Ouro U.S. Privacy Policy

Some Personal Data we may collect is defined under the law as sensitive personal information. Sensitive personal information we collect includes social security number, driver’s license number, state identification card number, passport number, customer account log-in, financial account number, debit card number and credit card number in combination with any required security or access code, password, or credentials allowing access to an account, and precise geolocation information.

Our procedures ensure that your consent is reviewed, approved, and implemented appropriately across all mediums and meets the following key principles to ensure that you understand and actively agree to how your Personal Data is being used, and that you have the power to withdraw your consent at any time. These principles are: 

• Freely Given: Consent must be obtained without coercion, pressure, or undue influence. 
• Specific and Informed: Individuals should clearly understand what information is being collected, how it will be used, and who will have access to it. 
• Unambiguous: Consent should be expressed in a clear and definitive manner, not through implied or ambiguous actions. 
• Affirmative Action: Consent should require a positive action from the individual, like checking a box or clicking a button, rather than simply opting out by inaction. 
• The Right to Revoke Consent: Individuals should have the ability to withdraw their consent at any time, with clear instructions on how to do so. 

We collect information that we need to provide our Services, to administer and improve the Services, to create and offer new Services, for research purposes, and to fulfill any legal and regulatory requirements. 

The Personal Data that we may collect include the following categories: 

• Identifiers. Personal identifiers and contact information such as your name, address, email address, phone number, and other details for identity verification required for you to access our Services. 

• Government-Issued Identifiers. Government-issued personal identifiers such as your driver’s license number, social security number, or other government-issued identifiers. 
• Account Details. Bank routing number, account number, user ID, password, and other credentials used to access our Services. 
• Payment Card Information. Information necessary to process or verify past payments and process authorized Service transactions, including cardholder name, card number (PAN), card expiration data, card verification value, billing address, and other related information. 
• Transaction Information. Account transaction history, direct deposit information, and information obtained with your consent about your linked non-Ouro accounts (such as transaction information and balances, payroll account information, etc.). 
• Payment Information. If you pay a bill, we may collect information necessary to process your payment such as bank account information, billing address, and any other related information. 
• Employment information. Employee-specific information related to payroll and health benefits, including wages and deductions including approximate or expected income and pay frequency;occupation; and income details such as employment history, references, and other information for recruiting and tracking purposes.
• Geolocation Data. Your IP address for identity verification and performance of Services.
• Commercial Information. Information about the Services you use, including interest in a Service, purchasing or consuming tendencies, and receipts or records of purchase or enrollment in other products or services.
• Message Contents. Messages, email contents, or any other information you choose to provide when interacting with Services, our customer service, or agents.
• Audio or Similar Information. Recordings of your phone conversations with our customer service team to provide or enhance Services and for quality assurance and training purposes.
• Preferences. Types of Services you use, your communications preferences, wish lists and other preferences you may select in your account or profile.
• Other Information. Responses to online forms, surveys, offerings of Service reviews; suggestions for new products or Services; participation in contests; use of self-created content such as photographs; or any other actions you perform on the Services. 

During the 12-month period prior to the effective date of this Privacy Notice, we may have obtained Personal Data about you from the following source categories: 

