December 22, 2021
Welcome to www.envel.ai! This website is operated by Envel, Inc. ("Envel", "we", "our" or "us"). We are incorporated in Delaware and located at 75 State Street, Suite 100, Boston, MA 02109. You can reach us directly via email at email@example.com.
Envel is committed to the privacy and security of its customers
I. What is the purpose of this Policy
II. What is the minimum age of our users
To use our website, mobile app, and any other products or services offered by nbkc bank, Member FDIC you need to be at least 18 years old, 19 in Alabama and Nebraska, and 21 in Mississippi and Puerto Rico. We do not knowingly collect, use, or disclose personal information from users younger than 18 and if we find that we have collected information from users who do not meet the minimum age requirements, we will make reasonable efforts to delete the data immediately from our files. Please contact Envel customer support (firstname.lastname@example.org) if you believe that someone under the age of 18 has opened an account or provided us with personal information.
III. What is personal and non-personally identifiable information
Personal information is any information that can be used to identify any user as an individual (such as name, address, phone number, etc.), while non-personally identifiable information is information that cannot be used to identify a user as an individual.
IV. What information we collect from you
We collect the following categories of information from you: 1. Personal information, such as name, username, phone number, e-mail address, mailing address, personal ID details, and bank account details. We need this information in order to create and maintain your account with us and to be able to communicate with you. 2. Information about your transactions made on our website and our services and products, such as transactional data, purchase data, savings data, etc. 3. Location data, provided that your GPS tracking technology has not been switched off. 4. Device and user analytics data, such as browsing actions and patterns, including but not limited to: details of your visits to the Website, including traffic data and logs; your search queries; communication data; information about your device and internet connection, including your IP address and location, operating system and browser type, WiFi information such as SSID, mobile carrier, phone type and unique device identifier.
VI. How we collect your personal and non-personal information
We collect personal user information upon subscription to our services and also when you interact with us electronically or in person, when you access and use our Website and Applications and when we provide our services and products to you.
VII. Why we collect and process your personal information
We collect your personal information based on the explicit consent you have provided for the processing of your personal data. Upon subscribing to our services and your acceptance of our Terms of Service, a contract is formed between you and us, and we process the information that you give us based on that contract. We may also process personal information where such processing is in our legitimate interests and is not overridden by your data protection interests or fundamental rights and freedoms.
VIII. How we use your information
IX. How long we keep your data
We will store your personal information for as long as you use our products and services and to the extent necessary to comply with our legal obligations. You have the right to request that your personal information be permanently removed from our system and database at any time by sending an e-mail to email@example.com.
X. Whom we share your information with
We do not share personal information collected from you with other companies or individuals; however, we may disclose personal and non-personally identifiable information with third party service providers engaged by us to provide technical support, hosting services, testing, network security or statistical services. Any such disclosure will be subject to confidentiality obligations. We reserve the right to disclose information from or about you if we have a good faith belief that such investigation or disclosure: (a) is reasonably necessary to comply with legal processes and law enforcement instructions and orders, such as a search warrant, subpoena, statute, judicial proceeding, or other legal process or law enforcement requests served on us; (b) is helpful to prevent, investigate, or identify possible wrongdoing in connection with the products and services we provide; or (c) protects our rights, reputation, property, or that of our users, affiliates, or the public. If you complain to us about content submitted through the Website, we may share the substance of your complaint with the contributor of that content in order to provide an opportunity for the contributor to respond. We will not sell or pass your personal information on to any third parties for their marketing purposes.
XI. How we keep your information secure
We take reasonable measures and precautions designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. All personal information that we collect and store is fully encrypted and anonymized; it is stored on secure Amazon Web Services Cloud with full cybersecurity protection. We restrict physical access to personal information to those employees, contractors and agents only who need to have access to the information in order to provide, operate, develop or improve our products and services. These individuals are bound by confidentiality obligations and are subject to discipline if they fail to meet these obligations. Additionally, it is also your responsibility to keep your personal information and account details confidential and not share them with anyone.
XII. What are your rights regarding your data
As a user, we will let you have the option to delete or correct data and control the visibility of your Website submissions. We will provide you with access to your personal information so that you can: 1) Delete your data (you can request that we erase or delete all or some of your personal data); 2) Change or correct your data (you have the option to edit some of your personal data through your account. You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate); 3) Object to, or limit or restrict, use of data. You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held); 4) Right to access and/or take your data (you can ask us for a copy of your personal data and for a copy of personal data you provided in machine readable form). You may send us an e-mail at firstname.lastname@example.org to request any or all of the above.
