Kabbage, Inc. Privacy Policy

Effective Date: October 16, 2020

General

Kabbage, Inc. (DBA KServicing), its affiliates, and subsidiaries (collectively, “we”, “us” or “our”) provides this Privacy Policy to the website visitors, users, and businesses that access services provided by or through Kabbage, Inc. (collectively, “you” or “your”). This Privacy Policy applies when you access or use www.kservicing.com or any other website or application that links to or directly provides this Privacy Policy (collectively, the "Sites") and describes how we collect, store, use, share, and protect information about you to operate the Sites and make available business financial products and services (collectively with the Sites, the “Services”). This Privacy Policy also describes your choices regarding certain information we collect about you. The terms of this Privacy Policy are incorporated into the Kabbage, Inc. Terms of Service.

Please carefully read this Privacy Policy and the Terms of Service before accessing or using the Services. By accessing or using the Services you agree to the terms of this Privacy Policy and the Terms of Service.

If you apply for or obtain a financial product or service where we function as a service provider for our bank partners, any information that we collect from and about you related to that financial product or service will be on behalf of the bank partner.

The USA Patriot Act

IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING AN ACCOUNT

To help the government fight the funding of terrorism, money laundering activities and other financial crimes, federal law requires all financial institutions to obtain, verify and record information that identifies each person who opens an account.

What this means for you: When you obtain a financial product or service offered by or in connection with our relationship with a financial institution, we may ask for your name, mailing address and other information or documentation, such as a copy of your driver’s license or other identifying documents, to verify your identity and otherwise comply with the applicable federal laws and regulations.

Information Collected

In connection with your use of the Services, we collect three types of information about you: Business Information, User Information, and General Information. Information from any of these categories may be linked with other information that we collect about you.

  1. Business Information. Business Information includes information regarding businesses that use or otherwise access the Services (“Customers”). Business Information may also include information about your customers (i.e., businesses that have a commercial relationship or otherwise transact with Customers) if collected in connection with such Customer’s use or access of the Services. Business Information includes, but is not limited to (i) business name, address, email, and telephone number, (ii) company structure, (iii) industry type, (iv) incorporation date, (v) annual revenue, (vi) bank account information (e.g., average bank balance, bank statements, credit card statements), (vii) marketplace account information (e.g., transactions), (viii) payment information (e.g., payment history, merchant category code, payment card number), (ix) business social network data (e.g., likes, posts, followers), (x) accounting information, (x) vendor usage information, (xi) information regarding our transactions and experiences with the business, and (xiii) beneficial ownership information.

    In the U.S., federal law requires us to collect and verify beneficial ownership information of our Customers. We collect this information to protect the U.S. financial system from financial crimes like money laundering, tax evasion, corruption, and fraud. Requiring the disclosure of key individuals who ultimately own or control the business helps law enforcement investigate and prosecute financial crimes. We will collect and maintain beneficial ownership information in compliance with this Privacy Policy.

  2. User Information. User Information includes information about the owners, principals, and business representatives, such as: name, job title, user name(s), mailing address, email address, primary telephone number, date of birth, social security number, and FICO score. In addition, if you make payments through the Services, we may also collect information about your customers, such as payments or invoicing information, so we can provide the Services.
  3. General information. General Information includes technical information such as information regarding your use of and interactions with the Sites. This General Information includes, but is not limited to, information about (i) your Internet connection, (ii) the equipment you use to access the Sites and usage details, (iii) your operating system, browser version and internet protocol (IP) address, (iv) your mobile device type, your device’s unique identifier, and your mobile network information, and (v) web pages, content, communications, or advertisements that you view or otherwise interact with, and (vi) referring/exit pages, clickstream data, and information that you search for using the Services.

How We Collect Your Information

  1. Information Provided by You. We collect any information you provide when you use the Services. For example, we collect User Information and Business Information from you when you (i) register an account on the Sites, (ii) fill out forms or fields on the Sites, or (iii) complete an application for a product or service available through the Services. We also collect any information you may submit through communications with us by email, mail, text, telephone, facsimile or other means.

