Effective Date: October 16, 2020
If you apply for or obtain a financial product or service where we function as a service provider for our bank partners, any information that we collect from and about you related to that financial product or service will be on behalf of the bank partner.
The USA Patriot Act
IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING AN ACCOUNT
To help the government fight the funding of terrorism, money laundering activities and other financial crimes, federal law requires all financial institutions to obtain, verify and record information that identifies each person who opens an account.
What this means for you: When you obtain a financial product or service offered by or in connection with our relationship with a financial institution, we may ask for your name, mailing address and other information or documentation, such as a copy of your driver’s license or other identifying documents, to verify your identity and otherwise comply with the applicable federal laws and regulations.
In connection with your use of the Services, we collect three types of information about you: Business Information, User Information, and General Information. Information from any of these categories may be linked with other information that we collect about you.
Business Information. Business Information includes information regarding businesses that use or otherwise access the Services (“Customers”). Business Information may also include information about your customers (i.e., businesses that have a commercial relationship or otherwise transact with Customers) if collected in connection with such Customer’s use or access of the Services. Business Information includes, but is not limited to (i) business name, address, email, and telephone number, (ii) company structure, (iii) industry type, (iv) incorporation date, (v) annual revenue, (vi) bank account information (e.g., average bank balance, bank statements, credit card statements), (vii) marketplace account information (e.g., transactions), (viii) payment information (e.g., payment history, merchant category code, payment card number), (ix) business social network data (e.g., likes, posts, followers), (x) accounting information, (x) vendor usage information, (xi) information regarding our transactions and experiences with the business, and (xiii) beneficial ownership information.
- User Information. User Information includes information about the owners, principals, and business representatives, such as: name, job title, user name(s), mailing address, email address, primary telephone number, date of birth, social security number, and FICO score. In addition, if you make payments through the Services, we may also collect information about your customers, such as payments or invoicing information, so we can provide the Services.
- General information. General Information includes technical information such as information regarding your use of and interactions with the Sites. This General Information includes, but is not limited to, information about (i) your Internet connection, (ii) the equipment you use to access the Sites and usage details, (iii) your operating system, browser version and internet protocol (IP) address, (iv) your mobile device type, your device’s unique identifier, and your mobile network information, and (v) web pages, content, communications, or advertisements that you view or otherwise interact with, and (vi) referring/exit pages, clickstream data, and information that you search for using the Services.
How We Collect Your Information
Information Provided by You. We collect any information you provide when you use the Services. For example, we collect User Information and Business Information from you when you (i) register an account on the Sites, (ii) fill out forms or fields on the Sites, or (iii) complete an application for a product or service available through the Services. We also collect any information you may submit through communications with us by email, mail, text, telephone, facsimile or other means.
The Services allow us, upon your direction, to obtain User Information and Business Information from third party entities that your business maintains accounts with such as financial institutions, service providers, and social networking services. For example, we may obtain (i) transactional information about your business from financial institutions, (ii) information about your business’s engagement with customers from social networking services, and (iii) information about your business’s sales volume from service providers.
- Information Received from Third Parties. In the course of providing the Services, we may also collect additional Business Information or User Information from third parties, including, but not limited to: financial institutions, referral partners, identity verification services, card networks, vendors, mailing list providers, consumer reporting agencies, commercial credit bureaus and associations, fraud prevention agencies, and publicly available sources. We may combine this information with information we already have about you.
Use of Information
Service-Related Usage. We use the information we collect about and from you, both in a personally-identifiable form and in an aggregated or anonymized form, for a number of purposes, including for providing, supporting, promoting, and improving the Services. Such uses include:
- Enabling users to obtain products and services through the Services;
- Facilitating marketing, processing, servicing, and collections activities;
- Providing customer support;
- Understanding, customizing, and enhancing user experience;
- Providing targeted marketing and advertising;
- Determining your eligibility for the Services;
- Verifying your identity, conducting appropriate diligence, and keeping your information current;
- Creating an account connection between your account and a third-party account or platform;
- Sending notifications and information regarding the Services;
- Measuring and improving the performance and functionality of the Sites;
- Managing and protecting our information technology infrastructure;
- Administering and managing the security of the Sites;
- Developing new products and services; and
- Compiling, using, researching, analyzing, and generating data analytics reports to better understand our Customers and to improve the Services.
- Communications. We may communicate with you using the information collected (i) for customer service, (ii) to provide you with updates or information relating to the Services, or (iii) to conduct surveys and collect feedback about the Services.
- Marketing and Advertising. We may use the information we collect for marketing and advertising purposes. These purposes may include communicating with you about our products and services, or products and services offered by or through our business partners (including our bank partners), including but not limited to providing you with promotional materials that may be useful, relevant, valuable, or otherwise of interest to you, and inviting you to participate in events or surveys. Where required under applicable law, we will obtain your prior opt-in consent to send you electronic marketing communications. To learn more about your choices regarding interest-based advertising and cross-device tracking, please see the Third-Party Information Collection section below.