XIII. Your rights if you are a California resident
If you are a resident of the State of California, California Civil Code Section § 1798.83 permits you to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to email@example.com or write us at: 75 State Street, Suite 100, Boston, MA 02109.
XV. How to contact us
Effective Date: December 30, 2019
Please note: this Policy applies to Plaid Inc. and its subsidiaries, including Plaid Financial Ltd. and Plaid, B.V. (collectively, “Plaid”, “we”, “our”, and “us”). To determine the relevant Plaid entity that is responsible for processing your information, please see the “Contacting Plaid” section below.
II. First, Some Background
A quick note about Plaid Our mission at Plaid is to empower innovators by delivering access to the financial system. Our technology provides an easy way for you to connect your bank account and other financial accounts to software applications that can help you do things like save for retirement, manage your spending, streamline credit applications, or transfer money. These software applications are built and provided by our business customers (we’ll call them “developers” here), and powered by Plaid. By delivering access to high-quality, usable financial account data that we’ve translated and standardized, we enable developers to focus on building experiences that benefit you. About this Policy Our goal with this Policy is to provide a simple and straightforward explanation of what information Plaid collects from and about end users (“End User Information”), and how we use and share that information. We value transparency and want to provide you with a clear and concise description of how we treat your End User Information. Please note that this Policy only covers the information that Plaid collects, uses, and shares. It does not explain what developers do with any End User Information we provide to them (or any other information they may collect about you separately from Plaid). This Policy also does not cover any websites, products, or services provided by others. We encourage you to review the privacy policies or notices of developers or those third parties for information about their practices.
III. Information We Collect and Categories of Sources
As explained in greater detail below, Plaid has collected identifiers, commercial information, electronic network activity information, professional information, inferences, and other types of End User Information. Information you provide. When you connect your financial accounts with a developer application or otherwise connect your financial accounts through Plaid, where applicable, we collect identifiers and login information required by the provider of your account, such as your username and password, or a security token. In some cases, we also collect your phone number, email address, security questions and answers, and one-time password (OTP) to help verify your identity before connecting your financial accounts. When providing this information, you give the developer and Plaid the authority to act on your behalf to access and transmit your End User Information from the relevant bank or other entity that provides your financial accounts (we’ll call them “financial product and service providers” in this Policy). You may also provide us with identifiers and other information, including your name, email address, and phone number, when you contact us or enter any such information on our websites. Information we collect from your financial accounts. The information we receive from the financial product and service providers that maintain your financial accounts varies depending on the specific Plaid services developers use to power their applications, as well as the information made available by those providers. But, in general, we collect the following types of identifiers, commercial information, and other personal information from your financial product and service providers:
- Account information, including financial institution name, account name, account type, account ownership, branch number, IBAN, BIC, and account and routing number;
- Information about an account balance, including current and available balance;
- Information about credit accounts, including due dates, balances owed, payment amounts and dates, transaction history, credit limit, repayment status, and interest rate;
- Information about loan accounts, including due dates, repayment status, balances, payment amounts and dates, interest rate, guarantor, loan type, payment plan, and terms;
- Information about investment accounts, including transaction information, type of asset, identifying details about the asset, quantity, price, fees, and cost basis;
- Identifiers and information about the account owner(s), including name, email address, phone number, date of birth, and address information;
- Information about account transactions, including amount, date, payee, type, quantity, price, location, involved securities, and a description of the transaction; and
- Professional information, including information about your employer, in limited cases where you’ve connected your payroll accounts.
IV. How We Use Your Information
We use your End User Information for a number of business and commercial purposes, including to operate, improve, and protect the services we provide, and to develop new services. More specifically, we use your End User Information:
- To operate, provide, and maintain our services;
- To improve, enhance, modify, add to, and further develop our services;
- To protect you, developers, our partners, Plaid, and others from fraud, malicious activity, and other privacy and security-related concerns;
- To develop new services;
- To provide customer support to you or to developers, including to help respond to your inquiries related to our service or developers’ applications;
- To investigate any misuse of our service or developers’ applications, including violations of our Developer Policy, criminal activity, or other unauthorized access to our services; and
- For other notified purposes with your consent.
