ILLEGAL OR MAY EXPOSE US, OR YOU, TO LIABILITY.
Subject to the above paragraphs, we may share or disclose information about you as follows:
- With Your Consent. We may disclose your data, including Personal Information, to third parties when we have your express consent to do so. This includes any information that you post to your user page or otherwise on our Site, App and/or via the Services – by publishing such information via the Site, App or Services, you consent to our disclosure of this information.
- By Law or to Protect Rights. If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.
- Interactions with Other Users; Postings. If you interact with other users of the Services, those users may see identifying information and descriptions of your activity that you make available to them and/or authorize us to share with specific users or specific agreed-upon groups of users. If you post comments, contributions or other content in any other way connected to the Services, your posts may be viewed by other users and may be publicly distributed outside the Services.
- Third-Party Providers. As described above, we engage third parties to process data in support of delivering of the Services (“Third-Party Providers”). We may share your data, including Personal Information, with Third-Party Providers (e.g., email services, platform hosting, cloud computing services, data storage and processing facilities) to the extent reasonably necessary to let them perform business functions and services for us or on our behalf in connection with the provision of the Services. For example, we use to provide the Services are not physically located at our facilities, but rather are operated by a third-party Infrastructure-as-a-Service provider (an “IAAS provider”). We have taken commercially reasonable steps to choose a professional and reputable IAAS provider and to ensure that such IAAS provider and our other Third-Party Providers use appropriate security measures in light of the risks and nature of the data being protected and consistent with industry norms. Still, it is impossible to guarantee that the security measures taken by our Third-Party Providers will be adequate in all circumstances, and by using the Services, you understand and agree that we have no liability for the action, behaviors or failings of such Third-Party Providers.
- Third-Party Services. You may enable or permit integrations with or use of Third-Party Services in connection with the Services. When enabled, we may share certain data with such Third-Party Services as requested to effectuate the integration, including data regarding your credentials related to the Services. As mentioned above, Third-Party Services are not owned or controlled by MerryDiv and third parties that have been granted access to your data may have their own policies and practices for its collection and use; you should check the privacy settings and notices of these Third-Party Services to understand their privacy practices.
- Changes to Our Business. If MerryDiv engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of its assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g., due diligence), we may share or disclose data in connection therewith, subject to reasonable confidentiality obligations.
- Aggregated or De-Identified Data. If any data is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person or household (in the case of aggregated data) or no longer capable of being associated with or relinked with any identifiable natural person or household (in the case of de-identified data), we may use or disclose such aggregated or de-identified data for any purpose. For example, we may share aggregated or de-identified data with prospects or partners for business or research purposes, such as statistical analysis, to research trends and predictive analysis, or to develop or improve the Services.
- Enforcement of Agreements. We may disclose data to ensure compliance with and to enforce contractual or legal obligations with respect to the Services and our business, including any applicable lease agreements.
- Protection of Rights. We may disclose data to protect and defend our rights and property, including intellectual property rights, and to ensure compliance with applicable laws and enforce third party rights, including intellectual property and privacy rights.
- Safety and Security. We may disclose data to protect your safety and security; to protect the safety, security and property of our users; and to protect the safety, security, and property of MerryDiv and our employees, agents, representatives, and contractors.
Generally, we maintain all information you submit to us until you affirmatively change or delete such information. This allows us to help ensure full functionality of the Services. To dispose of Personal Information, we may anonymize it, delete it, or take other appropriate steps. Your data, potentially including Personal Information, may persist in copies made for backup and business continuity purposes for additional time.
7. Security Measures
We maintain physical, technical, and administrative procedures to protect the data we collect and to secure it from improper of unauthorized use. We work hard to protect data in our custody and control from loss, misuse, and unauthorized access, use, disclosure, modification, or destruction, and to use industry-standard security measures to ensure an appropriate level of security in light of reasonably available methods in relation to the risks and nature of the information we collect.
- You provide information to us, including your Personal Information, at your own risk.
- No data transmission over the Internet is guaranteed to be 100% secure, and we cannot guarantee that unauthorized access, hacking, data losses, or other breaches will never occur.
- You are responsible for protecting your account information related to the Services, including any applicable credentials, log-ins, passwords, etc. and for ensuring that they are not used by others to access the Services.
8. International Data Transfers
9. California-Specific Notices
Pursuant to Section 1798.83 of the California Civil Code, California residents have the right to request from a business with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. We do not disclose your Personal Information to third parties for any third parties’ direct marketing purposes. If you reside in California, you can prevent future disclosures for direct marketing purposes of your Personal Information, at no charge, by indicating to us your intent to opt out of such disclosures in a message addressed to the email address or physical mailing address provided under the “Contact Us” heading below.
10. Other Jurisdiction-Specific Notices
Although we do not direct our website specifically toward residents of the European Union (“EU”), some EU residents’ data may be collected by virtue of our users’ use of our Services. Collection and storage of any EU resident’s data by us is minimal and incidental.
Notwithstanding the foregoing, if you are an EU resident and would like to request that your data be securely removed from our systems, however collected, please send an email with proof of EU residency to firstname.lastname@example.org. We will endeavor to remove all relevant data, so long as that removal is technically feasible, does not impact the legitimate accounting or business practices of our customers, and does not violate other regulatory or legal standards with which we must comply. We will also cooperate with our customers in good faith to address any requests they receive or that may impact them directly.
You may contact us at: