Privacy Rights Policy
Last updated on August 6, 2023
Our commitment to privacy
jaris, inc. and its affiliates and subsidiaries (collectively, “jaris”) know that you care about how your personal information is used and we take your privacy seriously. Our primary goal is to provide you with exceptional service. We understand that you may have questions or concerns regarding your personal information and sensitive personal information and how it will be used or shared. To make our Privacy Policy easy to find, we've made it available on the home page of the jaris website at jaris.io (the "Site"). You may also email us at privacy@jaris.io with any privacy-related questions you may have.
Applicability of privacy policy
This Privacy Policy applies to all information we and our affiliates collect from current and former jaris users, including you. When you are no longer our customer, we may continue to use and share your information as described in this policy.
Unless indicated otherwise, throughout this policy, we use the term "personal information" to describe information that can be associated with a specific person and can be used to identify that person. We do not consider personal information to include information that has been aggregated and/or anonymized so that it does not identify a specific user.
By using jaris’ services, which include all products and services offered at any time and from time to time by jaris or by jaris as program manager for its bank partner in facilitating financial solutions (the “Service”) you agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access the Site or otherwise use any jaris Services.
1. Your rights as a consumer
jaris respects your privacy rights as a consumer (“Consumer”). Unless greater privacy rights are granted by a consumer’s jurisdiction, jaris is voluntarily providing all of its consumers the same rights as those afforded to California consumers under the California Consumer Privacy Act of 2018, as revised by the California Privacy Rights Act of 2020, and the associated regulations (the “CCPA/CPRA”) and other California laws. We are committed to protecting your CCPA/CPRA rights to:
- Delete personal information collected from or about them (“Right to Delete”).
- Correct inaccurate Personal Information collected and maintained about them (“Right to Correct”).
- Know what personal information is being collected about them, to access that personal information, and to know what personal information about them is being sold or shared and to whom (together called the “Right to Know”).
- Opt-out of the Sale or sharing of their personal information (“Right to Opt-out”).
- Limit use and disclosure of sensitive personal information to what is necessary to perform the Services or provide the goods reasonably expected by an average Consumer who requests such goods or Services (“Right to Limit”).
- Not be retaliated against for exercising their rights (“Right to No Discrimination”).
This document provides you with a description of our business practices, both online and offline, regarding the collection use, disclosure, and sale of personal information and of the rights of Consumers regarding their own personal information.
The terms used in this policy have the meanings used in the CCPA/CPRA. To learn more about your California privacy rights, please visit: https://oag.ca.gov/privacy/privacy-laws.
2. Personal Information we Collect, Sell, Share, and Otherwise Disclose
The CCPA/CPRA defines personal information as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
We collect personal data in a variety of contexts. For example, we collect personal data to facilitate financial products and services through our bank partners, for our human resource, and vendor management purposes.
The personal data that we collect about a specific Consumer will depend on, for example, our relationship or interaction with that individual.
During the past 12 months, we have collected the following categories of personal data:
- Identifiers: Such as full name and government issued identification numbers (i.e., i Social Security, driver’s license, and passport numbers),
- Customer records: Personal information, including contact details (e.g., telephone number and address), financial information, payment card details, and medical and health insurance information.
- Characteristics of protected classifications under California or federal law: Protected classes under state or federal law, such as sex, disability, citizenship, primary language, immigration status and marital status.
- Commercial information: Records of personal property, products or services purchased, obtained, or other consuming histories or tendencies.
- Internet or other network activity information: Online information (e.g., browsing history) and information regarding interaction with our websites, applications, or advertisements.
- Geolocation data: Geolocation data, such as device location.
- Professional or employment-related information, Such as work history and prior employer, information from background checks, resumes, and personnel files
- Sensitive personal information, Social Security, driver’s license, state identification card , and passport numbers; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation (meaning any geolocation data that can be used to locate a consumer within a radius of 1,850 feet.), racial or ethnic origin, religious or philosophical beliefs, union membership, contents of a consumer’s mail, email, and text messages unless the business collecting or using the data is the intended recipient of the communication, genetic data, biometric information for the purpose of uniquely identifying a consumer, personal information collected and analyzed concerning a consumer’s health, personal information collected and analyzed concerning a consumer’s sex life or sexual orientation, when collected or used for the purposes of inferring characteristics about a consumer.