    The Services allow us, upon your direction, to obtain User Information and Business Information from third party entities that your business maintains accounts with such as financial institutions, service providers, and social networking services. For example, we may obtain (i) transactional information about your business from financial institutions, (ii) information about your business’s engagement with customers from social networking services, and (iii) information about your business’s sales volume from service providers.

  2. Information We Collect When You Use Our Services. We automatically collect General Information from your computer, mobile device or other device you use when you access the Services (including downloading and using a mobile application or accessing a mobile optimized Site), view content about the Services on a third-party website or open emails or links in emails from us. We, our business partners, or our service providers may use cookies or similar technologies to collect information. Cookies are small text files containing a string of alphanumeric characters. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Services. Please review your web browser “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete or choose not to accept cookies from the Service, you may not be able to utilize the features of the Services to their fullest potential. We also use cookies and similar technologies hosted by third parties on the Services. For instance, we use Google Analytics to collect and process certain analytics data. Google provides some additional privacy options described at www.google.com/policies/privacy/partners/ regarding Google Analytics’ cookies. We may receive reports based on the use of these technologies by such companies on an individual and aggregated basis.
  3. Information Received from Third Parties. In the course of providing the Services, we may also collect additional Business Information or User Information from third parties, including, but not limited to: financial institutions, referral partners, identity verification services, card networks, vendors, mailing list providers, consumer reporting agencies, commercial credit bureaus and associations, fraud prevention agencies, and publicly available sources. We may combine this information with information we already have about you.

Use of Information

  1. Service-Related Usage. We use cross-device tracking and the information we collect about and from you, both in a personally-identifiable form and in an aggregated or anonymized form, for a number of purposes, including for providing, supporting, promoting, and improving the Services. Such uses include:

    1. Enabling users to obtain products and services through the Services;
    2. Facilitating marketing, processing, servicing, and collections activities;
    3. Providing customer support;
    4. Understanding, customizing, and enhancing user experience;
    5. Providing targeted marketing and advertising;
    6. Determining your eligibility for the Services;
    7. Verifying your identity, conducting appropriate diligence, and keeping your information current;
    8. Creating an account connection between your account and a third-party account or platform;
    9. Sending notifications and information regarding the Services;
    10. Measuring and improving the performance and functionality of the Sites;
    11. Managing and protecting our information technology infrastructure;
    12. Administering and managing the security of the Sites;
    13. Developing new products and services; and
    14. Compiling, using, researching, analyzing, and generating data analytics reports to better understand our Customers and to improve the Services.
  2. Communications. We may communicate with you using the information collected (i) for customer service, (ii) to provide you with updates or information relating to the Services, or (iii) to conduct surveys and collect feedback about the Services.
  3. Marketing and Advertising. We may use the information we collect for marketing and advertising purposes. These purposes may include communicating with you about our products and services, or products and services offered by or through our business partners (including our bank partners), including but not limited to providing you with promotional materials that may be useful, relevant, valuable, or otherwise of interest to you, and inviting you to participate in events or surveys. Where required under applicable law, we will obtain your prior opt-in consent to send you electronic marketing communications. To learn more about your choices regarding interest-based advertising and cross-device tracking, please see the Third-Party Information Collection section below.
  4. Compliance with Law and Our Own Obligations. We may use the information we collect, to the extent permitted or required under applicable laws (i) to enforce our Terms of Service or other legal rights, including intellectual property infringement, (ii) to detect and protect against potentially prohibited or illegal activities, including fraud and unauthorized access, (iii) in response to lawful requests for information or legal process, (iv) to establish, exercise, or defend a legal claim, and (v) to comply with our contractual obligations, our policies, industry standards, and applicable laws.
  5. Other Purposes. We may use the information we collect for other purposes for which we provide notice to you at the time of collection or for which we obtain your consent.
  6. Aggregate Data. We may process your information in an anonymized or aggregated form for purposes other than described above.