V. Our Lawful Bases for Processing (EEA and UK End Users Only)
For individuals in the European Economic Area (“EEA”) or the United Kingdom (“UK”), our legal basis for processing your End User Information will depend on the information concerned and the context in which we collected or processed it. Generally, however, we will normally only collect and process End User Information where:
- we need to fulfill our responsibilities and obligations in any contract or agreement with you (for example, to comply with our end user services agreements);
- to comply with our legal obligations under applicable law;
- the processing is necessary for our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (for example, to safeguard our services; to communicate with you; or to provide or update our services); and
- you have given your consent to do so.
VI. How We Share Your Information
We share your End User Information for a number of business purposes:
- With the developer of the application you are using and as directed by that developer (such as with another third party if directed by you);
- To enforce any contract with you;
- With our data processors and other service providers, partners, or contractors in connection with the services they perform for us or developers;
- If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena);
- In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
- Between and among Plaid and our current and future parents, affiliates, subsidiaries and other companies under common control or ownership;
- As we believe reasonably appropriate to protect the rights, privacy, safety, or property of you, developers, our partners, Plaid, and others; or
- For any other notified purpose with your consent.
VII. Our Retention Practices
We retain End User Information for no longer than necessary to fulfill the purposes for which it was collected and used, as described in this Policy, unless a longer retention period is required or permitted under applicable law. As permitted under applicable law, even after you stop using an application or terminate your account with one or more developer, we may still retain your information (for example, if you still have an account with another developer). However, your information will only be processed as required by law or in accordance with this Policy. Please refer to the “Your Data Protection Rights” section for options that may be available to you, including the right to request deletion of End User Information. You can also contact us about our data retention practices using the contact information below.
VIII. Some Final Details…
International Data Transfers We operate internationally, and as a result, will transfer the information we collect about you across international borders, including from the EEA or UK to the United States, for processing and storage. To the extent that the information we collect about you is transferred from the EEA to territories/countries for which the EU Commission has not made a finding that the legal framework in that territory/country provides adequate protection for individuals' rights and freedoms for their personal data, we will transfer such data consistent with applicable data protection laws, including through the use of the EU Commission-approved standard contractual clauses. You can ask for a copy of these standard contractual clauses by contacting as set out below.
IX. Your Data Protection Rights
Under applicable law, and subject to limitations and exceptions provided by law, if you are located in the EEA or UK, and in certain other jurisdictions, you may have certain rights in relation to the End User Information collected about you and how it is used, including the right to:
- Access End User Information collected about you;
- Request that we rectify or update your End User Information that is inaccurate or incomplete;
- Request, under certain circumstances, that we restrict the processing of or erase your End User Information;
- Object to our processing of your End User Information under certain conditions provided by law;
- Where processing of your End User Information is based on consent, withdraw that consent;
- Request that we provide End User Information collected about you in a structured, commonly used and machine-readable format so that you can transfer it to another company, where technically feasible; and
- File a complaint regarding our data protection practices with a supervisory authority (if you are in the EEA or UK, please refer to the following link for contact details: https://edpb.europa.eu/about-edpb/board/members_en).
- To request access to more details about the categories and specific pieces of personal information we may have collected about you in the last 12 months (including personal information disclosed for business purposes);
- To request deletion of your personal information;
- To opt-out of any “sales” of your personal information, if a business is selling your information; and
- To not be discriminated against for exercising these rights.
X. Changes To This Policy
We may update or change this Policy from time to time. If we make any updates or changes, we will post the new policy on Plaid’s website at https://plaid.com/legal and update the effective date at the top of this Policy. We will also notify developers of any material changes in accordance with our developer agreements, as they are generally best positioned to notify their end users about such changes to this Policy, as appropriate.
XI. Contacting Plaid
If you have any questions or complaints about this Policy, or about our privacy practices generally, you can contact us at firstname.lastname@example.org or by mail at:
If you reside outside the EEA or UK:
PO Box 7775 #35278
San Francisco, California 94120-7775
If you reside in the EEA or UK:
Plaid Financial Ltd.
New Penderel House, 4th Floor
283-288 High Holborn
London, United Kingdom, WC1V 7HP