Greenlight Logo

Privacy Policy

Effective Date: January 12, 2021

TABLE OF CONTENTS

Greenlight Financial Technology, Inc. (“Greenlight Financial”) operates the greenlightcard.com website (the “Website”) and the associated Greenlight application for mobile phone or any other device (the “Application”). Greenlight Investment Advisors, LLC, a wholly-owned subsidiary of Greenlight (“Greenlight Advisors”), is an SEC registered investment advisor, which provides investment advisory services to clients of Greenlight Financial who also become clients of Greenlight Advisors, and is responsible for the delivery of investment advisory services under the Invest tab of the Application.  Greenlight Advisors and Greenlight Financial are collectively referred to as “Greenlight,” “we,” “our” or “us” in this Privacy Policy. Our services, products, features, functions, technologies, and content offered through the Website and the Application or by contacting our customer service are collectively referred to as “Greenlight Services”. By using any Greenlight Services, you accept this Privacy Policy and agree to the collection and use of your Personal Information in accordance with this Privacy Policy. We use the term “Personal Information” in this Privacy Policy to describe information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual, household, or device. We do not consider Personal Information to include information that has been aggregated and/or otherwise de-identified such that it does not identify a specific individual, household or device.

PERSONAL INFORMATION WE COLLECT AND HOW

We generally collect Personal Information in three ways: 1) information you provide to us, 2) information we collect automatically, and 3) information we receive from third parties, as described further below.

When you use, visit, or otherwise interact with the Greenlight Services, for example, by contacting customer service, you may sometimes give Personal Information directly to us or to our third-party service providers. In order to create an account to use the Greenlight card, as part of the Greenlight Services, you (or a parent or legal guardian if you are under 18) will provide the following Personal Information: account applicant’s full name, email address, street address, phone number, date of birth, and the applicant’s social security number (or, in some cases, only the last 4 digits). This Personal Information is used to verify the applicant’s (primary account holder’s) identity and set up the account. The full name, birth date, email address and (optionally) mobile phone number of individual sub-account users (typically children) or a designee to help manage the account (often a spouse) is also requested to establish such user rights ancillary to the applicant’s account, if so requested by the applicant.

If a minor requests that an account be created, we ask for the minor’s date of birth in order to determine whether the minor is eligible to set up their own account. If the child is younger than 18, we require that the child’s parent or legal guardian complete the account creation process.

We may contact you from time to time to participate in surveys, and your participation will always be optional. If you decide to participate, you may be asked to provide certain information which may include Personal Information.

To fund the Greenlight card account, in order to use the Greenlight card, we request that the primary accountholder transfer funds from a bank account or debit card.  In either case, the payment details are not provided directly to Greenlight, but we use third parties to effect such transfers.

In the case of funding by bank account, we use the Plaid, Inc. (“Plaid”) open banking interface to help expedite the enrollment process as an alternative to the time consuming, manual ACH enrollment process, which involves small dollar test transactions.  Plaid has its own separate privacy policy that you can click to review on the Plaid enrollment screen when you initially select Plaid to verify your bank account information or you can review Plaid’s privacy policy at the following link: https://plaid.com/legal/#end-user-privacy-policy.  By utilizing the Plaid services in order to allow Greenlight to (i) verify you own the bank account you elect to use as a funding source, (ii) verify the amount requested is available to fund your Greenlight account, and (iii) complete the transfer of funds to your Greenlight account, you consent to allow Plaid to share certain Personal Information with us. That Personal Information includes: the name of the bank account owner(s), the address, phone number(s), and email address(es) associated with the bank account, the account name, type, subtype, and balance, the last 2-4 digits of the account number for verification purposes, and a tokenized account number. We use this Personal Information to verify the bank account owner is the same person as the Greenlight primary accountholder. If you elect not to allow Plaid to share this Personal Information with us, we will not be able to fund your Greenlight account via a transfer from your bank account unless you perform a manual verification of your bank account using the process set forth on the Website.

In the case of funding by debit card, Greenlight uses a third-party merchant acquirer to process your debit card payments.  The merchant acquirer will collect your debit card information including your full name appearing on the face of your debit card, card number, expiration date and CVV (collectively, “Cardholder Data”) through various types of software development kits (“SDK”) installed on the Website and Application, which allow the Cardholder Data to be collected by the merchant acquirer without being accessible to Greenlight.  The merchant acquirer will maintain such data in full compliance with the card network rules and Payment Card Industry – Data Security Standards (“PCI-DSS”).