3. Categories of Sources
The sources of personal data we collect depends, among other things, on our relationship or interaction with a specific Consumer. The following are categories of sources from which we have collected personal data during the past 12 months in different contexts:
Personal information you provide: We collect personal information when you create an account or link your accounting, banking, payment processing, tracking software, or vendor to the Service. The personal information collected during these interactions may vary based on what you choose to share with us, but it will generally include your name, your business name, email address, phone number, and a log of the transactions you've authorized through the Service. We may need to collect additional information, such as a copy of your government-issued identification, your social security, your individual taxpayer identification number, your street address, or your zip code to fulfill our legal obligations related to providing the Service to you.
Personal information we collect through our social media pages: We have pages on social media sites like Instagram, Twitter, and LinkedIn (“Social Media Pages”). When you interact with our Social Media Pages, we will collect personal information that you elect to provide to us through your settings on the Social Media Site, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.
Personal information we receive from third parties: We may collect personal information from you, from other users, our affiliates, our business partners, and third parties, as permitted by law. For example, we may collect information from third-party verification services, credit bureaus, financial institutions, mailing list providers, and publicly available sources to verify your identity. We may also collect information about you from third parties in connection with any identity or account verification process, fraud detection process, collection procedure, or as may otherwise be required by applicable law. In addition to the instances noted above, if you apply for or enter into Services, jaris may receive your customer information, account fraud information, and risk information from your payment processor as well as other underwriting, experiential, transaction, balance information regarding your activity with such payment processor.If you are based in the U.S., we may use Plaid, Inc. ("Plaid") to verify your bank account, confirm prior transactions from that account, and confirm your bank account balance prior providing you Services. By using the Services, you grant us and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from your relevant financial institution. Information shared with Plaid is treated by Plaid in accordance with its Privacy Policy, available at https://plaid.com/legal/#end-user-privacy-policy.
Personal information we receive automatically from your use of the Service: When you visit, use, and interact with the Service, we may receive certain information about your visit, use, or interactions. For example, we may monitor the number of people that visit the Service, peak hours of visits, which page(s) are visited, the domains our visitors come from (e.g., google.com, yahoo.com, etc.), which browsers people use to access the Service (e.g., Firefox, Microsoft Internet Explorer, etc.), broad geographical information, and navigation pattern. In particular, the following information is created and automatically logged in our systems:
- Log data: Information that your browser automatically sends whenever you visit the Site (“log data”). Log data includes your Internet protocol address, browser type and settings, the date and time of your request, and other interactions with the Service.
- Cookies: Please see the Cookies section below to learn more about how we use cookies.
- Device information: Includes the name of the device, the operating system, and the browser you are using. Information collected may depend on the type of device you use and its settings.
- Usage information: We collect information about how you use our Service, such as the content that you view or engage with, the features you use, the actions you take, and the time, frequency, and duration of your activities.
- Location information: We derive a rough estimate of your location from your IP address. We also collect your location information through the App using your device IP address, WiFi, Bluetooth, and GPS coordinates (e.g. latitude/longitude) of your mobile device. If you have given the App permission to access your location, we will collect your device’s location only while you are using the App and store your location history. If you want to opt-out of the collection of your Location Information, please adjust your settings on your mobile device to limit the App’s access to your location information.
- Cookies: We use cookies to operate and administer the Site, gather usage data on the Site, and improve your experience on the Site. A “cookie” is a piece of information sent to your browser by a website you visit. Cookies can be stored on your computer for differing periods of time. Some cookies expire after a certain amount of time or upon logging out (session cookies), others survive after your browser is closed until a defined expiration date set within the cookie (determined by the third party that placed it), and others help your computer be recognized when you open your browser and browse the Internet again (persistent cookies). For more details on cookies please visit All About Cookies.
- Clear gifs (web beacons): We may employ a software technology called clear gifs (a.k.a. web beacons) that help us better manage content on our Site by letting us know which content is effective. Clear gifs are tiny graphics containing a unique identifier (similar in function to cookies) and are used to track the online movements of Internet users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly within web pages and are about the size of the period at the end of this sentence. We may tie the information gathered by clear gifs to our customers’ personal information. We may also use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and our marketing campaigns.
Your choices: On most web browsers, there is a “help” section located in the toolbar. Please refer to this section for information on how to receive a notification when you receive a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings:
Please note that if you limit the Site's ability to set cookies, you may be unable to access certain parts of the Site and you may not be able to benefit from the Site's full functionality.
Advertising networks may collect personal information through the use of cookies. Most advertising networks offer you a way to opt-out of targeted advertising. If you would like to find out more information, please visit the Network Advertising Initiative’s online resources at http://www.networkadvertising.org and follow the opt-out instructions there.