Information Sharing

We may share Business Information, User Information, and General Information as follows:

  1. Affiliates and Subsidiaries. We may share your information with and amongst our affiliates and subsidiaries for any of the purposes described in the Use of Information section above.
  2. Service Providers. We may engage service providers to assist us in operating the Sites, providing the Services and/or other business purposes, including, but not limited to, servicing your account. These service providers may also provide services such as fraud prevention, cloud computing, cybersecurity, identity verification, credit checks, collections, and payment processing. We may share any information we receive with such parties as is necessary for the provision of the Services.
  3. As Required By Law and Similar Disclosures. We may disclose your information if we believe doing so is required or appropriate to (i) comply with applicable laws, regulations, and card association rules, (ii) comply with regulatory investigations, enforcement requests, and legal process, such as subpoenas, court orders, and bankruptcy notices, (iii) respond to your requests or resolve disputes or inquiries, (iv) detect, prevent, or otherwise address fraud, confidentiality, security or technical issues, (v) respond to regulatory authorities jurisdiction over us for examinations, compliance, or other purposes, (vi) respond to requests from bank partners or third-party auditors, and (vii) protect your, our, or others’ rights, property, or safety, or the security or integrity of our Services.
  4. Business Partners. We may disclose information about you with business partners, including our bank partners, in connection with jointly offered products and services, as well as products and services offered by these partners and made available through the Services or which we believe may be of interest to you or your business (including for related account purposes). These business partners are generally subject to contractual obligations entered into with us restricting how they may use this information.
  5. Corporate Changes and Transactions. We may disclose your information in connection with (including, without limitation, during the negotiation or due diligence process of) a corporate merger, consolidation, or restructuring; the sale or transfer of some or all of our stock and/or assets; equity or debt financings, acquisition, divestiture, or dissolution of all or a portion of our business; or other corporate change.
  6. Aggregated or Anonymized Information. We may sell, license or distribute information in anonymized or aggregated form so that the information does not identify a specific user, without restriction, including, but not limited to, for producing data analytics and reports for business partners or other third parties.
  7. Consent. We may disclose your information to any third party with your consent. For example, we may disclose information at your direction, as described at the time you agree to share, or when you authorize a third-party application or website to access your information.
  8. Other Purpose. To fulfill the purpose for which you provide such information to us or any other purpose disclosed by us when you provide the information to us.

Third-Party Information Collection

We may work with third-party advertising partners to display advertisements on the Sites and other websites and mobile applications and third-party analytics partners (e.g., Google Analytics) to evaluate and provide us with information regarding your use of the Sites. We may also utilize framing techniques to serve you content from third-party providers, while preserving the look and feel of the Services. In such cases, you will be providing information to these third parties.

These third parties may use cookies, Web beacons, pixel tags and similar technologies to collect information about your activities on the Sites and other Web sites to provide you personalized advertising based on your interests and browsing activity. If you do not wish to receive interest-based ads, you may click here to learn more about how you may opt out. To opt out of certain interest-based advertising on your mobile device, iOS users can click here and Android users can click here. In addition, you may be able to access settings offered by your mobile operating system to limit ad tracking or install the AppChoices application to learn more about how you may opt out of receiving personalized mobile ads. Please note that opting out of interest-based advertising does not limit all advertising.

Push Notifications

If you are a user of our applications, we may send push notifications or alerts to your mobile device even when you are not logged in. We may use push notifications to send you notifications related to the Services and various triggers based on your selections. You can manage your push notification preferences or deactivate these notifications by turning off notifications under settings for your mobile device. If you choose not to receive push notifications, you may still receive in-app notifications.

