We generally collect Personal Information in three ways: (1) information a user provides to us, (2) information we collect automatically, as a digital platform, and (3) information we receive from third parties, as described further below.
Personal Information provided in connection with prepaid card services
When a user visits, uses or otherwise interacts with Greenlight Services, for example, by contacting customer service, you (the user) may sometimes give Personal Information directly to us or to our third-party service providers. In order to create an account to use the Greenlight card, as part of Greenlight Services, you must be 18 years old or older (or a parent or legal guardian if creating an account for a user under 18). The account creator will provide the following Personal Information to us: account applicant’s full name, email address, street address, phone number, date of birth, and the applicant’s social security number (or, in some cases, only the last 4 digits). This Personal Information is used to verify the applicant’s (known as a “primary accountholder’s”) identity and set up the account. The full name, birth date, email address and (optionally) mobile phone number of individual sub-account users (typically children) or a designee (also known as a “secondary approver”) to help manage the account (often a spouse) is also requested from the applicant to establish such user rights ancillary to the applicant’s account. Designating a sub-account or secondary approver is optional. The primary accountholder and secondary approver may see all Personal Information of accountholders across the account family (including transaction history).
We may invite accountholders from time to time to participate in surveys, sweepstakes, contests and other promotional programs and participation will always be optional. If you decide to participate, you may be asked to provide certain information to enable us to communicate with you about the opportunity, which may include Personal Information. If we make a sweepstakes, contest or other promotional offer available to non-accountholders, we will disclose the Personal Information we collect and why (typically to communicate about the offer) in the offer terms.
To fund the Greenlight card account, in order to use the Greenlight card, we request that the primary accountholder (or secondary approver if one is designated) transfer funds from a bank account, debit card or any other source that may be approved in the future. The primary accountholder and any secondary approver may also permit the funding of a sub-account with a direct deposit of wages from an employer of the sub-account cardholder (e.g., participating child’s employer), and any primary accountholder can fund their Greenlight account by a transfer from their Invest Account held by DriveWealth (if the primary accountholder is a user of Invest Account Services described further below). DriveWealth is described further below in connection with Invest Account Services.
When the primary accountholder or secondary approver elects funding by debit card, Greenlight uses a third-party merchant acquirer to process your debit card payments. The merchant acquirer will collect your debit card information including your full name appearing on the face of your debit card, card number, expiration date and CVV through various types of software development kits installed on the Website and Greenlight App, which allow the cardholder data to be collected by the merchant acquirer without being accessible to Greenlight. The merchant acquirer is expected to maintain such data in compliance with the card network rules and Payment Card Industry – Data Security Standards. We do not receive Personal Information back from the merchant acquirer about you.
Like many digital platforms, Greenlight collects certain information automatically to help us manage, improve and customize our features and functionality. When you use, visit, or otherwise interact with Greenlight Services, we and our third-party service providers may use technology that stores or collects information sent to us by your computer, browser, mobile phone, or other device. This information may include your IP address, unique device identifiers, or other unique identifier; your device functionality, such as the type of browser, operating system, or hardware used; your device location, which may include a street name and city; your activities within Greenlight Services, including the portions of the Website and Greenlight App you access; your email address and mobile phone number; and other information. When you use Greenlight Services, we also collect information about your transactions and your activities using the Greenlight card, including financial and payment information.
These technologies include “cookies” (small data files, including cookies, pixel tags, and/or other local storage provided by your browser or associated applications) on your computer, browser, mobile phone, or other device. You are free to decline optional cookies if permitted by your computer, browser, mobile phone, or other device, although doing so may affect your use of Greenlight Services. We use both session cookies, which expire and no longer have any effect when you log out of your account or close your browser, and persistent cookies, which remain on your device until you erase them or they expire.
Information from Third Parties
When you use the Greenlight App, if you are the primary accountholder or secondary approver, we may receive the following information from your wireless operator: your mobile number, name, address, email, unique mobile device identifier and other subscriber details.
In addition to the Personal Information described above that we obtain about you from Plaid, DriveWealth and your wireless operator, we may also obtain information about you from third parties, including, but not limited to, identity verification services or social media platforms when you communicate with us about Greenlight Services via social media, as well as from your friends who may have referred you to use Greenlight Services.
Some web browsers transmit “do not track” signals to websites. Greenlight’s Website and App currently do not take action in response to these signals because it would limit our ability to deliver Greenlight Services and respond to your requests. Except for Greenlight service providers which help deliver Greenlight Services, we do not authorize any third party to track your use of Greenlight Services or track what other activities a user may have engaged in before or after using Greenlight Services (for example, using a different application or website).