If you access the Site on your mobile device, you may not be able to control tracking technologies through the browser's settings.
Analytics: We use Google Analytics, a web analytics service provided by Google, inc. (“Google”). Google Analytics uses cookies to help us analyze how users use the Site and also to enhance your experience when you use the Site. For more information on how Google uses this data, go to www.google.com/policies/privacy/partners/.
Online tracking and "Do Not Track" signals: We and our third-party service providers may use cookies or other types of tracking technologies to collect information about your browsing activity over time and across different websites following your use of the Site. Our Site currently does not respond to “Do Not Track” (“DNT”) signals and operates as described in this Privacy Policy whether or not a DNT signal is received. If we do respond to DNT signals in the future, we will update this Privacy Policy to describe how we do so.
WHY WE COLLECT PERSONAL DATA AND HOW WE USE AND DISCLOSE IT
The purposes for which we collect, use and disclose your personal data depend, among other things, on our relationship or interaction with a specific user. Below lists the purposes for which we collect, use and disclose personal data in different contexts.
Purposes for Collection, Use & Disclosure Provide and manage Services Examples
|
Purposes for Collection, Use & Disclosure Support our everyday operations, including to meet risk, legal, and compliance requirements Examples
|
Purposes for Collection, Use & Disclosure Manage, improve, and develop our business Examples
|
Purposes for Collection, Use & Disclosure Support employment, infrastructure, and human resource management Examples
|
Purposes for Collection, Use & Disclosure Sensitive Personal Information as permitted by law Examples
|
4. Categories of Third Parties and Our Disclosure of Personal Data
The categories of third parties to whom we disclose Personal Data about a specific individual depend on, among other things, our relationship or interaction with a specific Consumer. Such third parties include:
- Affiliated and outside companies or organizations, including service providers and vendors subject to appropriate confidentiality and use restrictions, to whom we disclose personal information as part of providing our Services, completing transactions, supporting our everyday operations, or business management and development. Examples may include, but are not limited to, internet service providers, Social Media Pages, operating systems and platforms, data brokers, advertising networks, and data analytics providers; companies or organizations to whom we provide Services; other parties, partners, and financial institutions (including payment processors, banks, credit reporting agencies, and API services); and parties involved with mergers, acquisitions, and other transactions involving transfers of all or part of our business, or a set of our assets.
- Companies or individuals that represent Consumers such as an accountant, financial advisor, or person holding power of attorney on behalf of a Consumer.
- Government agencies including to support regulatory and legal requirements.
- Outside companies or organizations, including service providers and vendors subject to appropriate confidentiality and use restrictions, to whom we provide personal information to support human resource activities and workforce management. Examples may include operating systems and platforms and data analytics providers.
Outside companies or organizations, in connection with routine or required reporting, including consumer reporting agencies and other parties.The following chart contains brief descriptions of the categories of personal information we collected over the past 12 months and which types of trusted third parties to whom we disclosed that information. The full descriptions of the categories of personal information and third parties are available above.
Categories of Personal Information Collected
Third Party Categories to Whom We Disclosed Personal Information for Business Purposes
|
Categories of Personal Information Collected
Third Party Categories to Whom We Disclosed Personal Information for Business Purposes
|
Categories of Personal Information Collected
Third Party Categories to Whom We Disclosed Personal Information for Business Purposes
|
Personal information does not include deidentified or aggregate consumer information or information that is lawfully made available from federal, state, or local government records.
Personal information is not considered to have been disclosed by a business when a consumer instructs a business to transfer the consumer’s personal information from one business to another in the context of switching services.
jaris retains consumers’ personal information as reasonably necessary and proportionate to achieve the purposes for which the personal information was collected or processed.
We may also disclose personal information in the following situations:
- Affiliates/Subsidiaries: We may share personal information with our affiliates or subsidiaries, meaning any entity that controls, is controlled by or is under common control with jaris, inc. Our affiliates or subsidiaries may use the personal information we share in a manner consistent with this Privacy Policy.
- Business partners: We may share information with our banking or business partners (collectively, “business partners”) for their business needs or to provide you with a product or service that you have requested. We may also share personal information with business partners with whom we may jointly offer products or services, or whose products or services we believe may be of interest to you. For our banking partners’ privacy policies which are incorporated into our policy by reference, please see below:
- Business transfers: jaris may transfer to a third party the personal information of a consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of jaris. It will only do so where that information is used or shared consistent with the CCPA/CPRA, that transfer will not constitute a “sharing” of personal information and it is not required to be reported in our policy and disclosures as such.