Your Access

If you are a registered user of the Services, you may review or modify certain Business Information and User Information we have collected about you by logging into your account for the Services and updating your profile. This section of the Site is password protected to better safeguard your information. If you would like to access, remove, or change any other information that you cannot independently access, correct, or delete, you may submit a request for such updates by contacting us as indicated in the Contact Us section below. Under certain circumstances we may not be able to fulfill your request, such as if it restricts our ability to comply with applicable laws and regulations or legal process, we cannot verify your identity, or it involves disproportionate cost or effort. In such instances, we will respond to your request within a reasonable timeframe and provide you an explanation of our decision.

Your Choices

You may choose to stop receiving marketing emails by following the unsubscribe instructions included in these emails. You may also request that we do not call you for marketing-related purposes. In addition to following the unsubscribe instruction in relevant email communications, you may make these requests by contacting us at support@kservicing.com, calling us at 855-747-5135 or writing to us at Kabbage, Inc. Customer Service, P.O. Box 77073, Atlanta, GA 30357-1073, Attn: Marketing Opt-Out. We will respond to your request within a reasonable timeframe. In addition, if you no longer wish to receive marketing notifications through our mobile applications you can adjust your device's privacy preferences by visiting the settings page of the device. Opting out of marketing emails or notifications will not stop your receipt of non-marketing emails and notifications related to the Services.

Various browsers may offer their own tools to manage cookies. If you disable cookies, you can still use the Services, but your ability to use some features of the Services may be limited.

Links to Third-Party Websites

The Sites may include links to other websites or mobile applications whose privacy practices may differ from ours. We are not responsible for any practices employed on third-party websites or applications, including the information and content contained on the website or application. If you submit information to a third-party website or application, your information is governed by the third party's privacy policy. We encourage you to carefully read the privacy policy of any website or application you visit, access, or use.

Security of Information

We take reasonable measures, including administrative, technical, and physical safeguards to protect your information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. These security measures include firewalls, data encryption, physical access controls to our data centers, and information access authorization controls. Your information is securely sent to us with at least 128 bit-encryption over the Transport Layer Security (TLS) protocol. This creates an encrypted connection between your browser and us so that any sensitive information you provide can be securely transmitted. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us.

If you link your bank account information as a part of applying for or receiving the Services, we will have read-only access to such information. We do not have access to change, edit, or modify your bank account information. We do not store banking credentials (i.e., username and passwords). You are responsible for securing and maintaining the privacy of your banking credentials and account information. We are not responsible for protecting any information we share with a third-party based on an account connection that you have authorized.

Children’s Privacy

This Site and products or services available through this Site are not intended for children under the age of 18. We do not knowingly solicit or market online to children under the age of 18. If we knowingly receive a child's personally identifiable information, we will immediately delete it from our system. Contact us at the address or phone number in the Contact Us section of this Privacy Policy if you believe that we have mistakenly or unintentionally collected information from a child under the age of 18.

Testimonials

We may display testimonials of satisfied Customers on the Services with their consent. If you wish to update or delete a testimonial posted in accordance with this Privacy Policy, you can contact us at the address or phone number at the bottom of this Privacy Policy.

Referrals

If you choose to participate in a referral service program to tell a business about the Services, we will ask you for the business's name and email address. Depending on the Services used, we will send the referred business an email either directly or on behalf of our business or financial institution partners, inviting the business to use the Services. We store information about the business for the purpose of sending an email and tracking the success of the referral program. We may send additional emails to the business directly or on behalf of our business or financial institution partners, unless the business opts out of receiving such emails. Businesses that you refer may contact us at the address or phone number at the bottom of this Privacy Policy to request that we remove their information from our database.

Social Media Widgets

The Services may include social media features and widgets, such as the Facebook "Like" button, or interactive mini-programs that run on the Services. These features may collect information such as your IP address and which page you are visiting on the Site and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third-party or hosted directly on the Services. Your interactions with these features are governed by the privacy policy of the company providing it.