We may use your Personal Information for one or more of the following purposes:
create, fund, maintain, customize, and secure your Greenlight card account with us;
process and analyze account transactions and payments, notify you about them, and audit them if needed;
provide Greenlight Services and customer support to you;
deliver service update notices and promotional offers, answer questions and respond to your requests, and otherwise to communicate with you;
maintain the security and integrity of Greenlight Services, our technology, assets and business;
engage in detection and prevention of fraud or other illegal activities and debugging;
if you participate in Invest Account Services, make investment recommendations for you;
if you participate in Invest Account Services, open an Invest Account with DriveWealth in your name and at your direction;
display your DriveWealth Invest Account information such as securities positions, market values, transaction histories and balances on the Greenlight Application;
enforce our Terms of Service and the Cardholder Agreement, including to prevent potential breaches;
respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
if required by applicable law, perform identity verification on our own behalf and on behalf of the bank that issues the Greenlight card (CFSB) and the broker dealer for the Invest Account (DriveWealth);
test, personalize, develop and improve Greenlight Services, including to create new analytics, algorithms, or other tools, so we can better cater to your interests;
lock and unlock your Greenlight card;
market our products and services to you, including by presenting tailored content, and features notices through our Website, third-party sites, in-App notifications, emails or text messages (with your consent, where required by law); and
evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our users, online visitors, business contacts or employees is among the assets transferred.
Greenlight maintains the preferences the primary accountholder has provided to us regarding the use, collection, and sharing of Personal Information, including how we may contact you.
Marketing Preferences. Each recipient of our marketing emails may unsubscribe from the emails from within each marketing email, but please note that you may continue to receive emails with Greenlight account-related information, even if you opt-out of marketing emails.
Account Information. The primary accountholder and any secondary approver they designate to oversee the account and any sub-accounts linked to the primary account have access to information about sub-accounts unless and until a subaccount is closed. However, one sub-account cannot see information in another sub-account.
Update Your Information. Personal Information of accountholders can be reviewed and edited at any time by logging in to the primary account and reviewing the account settings and profile across the family of accounts (meaning all accounts linked to the primary account). It is the primary accountholder’s responsibility to make sure that Personal Information of users in the account family is accurate across the primary account and linked sub-accounts. The primary accountholder should promptly update your account family’s Personal Information on the Greenlight App if your Personal Information changes or becomes inaccurate.
Closing Account(s). The primary accountholder can close the primary account or any sub-account by calling Greenlight Customer Service at 1-888-483-2645. If they close an account, the account will no longer be accessible to the accountholder and we will mark the account in our database as “Closed,” but may retain Personal Information from the account to collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, prevent fraud, enforce the Cardholder Agreement and Terms of Service, or take other actions as required or permitted by law.
Deletion of Personal Information. If you request us to delete your account information, we will delete as much information as we are legally permitted. Due to regulatory recordkeeping obligations, we may be unable to delete all information associated with a closed account and may be required to retain information related to each accountholder and their Greenlight card account and their Invest Account in order to comply with applicable law.
Greenlight’s Information Security Program is managed by dedicated information security personnel with commercially reasonable information security measures to protect your Personal Information against loss, misuse, and unauthorized access. These measures include, but are not limited to, data encryption, cyber threat detection, and internal access controls. We regularly have our Information Security Program assessed and validated by independent security audit experts. We use reasonable administrative, technical, and physical security measures to protect Personal Information we collect against loss, misuse, and unauthorized access. You and your linked sub-account cardholders are responsible for maintaining the security of your user names and passwords used to access Greenlight Services.
The Information We Collect, How We Use It, and How and When We Communicate with Parents
During the registration process to create a primary account for use of Greenlight Services, regardless of whether registration occurs on the Website or on the Greenlight App, we first ask the individual attempting to register for their mobile phone number, whether they are a parent/guardian or a child, then we ask the individual for their date of birth. If the date of birth indicates that the individual is a child younger than 13, then the child receives a message indicating that the child will need a parent or guardian to create an account, and the child is shown a message to tell their parent or guardian about Greenlight and have their parent sign up at the Website or download the Greenlight App. In addition, the registration session ends for that individual, we do not retain the mobile phone number or birthdate information and no further registration information is collected. If the individual is 13 years or older but younger than 18, then we will request the minor to provide a first and last name, an email address and password, and a parent’s cell phone number so that we can provide the parent with information about how to download the Greenlight App and finish registering an account.