Additionally, when you use, visit, or otherwise interact with the Greenlight Services, we and our third-party service providers may use technology that stores or collects information sent to us by your computer, browser, mobile phone, or other device. This information may include your IP address, unique device identifiers, or other unique identifier; your device functionality, such as the type of browser, operating system, or hardware used; your device location, which may include a street name and city or GPS-location; mobile network information; your activities within the Greenlight Services, including the Website and Application; your email address and mobile phone number; and other information. When you use the Greenlight Services, we also collect information about your transactions and your activities using the Greenlight card, including financial and payment information.

If you enroll in the Greenlight + Invest Plan or the Greenlight Max Plan, then you will have access to the Invest Account Services.  “Invest Account Services” means the investment advisory services provided by Greenlight Advisors, an SEC-registered investment adviser and the brokerage services provided by DriveWealth, LLC (“DriveWealth”), an SEC-registered broker-dealer and member of FINRA and SIPC.  If you participate in the Invest Account Services, then you consent to Greenlight or its service providers sharing your Personal Information with DriveWealth in order to verify your identity for their records and otherwise as necessary to comply with applicable legal requirements.  You also consent to DriveWealth’s delivery of your Personal Information to Greenlight including, without limitation, information about your brokerage account opened at DriveWealth (your “Invest Account”) such as your Invest Account number, securities positions, market values, transaction histories and balances.  DriveWealth’s Privacy Policy is available at https://legal.drivewealth.com/privacy-policy. Also, in order to participate in the Invest Account Services, we will collect answers to regulatory questions as well as information about your investment objectives and your risk profile in order to make investment recommendations.

We may also obtain information about you from third parties, including, but not limited to, open banking interface providers, broker dealers, identity verification services or social media platforms when you communicate with us about the Greenlight Services via social media.

AUTOMATIC COLLECTION

Whenever you interact with the Greenlight Services, we, as well as our service providers, may use assorted technologies that automatically or passively collect data about how the Greenlight Services are being accessed and used. This data may include browser type, unique number assigned to identify such device, operating system, application version, click path taken through the Greenlight Services, your use of features or applications within the Greenlight Services, and other usage information. This information helps us manage, improve and customize the Greenlight Services’ features and functionality and can be used to identify you like Personal Information.

These technologies include “Cookies” (small data files, including cookies, pixel tags, and/or other local storage provided by your browser or associated applications) on your computer, browser, mobile phone, or other device. We use both session Cookies, which expire and no longer have any effect when you log out of your account or close your browser, and persistent Cookies, which remain on your device until you erase them or they expire. We encode our Cookies so that we or our third-party service providers can interpret the information stored in them. You are free to decline Cookies if permitted by your computer, browser, mobile phone, or other device, although doing so may interfere with your use of the Greenlight Services.

“DO NOT TRACK”; OTHER TRACKING

We do not honor “do not track” requests for the Website or Applications, as that is incompatible with our ability to deliver the Greenlight Services and respond to your requests. Third parties, other than our service providers assisting with making the Greenlight Services available, do not have authorization from us to track your use of the services or track what other activities a user may have engaged in before or after using the Greenlight Services (for example, using a different application or website).

HOW WE USE PERSONAL INFORMATION

We may use your Personal Information for one or more of the following purposes:

  • create, fund, maintain, customize, and secure your Greenlight card account with us;

  • process and analyze account transactions and payments, notify you about them, audit them if needed;

  • provide Greenlight Services and customer support to you;

  • deliver service update notices and promotional offers, answer questions and respond to your requests, and otherwise to communicate with you;

  • determine your location and the location of merchants, and correlate your location with transaction activity for the purpose of providing you services;

  • maintain the security and integrity of the Greenlight Services, our technology, assets and business;

  • engage in detection and prevention of fraud or other illegal activities and debugging;

  • if you participate in the Invest Account Services, make investment recommendations for you;

  • if you participate in the Invest Account Services, open an Invest Account with DriveWealth in your name and at your direction;

  • display your DriveWealth Invest Account information such as securities positions, market values, transaction histories and balances on the Greenlight Application;

  • enforce our Terms of Service and the Cardholder Agreement, including to prevent potential breaches;

  • respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;

  • if required by applicable law, perform identity verification on our own behalf and on behalf of third party partners such as the Issuing Bank (as defined below) and the broker dealer for the Invest Account;

  • test, personalize, develop and improve the Greenlight Services, including to create new analytics, algorithms, or other tools;

  • lock and unlock your Greenlight card;

  • advertise and market our products and services, and the products and services of our business partners, to you, including by presenting tailored content, new features notices, and advertisements through our Website, third-party sites, in-Application notifications, email or text message (with your consent, where required by law);

  • use the information as reasonably necessary and proportionate to achieve our operational or notified purpose for collecting personal information and as compatible with the context in which it was collected;

  • retain the information for as long as necessary to give effect to the foregoing purposes, or for so long as required or permitted under applicable law; and

  • evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users, online visitors, business contacts or employees is among the assets transferred.