Data Retention

We will retain your information for (i) as long as reasonably necessary to provide you Services, (ii) as long as reasonably useful for commercial purposes, or (iii) as long as necessary to comply with applicable laws and internal policies regarding recordkeeping, reporting, audits, and litigation holds. If you wish to request that we no longer use your information to provide you Services, you may contact us at the address or phone number at the bottom of this Privacy Policy. We will nonetheless retain your information to the extent that we deem necessary to comply with our legal or contractual obligations, resolve disputes, as needed to provide you Services, or for other business purposes.

Transfers to Other Countries

We may transfer information to other countries, for example, for customer service or to process transactions. We will protect your information as described in this Privacy Policy if your information is transferred to other countries.  By using our Sites and Services, you consent to your information being transferred to other countries, including countries that have different data protection rules than your country.  We do not represent that our Sites and Services are appropriate or available in any particular jurisdiction.

Contact Us

Any questions or concerns regarding this Privacy Policy, our practices, the Sites, or the Services, and/or access, correction, or deletion of personal information, please contact us by email at support@kservicing.com or with a letter by postal mail to:

Kabbage, Inc.
925B Peachtree Street NE, Suite 1688
Atlanta, GA 30309

For phone inquiries please call: 855-747-5135

Your California Privacy Rights

If you are a California resident, the California Consumer Privacy Act of 2018 (“CCPA”) permits you to obtain certain disclosures about information you have shared with us in connection with your use of the Services. CCPA also provides you with certain rights with respect to this information. This section outlines those CCPA required disclosures and details those rights that apply to “personal information” subject to the CCPA.  Personal information does not include information that is publicly available (as defined by the CCPA), deidentified, or aggregated.

Accessibility

You may access this Privacy Policy through the use of standard screen reader. You can also print a copy of this Privacy Policy by using your “Print” function on your computer. If you are having difficulty viewing or navigating this Privacy Policy, please contact us at 855-747-5135.

Information We Collect

In the past 12 months, we may have collected the following categories of personal information about California residents who are website visitors, users, and businesses that access services provided by or through Kabbage, Inc.:

CategoryExamples
IdentifiersFirst and last name, mailing address, online identifier (e.g., username), Internet Protocol (IP) address, email address, social security number, driver’s license number, passport number, or other similar identifiers
Categories of information described in the California Customer Records StatuteFirst and last name, social security number, address, primary telephone number, job title, bank account number, or any other financial information
Commercial or transactions informationProducts or services purchased, obtained, or considered
Internet or other electronic network activity informationInformation about your internet connection, the equipment used to access the Sites and usage details, operating system, browser version, IP address, mobile device type, device unique identifier, mobile network information, web pages, content, communications, advertisements, referring/exit pages, clickstream data, and information that you search for using the Services
Sensory dataAudio, or similar information
Professional or employment-related informationJob title

We collect the information listed above from the following categories of sources: (i) information provided by you, (ii) information we collected when you use our Services, or (iii) information received from third parties.

Use of Personal Information

We may use or disclose the personal information we collect from you for a number of purposes compatible for which it was collected or authorized by you, including for, but not limited to, the following purposes:

  1. Providing, supporting, promoting, and improving the Services;
  2. Communicating with you;
  3. Marketing and advertising;
  4. Complying with law and our own obligations; and
  5. For other purposes for which we provide notice to you at the time of collection or for which we obtain your consent.

More information on how we use your personal information is available in the Use of Information section above.

Sharing Personal Information

As noted in the Information Sharing section of this Privacy Policy, we may disclose your personal information to a third party for a business purpose, including, but not limited to, sharing with service providers to assist us in providing the Services, and to our business partners, including our bank partners. When we disclose your personal information to a third party for a business purpose, such disclosure is subject to a contract that describes the business purpose and requires such party to keep the information confidential and not use it for any purpose other than performing the contract. We further require the party to certify that it understands and agrees to comply with such restrictions.