- Legal compliance and law enforcement: We may be required to disclose your personal information in limited circumstances, for example, to respond to a subpoena or similar judicial process, to comply with state, federal or local laws, to exercise or defend legal claims or, to the extent required by law, to provide information to law enforcement agencies.
5. How to exercise Your rights to delete, correct, and know
Your Right to Delete, Right to Correct, and Right to Know can be exercised by submitting a verifiable request to us by sending an email to privacy@jaris.io.
We cannot respond to your verifiable request if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. For this reason, your request must both:
- provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
- describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
If you have a password-protected account with our Company, we may require you to verify your identity through our existing authentication practices for the account. We will only use personal information provided in a verifiable request to verify the requestor’s identity or authority to make the request.
Only you, or your properly authorized agent, may make a request related to your personal information. To be certain that anyone claiming to make a verifiable request on your behalf has been properly authorized by you, we may require additional information, including:
- submitting the signed authorization that you provided to your agent.
- verifying their own identity directly with us.
- otherwise directly confirming with us that you have provided your authorized agent permission to submit the verifiable request.
You may submit a Right to Delete or a Right to Know request for specific pieces of information on behalf of all members of your household. Where you have a password-protected account with us, we may process Right to Delete requests and Right to Know requests for specific pieces of information relating to household information through that account. Where you do not have a password protected account with us, the following requirements must be met before we can comply with a Right to Delete request or a Right to Know request for specific pieces of information made on a household basis:
- all Consumers of the household jointly request to know specific pieces of information for the household or to delete household personal information;
- we individually verify each of the members of the household; and
- we verify that each member making the request is currently a member of the household.
If a member of the household is under the age of 13, we are also required to obtain verifiable parental consent, as described in the next section, below, before complying with a Consumer Rights request.
6. Right to Opt-out of sale or sharing of personal information
The Company sells or shares your personal information to third parties. You have the right at any time to direct us not to sell or share your personal information to third parties (this right is referred to as the “Right to Opt‐out.”). You may submit a request to exercise your Right to Opt-out by email us at privacy@jaris.io.
Only you, or your properly authorized agent, may make a Right to Opt-out request using the method(s) provided above. If you change your mind after making an opt-out, you may contact us at any time by the method(s) listed above or by our contact information below to request to allow us to sell and share your personal information (this is known as requesting to “opt-in”). We are required by the CCPA/CPRA to use a two-step opt-in process, so that if you submit a request to opt-in, we will contact you separately to request additional confirmation of your request.
7. Right to limit use disclosures of sensitive personal information
The Company uses or discloses your sensitive personal information beyond that which is necessary to perform the services, disclose this information to certain third parties, or to provide the goods reasonably expected by an average consumer who requests such goods or services, to perform the following services:
- ensuring the security and integrity of our website and system.
- short-term, transient use, such as non-personalized advertising.
- performing services on behalf of the business.
- maintaining or improving the quality or safety of a service or device we own, manufacture, or control.
You have the right, at any time, to direct us to limit our use or disclosure of your sensitive personal information to that set forth in (1)-(4), above (this right is referred to as the “Right to Limit”). You may submit a request to exercise your Right to Limit by emailing us at privacy@jaris.io.
Only you, or your properly authorized agent, may make a Right to Limit request using the method(s) provided above. If you change your mind after making a Right to Limit request, you may contact us at any time to opt-in to the use or disclosure of your sensitive personal information as described above.
8. Additional information regarding children under 16 years of age
Exercising Consumer Rights: A parent or guardian may make a Consumer Rights request on behalf of their child under the age of 16. In the case of a request to exercise the Right to Delete or the Right to Know on behalf of a child under the age of 13, we provide additional safeguards to confirm that you are the parent or guardian of that child. If you are making a request for a child under 13, please indicate this in the submission of your request or contact us using our contact information provided below so that we can provide you with further instructions on how to comply with CCPA/CPRA requirements.
Sale or sharing of the children’s personal information: The Company does not knowingly sell or share the personal information of children under 16 years of age.
9. Non-Discrimination
We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not unlawfully:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
- Retaliate against an employee, applicant for employment, or independent contractor for exercising their rights under this title.
10. Changes to our privacy notice
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on our website and update the notice’s effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.
11. Contact Information
If you have any questions or concerns about our privacy policies and practices, please do not hesitate to contact us by email at privacy@jaris.io.