HOW WE SHARE PERSONAL INFORMATION

The Greenlight card is issued by Community Federal Savings Bank (the “Issuing Bank”). Greenlight shares Personal Information collected by Greenlight with the Issuing Bank in order to have a prepaid account issued to the primary accountholder and Greenlight cards issued to any sub-accounts they designate (e.g., children). The Issuing Bank’s privacy policy is available at https://www.cfsb.com/wp-content/uploads/2021/01/cfsb-privacy-notice-12-20-20.pdf.

Greenlight may also share Personal Information with third parties, as follows:

  • Service Providers. We engage with select service providers who provide services to support our operations such as: partner banks and financial institutions; open banking interface providers; payment processors (including merchant acquirers and ACH processors); broker dealers; insurance companies; consumer reporting agencies; identity verification services, and collection agencies; web hosting; app development; advertising and marketing vendors, and other service providers. Such service providers will be limited to using your Personal Information to provide their services to Greenlight, or as otherwise permitted by law.

  • Certain Mobile Carriers. If you request Greenlight Services via a mobile device, your request will be transmitted via your mobile carrier’s network and your carrier may have access to it. Consult your carrier’s privacy policy for additional information.

  • Other Parties. As further described in “HOW WE USE PERSONAL INFORMATION” above, we may share your information when we have reason to believe that disclosing the information is necessary to prevent fraud, damage to person or property, protect and secure our business, assets, user accounts or enforce legal rights or comply with subpoena, court order, legal process or obligations. We reserve the right to disclose any Personal Information as needed if that information is requested by law enforcement agencies or if we are required to do so by law or court order.

  • Successor Entities. We reserve the right to sell, disclose or transfer your Personal Information to a successor entity in the event of a corporate merger, consolidation, sale of assets or other corporate changes respecting Greenlight.

Greenlight will not share Personal Information with third parties for the third parties’ marketing purposes. Greenlight may share aggregated customer information with third parties for the third parties’ marketing purposes, including so that Greenlight may offer you merchant promotions; such aggregated information does not identify a specific individual and is not intended to contain Personal Information.

Please be aware that users of the Greenlight Services may also themselves disclose Personal Information to others:

  • A sub-account’s Personal Information, including but not limited to established spending parameters, pending transactions, approved purchases, and transaction history, will be shared with the linked primary accountholder and with their designee to manage the account, if any, who can access the information from the account dashboard in the Application.

  • The first and last name, or any designated account name, of the primary accountholder and sub-accounts are known to one another and used to communicate between the accounts (e.g., child sends request to parent to add more funds to child’s subaccount). In other words, individual users within an “account family” may also disclose their Personal Information to one another in using the Greenlight Services.

  • When a user of the Greenlight Services downloads an Application from Apple®, Google® or any other third party platform from which it may become available, the user provides certain Personal Information to the third-party platform in order to complete the download, and as may be necessary to receive updates to the Application through the platform, according to the platform’s separate privacy policy and terms.

YOUR RIGHTS AND CHOICES

Greenlight maintains the preferences you have provided to us regarding the use, collection, and sharing of information, including how we may contact you.

  • Communication & Marketing Preferences. You can update your preferences regarding information sharing and marketing communications by sending an email request to support@greenlightcard.com. Please note that you may continue to receive emails with account-related information, even if you opt-out of marketing emails.

  • Account Information. The primary account holder and any designee they manage to oversee the account and any sub-accounts linked to the primary account have access to information about sub-accounts unless and until a subaccount is closed. If a sub-account is closed, the sub-account’s Personal Information may still be accessible to the linked primary accountholder or their designee if the primary account remains open after the sub-account is closed.

  • Update Your Information. Your Personal Information can be reviewed and edited at any time by logging in to the primary account and reviewing your account settings and profile. It is your responsibility to make sure that your Personal Information is accurate, and you should promptly update your Personal Information on the Website or Application if your Personal Information changes or becomes inaccurate.