When a parent or legal guardian decides to add a child as a sub-account, they provide us with the first and last name, and mobile phone number, if any, of a child under 13 in order to establish the child as a sub-account cardholder. The child is then invited to download the Greenlight App from the Apple® App Store or Google® Play and, upon doing so, are requested to enter an email address, password, date of birth and preferred pronoun. Once a child under 13 starts using the Greenlight App, we collect and maintain transaction data and history from our prepaid card services and Invest Account Services for all accounts in order to provide Greenlight Services to them.
Parents and legal guardians can access Personal Information of a child under 13 at their own election from the account family’s dashboard, as described in more detail immediately below.
When Information is Available to Others
Members of Account Family. Parents or legal guardians, as primary accountholders, and any secondary approver can see the name, user name, preferred pronoun, email address, mobile phone number, and birth date of their sub-account cardholders as part of the account family dashboard. They also have access to all transaction details in their sub-accounts (such as purchase history details and Invest Account trade details). Sub-accounts cannot see one another’s data (including Personal Information); data relating to sub-accounts is only visible to that account’s sub-account cardholder, the primary accountholder that designated the sub-account, and the secondary approver (if any) designated by the primary accountholder.
Service Providers. In order to provide requested Greenlight Services, Greenlight may also share a child’s Personal Information, as necessary to perform Greenlight Services, with select service providers who provide services to support our operations such as: card manufacturing and fulfillment providers; insurance providers for mobile phone protection and purchase protection; cloud hosting providers (like AWS); email distribution providers; and other service providers. A number of these service providers are described in more detail above under “PERSONAL INFORMATION WE COLLECT AND HOW.”
Legal Requirements and Fraud Protection. We may share a child’s Personal Information when we have reason to believe that disclosing the information is necessary to prevent fraud, damage to person or property, protect and secure our business, assets, user accounts or enforce legal rights or comply with subpoena, court order, legal process or obligations. We reserve the right to disclose any Personal Information as needed if that information is requested by law enforcement agencies or if we are required to do so by law or court order.
Parental Choices and Controls
The primary accountholder can update or change Personal Information of a child at any time through the account settings.
At any time, a primary accountholder can refuse to permit us to collect further Personal Information of a child by closing that sub-account by calling Greenlight Customer Service at 1-888-483-2645. If you close an account, we will mark the account in our database as “Closed,” but may retain Personal Information from the account to deactivate the account with our service providers, allow the primary accountholder to reactivate the Greenlight account for some period in the future, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, prevent fraud, enforce the Cardholder Agreement and Terms of Service, or take other actions as required or permitted by law.
If you request us to delete your child’s sub-account information, we will delete as much information as we are legally permitted. Due to regulatory recordkeeping obligations, we may be unable to delete all information associated with a closed sub-account and may be required to retain information related to each sub-account cardholder, their Greenlight card account and their Invest Account in order to comply with applicable law. We will not share any individual trading data unless required by regulators or other governmental authorities, to support processing of settlement of your transactions, or in accordance with applicable laws or legal process.
Parents of children under 13 who are California residents may have additional rights to “know” and “delete” Personal Information of their children. Please refer to “YOUR CALIFORNIA PRIVACY RIGHTS” section below.
The information included in this section applies to residents of California.
For “Do Not Sell My Personal Information” requests, please complete the webform at https://greenlight.com/data-request.
Notice of Collection and Use of Personal Information
See “PERSONAL INFORMATION WE COLLECT AND HOW” for the categories of Personal Information collected and specific examples, sources from which, and how, we collected Personal Information
See “HOW WE USE PERSONAL INFORMATION” for our business or commercial purposes for collecting Personal Information
Categories of Personal Information Collected
In particular, as part of Greenlight Services, we have collected the following categories of Personal Information from or about California residents who are primary accountholders or secondary approvers within the last twelve (12) months:
Identifiers. See “PERSONAL INFORMATION WE COLLECT AND HOW” for a description of the Identifiers that we have collected from California residents.
Personal information described in California Customer Records Statute. See “PERSONAL INFORMATION WE COLLECT AND HOW” for a description of items such as bank account numbers and debit card numbers used as funding sources for Greenlight accounts, that we have collected from California residents.
Protected classification characteristics under California or federal law. See “PERSONAL INFORMATION WE COLLECT AND HOW” for a description of items such as age and gender, that we have collected from California residents.
Commercial information. See “PERSONAL INFORMATION WE COLLECT AND HOW” for a description of commercial information that we have collected from California residents.
