Last updated: June 30th, 2020
A. Information You Provide
While using our Site, we may ask you to provide us with certain information, including information you provide when you register an account, update your profile, access our content, make a purchase, or contact customer support. The categories of information we collect includes:
- Contact Data, including your first and last name, email address, postal address, and phone number.
- Account Information, including your username, password, password hints, and information for authentication and account access.
- Financial Information, as required to provide the services on the Site, such as retirement account information.
- Demographic Data, including your age, gender, and country.
- Profile Data, including your interests, inferences, preferences and favorites.
- Content, including content within any messages you send to us (such as feedback, special instructions you provide, and questions to customer support). We also collect content within any messages you exchange with us through our chat functionality on the Site.
- Employment Data, including the retirement plans used by your former and current employer, and other employment and education history, transcript, writing samples, and references as necessary to consider your job application for open positions.
You may choose to voluntarily provide other information to us that we do not request, and, in such instances, you are solely responsible for such information.
B. Information Collected Automatically
In addition, we automatically collect information when you use the Site. The categories of information we automatically collect include:
- Service Use Data, including data about features you use, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics, emails and advertisements you view, products and services you view and purchase, and your referring and exiting pages.
- Device Data, including your computer’s Internet Protocol (“IP”) address, browser or device type, browser or device version, your internet service provider, and your device’s regional and language settings.
- Location Data, including imprecise location data (such as location derived from an IP address or data that indicates a city or postal code level).
The types of tracking technologies we use to automatically collect information include:
- Log Files, which are files that record events that occur in connection with your use of the Site.
- Cookies are files with small amounts of data stored on your device that act as a unique tag to identify your browser. We use two types of cookies: session cookies and persistent cookies. Session cookies make it easier for you to navigate our website and expire when you close your browser. Persistent cookies help with personalizing your experience, remembering your preferences, and supporting security features. Additionally, persistent cookies allow us to bring you advertising both on and off the Service. Persistent cookies may remain on your device for extended periods of time, and generally may be controlled through your browser settings.
- App Technologies, which are technologies included in our apps that are not browser-based like cookies and cannot be controlled by browser settings. For example, our apps may include SDKs, which is code that sends information about your use to a server. These SDKs allow us to track our conversions, bring you advertising both on and off the Site, and provide you with additional functionality.
For further information on how we use tracking technologies for analytics and advertising, and your rights and choices regarding them, see the “Analytics and Advertising” and “Your Rights and Choices” sections below.
C. Information from Other Sources
We also collect information from other source. The categories of sources from which we collect information include:
- Data brokers from which we purchase data to supplement the data we collect.
- Social networks with which you interact.
- Partners that offer co-branded services, products, or programs.
- Publicly available sources, including data in the public domain.
USE OF INFORMATION
- Operating and managing our Site.
- Performing services requested by you, such as helping facilitate any transactions where we act as an agent on your behalf, responding to your comments, questions, and requests, and providing customer service.
- Sending you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages.
- Preventing and addressing fraud, breach of policies or terms, and threats or harm.
- Monitoring and analyzing trends, usage, and activities.
- Conducting research, including focus groups and surveys.
- Improving the Site and other Capitalize websites, apps, marketing efforts, products and services.
- Developing and sending newsletters, advertising, direct marketing, and communications about our and other entities’ products, offers, promotions, rewards, events, and services.
- Conducting promotions, including verifying your eligibility and delivering prizes in connected with your entries.
- Fulfilling any other purpose at your direction.
- With notice to you and your consent.
Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we use information about you, please see the “Your Rights and Choices” section below.
Sharing of Information
- Service Providers. We share information with service providers that process information on our behalf. Service providers assist us with services such as data analytics, marketing and advertising, website hosting, and technical support. We contractually prohibit our service providers from retaining, using, or disclosing information about you for any purpose other than performing the services for us, although we may permit them to use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law.
- Vendors and Other Parties. We share information with vendors and other parties for analytics and advertising related purposes. These parties may act as our service providers, or in certain contexts, independently decide how to process your information. For more information on advertising and analytics, see the “Analytics and Advertising” section below. In other instances, we share information with vendors and other parties, such as Plaid, in order to provide the service to you, comply with your requests, market and advertise to you, and otherwise comply with the law.