  • Closing Account. The primary accountholder can close the primary account or any sub-account by calling Greenlight Customer Service at 1-888-483-2645. If you close your account, we will mark the account in our database as “Closed,” but may retain Personal Information from the account to collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, prevent fraud, enforce the Cardholder Agreement and Terms of Service, or take other actions as required or permitted by law.

  • Deletion of Personal Information. Due to regulatory recordkeeping obligations, we may retain information related to you and your Greenlight card account and your Invest Account, as well as any data related to your trades, in accordance with applicable laws. In no case will we share any individual trading data unless required by regulators or other government bodies, to support processing of settlement of your transactions, or in accordance with applicable laws.

SECURITY

We use reasonable administrative, technical, and physical security measures to protect such Personal Information against loss, misuse, and unauthorized access, but no online or mobile communication is guaranteed to be 100% secure.

CHILDREN’S PRIVACY

We comply with the U.S. Children’s Online Privacy Protection Act and the regulations implementing it (“COPPA”), to the extent applicable to us and to the Greenlight Services. We do not knowingly collect “personal information,” as defined under COPPA, directly from users under the age of 13. If a primary accountholder creates a sub-account for an individual under the age of 13, only the primary accountholder (i.e., the parent or legal guardian), not the sub-account cardholder, provides information to Greenlight necessary to establish the sub-account for the minor. Subsequent to the creation of the sub-account, Greenlight will only collect and use personal information related to the minor for the limited purpose of providing the Greenlight Services, and such information will not be shared with third parties for any purpose not required or permitted by law, including marketing.

NOTICE TO RESIDENTS OF OUTSIDE UNITED STATES

We are headquartered in the United States and currently the Greenlight Services are only intended for individuals located in the United States. If you are located outside of the United States, be advised that any Personal Information you provide to us will be transferred to and stored in the United States and that, by submitting information to us, you explicitly authorize its transfer and storage within the United States. We reserve the right to use service providers in the United States and elsewhere as necessary to deliver the Greenlight Services. We will protect the privacy and security of Personal Information according to this Privacy Policy regardless of where it is processed or stored.

CHANGES TO PRIVACY POLICY

Greenlight reserves the right to modify this Privacy Policy at any time and may apply changes to previously collected information, as permitted by applicable law. From time to time, we may change or update this Privacy Policy. We encourage you to review this Privacy Policy from time to time for any updates. You acknowledge and agree that we may notify you about any material changes in the way we treat Personal Information by posting an updated version of the Privacy Policy on this page. Your continued use of the Greenlight Services after any such posting shall constitute your acceptance of such changes. If you do not agree with any such changes, please stop using the Greenlight Services.

SUMMARY OF RECENT CHANGES

  • This Privacy Policy was significantly updated on January 1, 2020 for purposes of the reflecting the California Consumer Privacy Act.

  • We added descriptions of information we receive from Plaid under “PERSONAL INFORMATION WE COLLECT AND HOW” on November 24, 2020 based on a change in our working relationship with Plaid.

  • We added a definition for Greenlight Investment Advisors, LLC and DriveWealth, LLC, as well as a description of the Personal Information collected in order to provide investment advisory services on January 12, 2021.

CONTACT US

If you have questions about this Privacy Policy or our information practices, please contact us by email at info@greenlightcard.com or call 1-888-483-2645.

California residents may also use the contact information shown below under “NOTICE TO CALIFORNIA RESIDENTS.” A number of states are currently considering enacting laws similar to the California laws under “NOTICE TO CALIFORNIA RESIDENTS” below. If you are a resident of a state that enacts such a law, please feel free to contact us using the contact information for California residents below.

NOTICE TO CALIFORNIA RESIDENTS

The information included in this section applies to residents of California. If you have questions about this Privacy Policy, including anything in this section for California residents, or would like a printed copy of this Privacy Policy, please contact us at 1-888-483-2645 or by email to CAPrivacy@greenlightcard.com. If you would like to print a copy of this Privacy Policy, please select the “Print” button in your web browser.