- Compliance with Law and Our Own Obligations. We may use the information we collect, to the extent permitted or required under applicable laws (i) to enforce our Terms of Service or other legal rights, including intellectual property infringement, (ii) to detect and protect against potentially prohibited or illegal activities, including fraud and unauthorized access, (iii) in response to lawful requests for information or legal process, (iv) to establish, exercise, or defend a legal claim, and (v) to comply with our contractual obligations, our policies, industry standards, and applicable laws.
- Other Purposes. We may use the information we collect for other purposes for which we provide notice to you at the time of collection or for which we obtain your consent.
- Aggregate Data. We may process your information in an anonymized or aggregated form for purposes other than described above.
We may share Business Information, User Information, and General Information as follows:
- Affiliates and Subsidiaries. We may share your information with and amongst our affiliates and subsidiaries for any of the purposes described in the Use of Information section above.
- Service Providers. We may engage service providers to assist us in operating the Sites, providing the Services and/or other business purposes, including, but not limited to, servicing your account. These service providers may also provide services such as fraud prevention, cloud computing, cybersecurity, identity verification, credit checks, collections, and payment processing. We may share any information we receive with such parties as is necessary for the provision of the Services.
- As Required By Law and Similar Disclosures. We may disclose your information if we believe doing so is required or appropriate to (i) comply with applicable laws, regulations, and card association rules, (ii) comply with regulatory investigations, enforcement requests, and legal process, such as subpoenas, court orders, and bankruptcy notices, (iii) respond to your requests or resolve disputes or inquiries, (iv) detect, prevent, or otherwise address fraud, confidentiality, security or technical issues, (v) respond to regulatory authorities jurisdiction over us for examinations, compliance, or other purposes, (vi) respond to requests from bank partners or third-party auditors, and (vii) protect your, our, or others’ rights, property, or safety, or the security or integrity of our Services.
- Business Partners. We may disclose information about you with business partners, including our bank partners, in connection with jointly offered products and services, as well as products and services offered by these partners and made available through the Services or which we believe may be of interest to you or your business (including for related account purposes). These business partners are generally subject to contractual obligations entered into with us restricting how they may use this information.
- Corporate Changes and Transactions. We may disclose your information in connection with (including, without limitation, during the negotiation or due diligence process of) a corporate merger, consolidation, or restructuring; the sale or transfer of some or all of our stock and/or assets; equity or debt financings, acquisition, divestiture, or dissolution of all or a portion of our business; or other corporate change.
- Aggregated or Anonymized Information. We may sell, license or distribute information in anonymized or aggregated form so that the information does not identify a specific user, without restriction, including, but not limited to, for producing data analytics and reports for business partners or other third parties.
- Consent. We may disclose your information to any third party with your consent. For example, we may disclose information at your direction, as described at the time you agree to share, or when you authorize a third-party application or website to access your information.
- Other Purpose. To fulfill the purpose for which you provide such information to us or any other purpose disclosed by us when you provide the information to us.
Third-Party Information Collection
We may work with third-party advertising partners to display advertisements on the Sites and other websites and mobile applications and third-party analytics partners (e.g., Google Analytics) to evaluate and provide us with information regarding your use of the Sites. We may also utilize framing techniques to serve you content from third-party providers, while preserving the look and feel of the Services. In such cases, you will be providing information to these third parties.
If you are a user of our applications, we may send push notifications or alerts to your mobile device even when you are not logged in. We may use push notifications to send you notifications related to the Services and various triggers based on your selections. You can manage your push notification preferences or deactivate these notifications by turning off notifications under settings for your mobile device. If you choose not to receive push notifications, you may still receive in-app notifications.
You may choose to stop receiving marketing emails by following the unsubscribe instructions included in these emails. You may also request that we do not call you for marketing-related purposes. In addition to following the unsubscribe instruction in relevant email communications, you may make these requests by contacting us at firstname.lastname@example.org, calling us at 855-747-5135 or writing to us at Kabbage, Inc. Customer Service, P.O. Box 77073, Atlanta, GA 30357-1073, Attn: Marketing Opt-Out. We will respond to your request within a reasonable timeframe. In addition, if you no longer wish to receive marketing notifications through our mobile applications you can adjust your device's privacy preferences by visiting the settings page of the device. Opting out of marketing emails or notifications will not stop your receipt of non-marketing emails and notifications related to the Services.
Various browsers may offer their own tools to manage cookies. If you disable cookies, you can still use the Services, but your ability to use some features of the Services may be limited.
Links to Third-Party Websites
Security of Information
We take reasonable measures, including administrative, technical, and physical safeguards to protect your information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. These security measures include firewalls, data encryption, physical access controls to our data centers, and information access authorization controls. Your information is securely sent to us with at least 128 bit-encryption over the Transport Layer Security (TLS) protocol. This creates an encrypted connection between your browser and us so that any sensitive information you provide can be securely transmitted. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us.
If you link your bank account information as a part of applying for or receiving the Services, we will have read-only access to such information. We do not have access to change, edit, or modify your bank account information. We do not store banking credentials (i.e., username and passwords). You are responsible for securing and maintaining the privacy of your banking credentials and account information. We are not responsible for protecting any information we share with a third-party based on an account connection that you have authorized.