- Financial Institutions. We share information with financial institutions, such as 401k and IRA providers, when you engage us to transact with them on your behalf. We may be compensated in connection with these activities.
- Affiliates. We share information with our affiliates and related entities, including where they act as our service providers or for their own internal purposes.
- Partners. We share information with our partners in connection with offering co-branded services, selling or distributing our products, or engaging in joint marketing activities.
- Promotions. Our promotions may be jointly sponsored or offered by other parties. When you voluntarily enter a promotion, we share information as set out in the official rules that govern the promotion as well as for administrative purposes and as required by law (e.g., on a winners list). By entering a promotion, you agree to the official rules that govern that promotion, and may, except where prohibited by applicable law, allow the sponsor and/or other entities to use your name, voice and/or likeness in advertising or marketing materials.
- Merger or Acquisition. We share information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
- Security and Compelled Disclosure. We share information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also share information to protect the rights, property, life, health, security and safety of us, the Site or anyone else.
- Facilitating Requests. We share information at your request or direction.
- Consent. We share information with notice to you and your consent.
Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law. For information on your rights and choices regarding how we share information about you, please see the “Your Rights and Choices” section below.
We offer parts of our Site through websites, platforms, and services operated or controlled by other parties. Our Site includes links that hyperlink to websites, platforms, and other services not operated or controlled by us. In addition, we integrate technologies operated or controlled by other parties into parts of our Site.
Analytics and Advertising
We use analytics services, such as Google Analytics, to help us understand how users access and use the Site. In addition, we work with agencies, advertisers, ad networks, and other technology services to place ads about our products and services on other websites and services. For example, we place ads through Google and Facebook that you may view on their platforms as well as on other websites and services.
As part of this process, we may incorporate tracking technologies into our own Site (including our website and emails) as well as into our ads displayed on other websites and services. Some of these tracking technologies may track your activities across time and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you (“Interest-based Advertising”).
We also use audience matching services to reach people (or people similar to people) who have visited our Site or are identified in one or more of our databases (“Matched Ads”). This is done by us uploading a customer list to another party or incorporating a pixel from another party into our own Site, and the other party matching common factors between our data and their data or other datasets. For instance, we incorporate the Facebook pixel on our Site and may share your email address with Facebook as part of our use of Facebook Custom Audiences.
For further information on the types of tracking technologies we use on the Site and your rights and choices regarding analytics and advertising, please see the “Information Collected Automatically” and “Your Rights and Choices” sections.
Your Rights and Choices
A. Account Information
You may access, update, or remove certain information that you have provided to us through your account by visiting your account settings or sending an email to the email address set out in the “Contact Us” section below. We may require additional information from you to allow us to confirm your identity. Please note that we will retain and use information about you as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
B. Tracking Technology Choices
- Cookies and Pixels. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.
- Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do about these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to “Do Not Track” signals. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.
- App and Location Technologies. You can stop all collection of information via an app by uninstalling the app. You can also reset your device Ad Id at any time through your device settings, which is designed to allow you to limit the use of information collected about you.
Please be aware that if you disable or remove tracking technologies some parts of the Site may not function correctly.
C. Analytics and Interest-Based Advertising
Google provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout and by Google Analytics for Display Advertising or the Google Display Network at https://www.google.com/settings/ads/onweb/.
The companies we work with to provide you with targeted ads are required by us to give you the choice to opt out of receiving targeted ads. Most of these companies are participants of the Digital Advertising Alliance (“DAA”) and/or the Network Advertising Initiative (“NAI”). To learn more about the targeted ads provided by these companies, and how to opt out of receiving certain targeted ads from them, please visit: (i) for website targeted ads from DAA participants, https://www.aboutads.info/choices; (ii) for app targeted ads from DAA participants, https://www.aboutads.info/appchoices; and (iii) for targeted ads from NAI participants, https://www.networkadvertising.org/choices/. Opting out only means that the selected participants should no longer deliver certain targeted ads to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., in connection with the participants’ other customers or from other technology services).