Collection and Use of Personal Information

For details on the Personal Information we collected about California residents in the last 12 months, the sources of that information, our business or commercial purposes for collecting that information, and the third parties with whom we shared that information, please refer to the corresponding sections of this Privacy Policy as follows:

In particular, as part of the Greenlight Services, we have collected the following categories of Personal Information from or about California residents within the last twelve (12) months:

CategoryRepresentative Examples
(not all items are collected for each consumer)
Collected
1. IdentifiersA real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.YES
2. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).A name, social security number, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories.YES
3. Protected classification characteristics under California or federal law. Age (including 40 years or older), citizenship, and sex.YES
4. Commercial information.Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.YES
5. Biometric information.Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.NO
6. Internet or other similar network activity.Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.YES
7. Geolocation data.Physical location or movements.YES
8. Sensory data.Audio, electronic, visual, thermal, olfactory, or similar information.NO
9. Professional or employment-related information.Current or past job history or performance evaluations.YES
10. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.NO
11. Inferences drawn from other personal information.Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.YES

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Your CCPA Rights and How to Exercise Them

If you are a California resident, you have certain rights, pursuant to the California Consumer Privacy Protection Act (“CCPA”). These CCPA rights may only apply in certain circumstances and are subject to certain exemptions. Please see the information below for a summary of your rights, how to exercise your rights and the information we require in order to respond to your requests. Please note that we may ask for certain information to verify the request in accordance with applicable law.

  • Right to Know. You have the right to request that we disclose what Personal Information we collect, use, disclose and/or sell about you. To exercise your right to know, please contact us to submit your request. You will be required to provide certain information which we will use to verify you and your request.

  • Right to Delete. You have the right to delete Personal Information that we collect or maintain about you. To request deletion of your information, please to submit your request by email at CAPrivacy@greenlightcard.com or by mail at Greenlight Financial Technology, Inc., 303 Peachtree St, NE, Suite 4300, Atlanta, GA 30308, Attn: CA - Personal Information Deletion. You will be required to provide certain information which we will use to verify you and your request. Please note that certain exceptions apply to this right, such as when we retain your information to comply with law, or to complete the transaction for which the Personal Information was collected, or to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity. We will notify you of any such exceptions as applicable to your request.

  • Right to Opt-Out of Sale. We do not presently sell Personal Information within the meaning of the CCPA, and so do not offer a mechanism to opt-out or ask us not to sell your Personal Information.

  • Right to Non-Discrimination. You have the right not to receive discriminatory treatment by us for the exercise of any of your CCPA rights. However, we may offer certain financial incentives, charge reasonable fees related to your requests, or deny your right to know, right to request deletion, or right to opt-out of sale in accordance with applicable law.

  • Right to an Authorized Agent. You can exercise your CCPA rights yourself or you can designate an authorized agent to make a request on your behalf. Your authorized agent must be able to demonstrate authority to act on your behalf as further instructed when submitting a verifiable request.

Disclosure or Sale of Personal Information

In the last 12 months, we have not sold personal information to third parties, but we have shared personal information for business or commercial purposes  as follows:

  • We have shared the categories of Personal Information shown in the chart under “PERSONAL INFORMATION WE COLLECT AND HOW” with our service providers in the past twelve (12) months for the business or commercial purposes described in “HOW WE USE PERSONAL INFORMATION” above.

Under the CCPA, a “sale” means providing to a third party Personal Information for valuable consideration. It does not necessarily mean money was exchanged for the transfer of Personal Information. We work to identify whether any of our data sharing arrangements would constitute a “sale” under the CCPA; however, due to the complexities and ambiguities in the CCPA, we will continue to evaluate some of our third party relationships as we wait for final implementing regulations and guidance. For example, it is currently unclear whether the use of certain types of advertising partners would be considered a sale under CCPA.

Third-Party Marketing Disclosure

Under California Civil Code Section 1798.83 (the “Shine the Light” law), California residents with whom we have a business relationship can request certain information regarding what types of personal information, if any, we shared with third parties for the direct marketing purposes of the third parties and the identities of the third parties with whom the business has shared such information in the immediately preceding 12 months. You may request this information by contacting us using the contact information at the top of this “NOTICE TO CALIFORNIA RESIDENTS” section or contact us.

NOTICE TO NEVADA RESIDENTS

We do not exchange your Personal Information for money with anyone so that they can license or sell the Personal Information to additional parties.

Stay in touch:

© 2021 Greenlight Financial Technology, Inc. Patents Pending. The Greenlight card is issued by Community Federal Savings Bank, member FDIC, pursuant to license by Mastercard International.

© 2021 Greenlight Investment Advisors, LLC, an SEC Registered Investment Advisor provides investment advisory services to its clients. Investing involves risk and may include the loss of capital.