Internet or other similar network activity. See “PERSONAL INFORMATION WE COLLECT AND HOW” for a description of these items that we have collected from California residents.
Inferences drawn from other Personal Information. Greenlight may draw inferences about your preferences and future activities from the information above.
We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
How We Disclose or Sell Personal Information
The following describes how we disclose, or share, information to third parties and the limited cases in which it may be considered a “sale” based on the California Consumer Privacy Act’s (“CCPA’s”) broad definition of the word “sale.”
See “HOW WE SHARE PERSONAL INFORMATION” for third parties with whom we disclose Personal Information.
We do not sell your Personal Information in exchange for money. However, we share Personal Information with certain third parties for our own marketing purposes which, under California’s privacy laws, may be considered a “sale.” We may share the following categories of Personal Information with third parties for marketing purposes: your full name, date of birth, gender, postal address, email address, phone number, and Internet Protocol (IP) address.
We do not knowingly “sell” the Personal Information of minors under 18.
Your CCPA Rights and How to Exercise Them
If you are a California resident, you have certain rights, pursuant to the CCPA. These CCPA rights may only apply in certain circumstances and are subject to certain exemptions. Please see the information below for a summary of your rights, how to exercise your rights and the information we require in order to respond to your requests. Please note that we may ask for certain information to verify the request in accordance with applicable law. In the event that you are a child under 18, we may request that your parent or legal guardian exercise these rights on your behalf as indicated below.
Right to Know or Access. You have the right to request that we disclose the categories of Personal Information we collected, used, disclosed and/or sold about you in the last 12 months. You also have the right to request access to the Personal Information (specific to you) that we collected, used, disclosed, and/or sold about you in the last 12 months. To exercise your right to know or access, please contact us to submit your request by email at firstname.lastname@example.org. You will be required to provide certain information which we will use to verify you and your request. If you are an accountholder under age 18, your parent or legal guardian must submit your request on your behalf. Non-accountholders under the age of 13 must also have a parent or legal guardian submit the request on your behalf.
Right to Delete. You have the right to delete Personal Information that we collect or maintain about you, but we likely will be unable to further provide Greenlight Services provided through an account (like the Greenlight card or Invest Account Services) to you if you exercise this right. To request deletion of your information, please contact us to submit your request by email at email@example.com or by mail at Greenlight Financial Technology, Inc., 303 Peachtree St, NE, Suite 4300, Atlanta, GA 30308, Attn: CA - Personal Information Deletion. You will be required to provide certain information which we will use to verify you and your request. Please note that certain exceptions apply to this right, such as when we retain your information to comply with law, or to complete the transaction for which the Personal Information was collected, or to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity. We will notify you of any such exceptions as applicable to your request. If you are an accountholder under age 18, your parent or legal guardian must submit your request on your behalf. Non-accountholders under the age of 13 must also have a parent or legal guardian submit the request on your behalf.
Right to Opt-Out of Sale. We do not sell your Personal Information for money. However, to be able to offer Greenlight Services, we may share Personal Information of users who are 18 or older in a manner that could be considered a “sale” in California. Under California’s privacy laws, certain marketing activities may be considered a “sale” of Personal Information based on a broad definition of the word “sell.” We do not “sell” Personal Information for minors under 18.
If you are a California resident, 18 or older, you have the right to opt out from the “sale” of Personal Information. We also provide this right to Opt-Out of Sale to residents of other States. If you would like to exercise this right, you may use the “Do Not Sell My Personal Information” link on www.greenlight.com (also linked here: https://greenlight.com/data-request) to submit the request. You may also submit your request by email at firstname.lastname@example.org.
Right to Non-Discrimination. You have the right not to receive discriminatory treatment by us for the exercise of any of your CCPA rights.
Right to an Authorized Agent. You can exercise your CCPA rights yourself or you can designate an authorized agent to make a request on your behalf. Your authorized agent must be able to demonstrate authority to act on your behalf as further instructed when submitting a verifiable request.
Third-Party Marketing Disclosure
Under California Civil Code Section 1798.83 (the “Shine the Light” law), California residents with whom we have a business relationship can request certain information regarding what types of Personal Information, if any, we shared with third parties for the direct marketing purposes of the third parties and the identities of the third parties with whom the business has shared such information in the immediately preceding 12 months. You may request this information by contacting us using the contact information at the top of this “YOUR CALIFORNIA PRIVACY RIGHTS” section or contact us.
We do not exchange your Personal Information for money with anyone so that they can license or sell the Personal Information to additional parties.