To opt out of us using your data for Matched Ads, please contact us as set forth in the “Contact Us” section below and specify that you wish to opt out of matched ads. We will request that the applicable party not serve you matched ads based on information we provide to it. Alternatively, you may directly contact the applicable party to opt out.
You may also limit our use of information collected from or about your mobile device for purposes of serving targeted ads to you by going to your device settings and selecting “Limit Ad Tracking” (for iOS devices) or “Opt out of Interest-Based Ads” (for Android devices).
Please note that if you opt out of using any of these methods, the opt out will only apply to the specific browser or device from which you opt out. We are not responsible for the effectiveness of, or compliance with, any opt out options or programs, or the accuracy of any other entities’ statements regarding their opt out options or programs.
- E-mails. You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link, or emailing us at the email address set out in the “Contact Us” section below with the word UNSUBSCRIBE in the subject field of the email. Please note that you cannot opt-out of non-promotional emails, such as those about your account, transactions, servicing, or our ongoing business relations.
- Push Notifications. If you have opted-in to receive push notification on your device, you can opt-out at any time by adjusting the permissions in your device or uninstalling our app.
Please note that your opt out is limited to the email address or device used and will not affect subsequent subscriptions.
The Site is intended for general audiences, and is not directed at children under 13 years old. We do not knowingly collect personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children. If you are a parent or guardian and believe we have collected personal information in violation of COPPA, contact us at firstname.lastname@example.org. We will remove the personal information in accordance with COPPA. We do not knowingly “sell,” as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.
If you are a California resident under 18 years old and registered to use the Site, you can ask us to remove any content or information you have posted on the Site. To make a request, email us at the email address set out in “Contact Us” section with “California Under 18 Content Removal Request” in the subject line, and tell us what you want removed. We will make reasonable good faith efforts to remove the post from prospective public view, although we cannot ensure the complete or comprehensive removal of the content and may retain the content as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmission over the Internet, is not 100% secure and we cannot guarantee the security of information about you.
Additional Disclosures for Nevada Residents
Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us as at email@example.com.
Additional Disclosures for California Residents
These additional disclosures apply only to California residents. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt-out, and requires businesses collecting or disclosing personal information to provide notices and means to exercise rights.
A. Notice of Collection
In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA:
- Identifiers, including name, postal address, email address, and online identifiers (such as IP address).
- Customer records, including phone number, billing address, and other financial information associated with maintaining a 401k.
- Characteristics of protected classifications under California or federal law, including gender.
- Commercial or transactions information, including records of products or services purchased, obtained, or considered.
- Internet activity, including browsing history, search history, and interactions with a website, email, application, or advertisement.
- Geolocation data.
- Employment and education information.
- Inferences drawn from the above information about your predicted characteristics and preferences.
For further details on information we collect, including the sources from which we receive information, review the “Information Collection” section above. We collect and use these categories of personal information for the business purposes described in the “Use of Information” section above, including to manage our Service.
Under the CCPA, “sell” is defined broadly, and some of our data sharing practices may be considered a “sale.”
We do not generally sell information as the term “sell” is traditionally understood.
B. Right to Know and Delete
You have the right to know certain details about our data practices in the past 12 months. In particular, you may request the following from us:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information was collected;
- The categories of personal information about you we disclosed for a business purpose or sold;
- The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
- The business or commercial purpose for collecting or selling the personal information; and
- The specific pieces of personal information we have collected about you.
In addition, you have the right to delete the personal information we have collected from you.
To exercise any of these rights, please email us at firstname.lastname@example.org. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.
C. Right to Opt-Out
To the extent Capitalize sells your personal information as the term “sell” is defined under the CCPA, you have the right to opt-out of the sale of your personal information by us to third parties at any time. You may submit a request to opt-out by clicking Do Not Sell My Personal Information or by emailing us at email@example.com.
D. Authorized Agent
You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.
E. Right to Non-Discrimination
You have the right not to receive discriminatory treatment by us for the exercise of any your rights.
F. Shine the Light
Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at the email or postal address set out in “Contact Us” above and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.