Social Media Widgets
Transfers to Other Countries
925B Peachtree Street NE, Suite 1688
Atlanta, GA 30309
For phone inquiries please call: 855-747-5135
Your California Privacy Rights
If you are a California resident, the California Consumer Privacy Act of 2018 (“CCPA”) permits you to obtain certain disclosures about information you have shared with us in connection with your use of the Services. CCPA also provides you with certain rights with respect to this information. This section outlines those CCPA required disclosures and details those rights that apply to “personal information” subject to the CCPA. Personal information does not include information that is publicly available (as defined by the CCPA), deidentified, or aggregated.
Information We Collect
In the past 12 months, we may have collected the following categories of personal information about California residents who are website visitors, users, and businesses that access services provided by or through Kabbage, Inc.:
|Identifiers||First and last name, mailing address, online identifier (e.g., username), Internet Protocol (IP) address, email address, social security number, driver’s license number, passport number, or other similar identifiers|
|Categories of information described in the California Customer Records Statute||First and last name, social security number, address, primary telephone number, job title, bank account number, or any other financial information|
|Commercial or transactions information||Products or services purchased, obtained, or considered|
|Internet or other electronic network activity information||Information about your internet connection, the equipment used to access the Sites and usage details, operating system, browser version, IP address, mobile device type, device unique identifier, mobile network information, web pages, content, communications, advertisements, referring/exit pages, clickstream data, and information that you search for using the Services|
|Sensory data||Audio, or similar information|
|Professional or employment-related information||Job title|
We collect the information listed above from the following categories of sources: (i) information provided by you, (ii) information we collected when you use our Services, or (iii) information received from third parties.
Use of Personal Information
We may use or disclose the personal information we collect from you for a number of purposes compatible for which it was collected or authorized by you, including for, but not limited to, the following purposes:
- Providing, supporting, promoting, and improving the Services;
- Communicating with you;
- Marketing and advertising;
- Complying with law and our own obligations; and
- For other purposes for which we provide notice to you at the time of collection or for which we obtain your consent.
More information on how we use your personal information is available in the Use of Information section above.
Sharing Personal Information
As also described in Information Sharing, we may also disclose your personal information: (i) to affiliates and subsidiaries; (ii) as required by law; (iii) in connection with corporate changes and transactions; (iv) in anonymized or aggregate form; or (v) with your consent.
Sale of Personal Information
Your Rights Regarding Personal Information
California residents may exercise the following rights regarding their personal information, subject to certain exceptions and limitations. While the CCPA becomes effective on January 1, 2020, some individuals may not be able to invoke these rights until January 1, 2021 due to a temporary legislative period of delay. For example, where an individual is acting on behalf of a company (e.g., as an employee, owner, director, officer, or contractor), access and deletion rights are temporarily unavailable for the personal information reflecting a written or verbal communication or transaction between us and the individual where the communication or transaction occur solely within the context of the individual’s company receiving a product or service from us.
Right to Know. You have the right to request that we disclose certain information we have collected, used and disclosed in the past 12 months. You have the right to know:
- the categories and specific pieces of personal information we have collected about you;
- the categories of sources from which your personal information was collected;
- the purposes for collecting your personal information;
- the categories of third parties with whom we have shared personal information;
- if your information is sold, lists of the categories of personal information sold and disclosed for a business purpose.
- Right to Delete. You have the right to request that we delete any personal information we have collected from you. We will also direct any service providers with whom we have shared your personal information to delete such information from their records. CCPA provides certain exceptions to the Right to Delete. If any of these exceptions apply, we will not be able to comply and will be forced to deny your request to delete, for example when the personal information is necessary to complete a transaction for which we collected it or to comply with a legal obligation. We use a two-step process for online requests to delete personal information. You will be asked to clearly submit your request to delete and to separately confirm your choice.
- Right to Opt-out of Sale(s). We do not sell your personal information to third parties.
- Right to Non-Discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.
To exercise any of the above rights, you may submit a verifiable request by using the following information:
By phone at 855-747-5135; or
Online at privacy.kservicing.com
Responding to Your Requests
When you submit a request through one of the designated methods for submitting requests, it may take us up to 45 days from receiving your verifiable request to disclose and deliver the required information. In some cases, it may take us longer to respond to your request. If we require more time (up to 90 days), we will provide you with notice of the extension period.
We may need to request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create a business user account to submit a request or have it fulfilled. If you do not have a password-protected account with us, we will require you to provide additional information to verify your identity. If we are unable to verify your identity to a reasonable degree of certainty, we will not be able to provide the requested information.
You may designate an authorized agent to make a CCPA request to know or delete on your behalf based on: (i) your written permission authorizing the agent to submit the request and the agent verifying their identity in accordance with the verification process outlined above; or (ii) providing the agent with power of attorney to act on your behalf. We will require copies of such written authorization or power of attorney.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based, third-party dispute resolution provider (free of charge) at: https://feedback-form.truste.com/watchdog/request.