As also described in Information Sharing, we may also disclose your personal information: (i) to affiliates and subsidiaries; (ii) as required by law; (iii) in connection with corporate changes and transactions; (iv) in anonymized or aggregate form; or (v) with your consent.

In the past 12 months, we may have disclosed the following categories of personal information, in accordance with the Information Sharing section contained in this Privacy Policy, for a business purpose: (i) identifiers; (ii) categories of information described in the California Customer Records Statute (such as first and last name, social security number, address, primary telephone number, job title, bank account number, or any other financial information); (iii) commercial or transaction information; (iv) internet or other electronic network activity information; (v) sensory data, and (vi) professional or employment-related information.

Sale of Personal Information

We do not sell your personal information. We share your personal information with third parties for the specific purposes as described in this Privacy Policy.

Your Rights Regarding Personal Information

California residents may exercise the following rights regarding their personal information, subject to certain exceptions and limitations. While the CCPA becomes effective on January 1, 2020, some individuals may not be able to invoke these rights until January 1, 2021 due to a temporary legislative period of delay. For example, where an individual is acting on behalf of a company (e.g., as an employee, owner, director, officer, or contractor), access and deletion rights are temporarily unavailable for the personal information reflecting a written or verbal communication or transaction between us and the individual where the communication or transaction occur solely within the context of the individual’s company receiving a product or service from us.

  1. Right to Know. You have the right to request that we disclose certain information we have collected, used and disclosed in the past 12 months. You have the right to know:

    1. the categories and specific pieces of personal information we have collected about you;
    2. the categories of sources from which your personal information was collected;
    3. the purposes for collecting your personal information;
    4. the categories of third parties with whom we have shared personal information;
    5. if your information is sold, lists of the categories of personal information sold and disclosed for a business purpose.
  2. Right to Delete. You have the right to request that we delete any personal information we have collected from you. We will also direct any service providers with whom we have shared your personal information to delete such information from their records. CCPA provides certain exceptions to the Right to Delete. If any of these exceptions apply, we will not be able to comply and will be forced to deny your request to delete, for example when the personal information is necessary to complete a transaction for which we collected it or to comply with a legal obligation. We use a two-step process for online requests to delete personal information.  You will be asked to clearly submit your request to delete and to separately confirm your choice.
  3. Right to Opt-out of Sale(s). We do not sell your personal information to third parties.
  4. Right to Non-Discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.

To exercise any of the above rights, you may submit a verifiable request by using the following information:

By phone at 855-747-5135; or

Online at privacy.kservicing.com

Responding to Your Requests

When you submit a request through one of the designated methods for submitting requests, it may take us up to 45 days from receiving your verifiable request to disclose and deliver the required information. In some cases, it may take us longer to respond to your request. If we require more time (up to 90 days), we will provide you with notice of the extension period.

We may need to request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create a business user account to submit a request or have it fulfilled.  If you do not have a password-protected account with us, we will require you to provide additional information to verify your identity. If we are unable to verify your identity to a reasonable degree of certainty, we will not be able to provide the requested information.

Authorized Agent

You may designate an authorized agent to make a CCPA request to know or delete on your behalf based on: (i) your written permission authorizing the agent to submit the request and the agent verifying their identity in accordance with the verification process outlined above; or (ii) providing the agent with power of attorney to act on your behalf. We will require copies of such written authorization or power of attorney.

Changes to Privacy Policy

By visiting the Sites or using the Services, you accept the practices described in this Privacy Policy. We may update this Privacy Policy from time to time by making available a revised, dated version on the Sites. If the revised version includes a substantial change, we will provide a more prominent notice (including, for certain services, an email notification of Privacy Policy changes) prior to the change becoming effective. Your continued use of the Site shall constitute your acceptance of such updated Privacy Policy. We encourage you to periodically review this page for the latest information on our privacy practices.

Dispute Resolution

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based, third-party dispute resolution provider (free of charge) at: https://feedback-form.truste.com/watchdog/request.

TRUSTe