• Directly from you, such as when you sign up for an account, initiate a transaction, contact customer service or support departments via phone, email, chat or other forms of communication, or from applications, forms, webinars, surveys, and other information you provide us. 
• Your devices, when you use our Platform or Services. 
• Your comments or suggestions, interaction with us, requests for information or contact with our customer service or support departments. 
• External banks (i.e., banks other than our Banks) if you link a non Ouro-serviced account. 
• Vendors who provide services on our behalf. 
• Our joint marketing partners. 
• Our business partners (such as referring websites). 
• Online advertising services and advertising networks. 
• Government entities. 
• Operating systems and platforms. 
• Identity verification and fraud prevention platforms. 
• Social networks. 
• Data brokers, lead generation partners, and identity resolution service providers.
• Marketers and other websites on which Ouro advertises. 
• Inferences, including new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we may infer your general geographic location (such as city, state, and country) based on your IP address. 
• Information Collected by Automated Means: We may use automated technologies on our Services to collect information about your equipment, browsing actions and usage patterns. These technologies help us (1) remember your information so you do not have to re-enter it; (2) track and understand how you use and interact with our Services, including our online forms, tools or content; (3) tailor the Services around your preferences; (4) measure the usability of our Services and the effectiveness of our communications; and (5) otherwise manage and enhance our products and Services, and help ensure they are working properly. Information collected by automated means may include:
  • Site Visitor information: When you visit our Site, we may obtain certain information by automated means, such as cookies, web beacons, web server logs and other technologies. A “cookie” is a text file that websites send to a visitor’s computer or other internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an internet tag, pixel tag or clear GIF, links web pages to web servers and cookies and may be used to transmit information collected through cookies back to a web server. The information we collect in this manner may include your device IP address, unique device identifier, web browser characteristics, device characteristics, operating system, language preferences, referring URLs, clickstream data, and dates and times of website visits. Your browser may tell you how to be notified about certain types of automated collection technologies and how to restrict or disable them. Please note, however, that without these technologies, you may not be able to use all the features of our Services. 
  • App User Information: When you use our App, we also may collect certain information by automated means, such as through device logs, server logs and other technologies. The information we collect in this manner may include the device type used, the mobile operating system, device identifiers and similar unique identifiers, device settings and configurations, IP addresses, battery and signal strength, usage statistics, referring emails and web addresses, dates and times of usage, actions taken on the App, and other information regarding use of the App. In addition, we may collect your device’s geolocation information. Your device’s operating platform may provide you with a notification when the App attempts to collect your precise geolocation. Please note that if you decline to allow the App to collect your precise geolocation, you may not be able to use all the App’s features. Your device may tell you how to be notified about certain types of automated collection technologies and how to restrict or disable them. Please note, however, that without these technologies, you may not be able to use all the features of our Services. You can manage how your device and browser share certain device data by adjusting the privacy and security settings on your mobile device. 

Important Note: Information collected in connection with your application or use of a particular Financial Product is covered under the applicable Bank’s and Insurer’s privacy notice. 

Aggregated, Non-Personal, or Non-Identifiable Information 

We may collect or process general, non-personal, or statistical information about the users of our Services. We may also de-identify, anonymize, and/or aggregate certain Personal Data collected from or about users of our Services, or when you interact with us. We may process and disclose this information without restriction (so long as no attempt is made to re-identify the data. 

To access or use our Services, you may be required to provide Personal Data. Personal Data is primarily collected, submitted, and/or transmitted: 

• When you provide it to utilize the Services or facilitate our processing of data
• From application, forms, webinars, surveys, and other information you provide us.
• If you provide us with comments or suggestions, interact with us, request information about our Services, or contact our customer service or support departments by phone, email, chat, or other forms of communication.
• From consumer and business reporting agencies regarding verification of your identity or financial accounts.
• Between us, our business partners, and third-party vendors.
• From information you may provide via social media. 

We may append and enrich the information we have about you with information purchased from third party data suppliers. 

We may collect both Personal Data and Anonymous Information such as connection, activity, and usage data, when visitors and users navigate to and around our Sites and Apps: 

• Through your browser when you visit the Site, which includes information such as your Media Access Control (MAC) address, browser type, device type, and operating system.
• From your IP address, which is automatically logged in our server when you visit a Site.
• Using cookies or other digital tracking tools such as web beacons (also known as pixel tags or clear GIFs). See the Use of Cookies and Web Beacons section below for more information.
• From feedback that does not personally identify you voluntarily provided to us on a Site.
• Using a website recording service, which may record mouse clicks, mouse movements or page scrolling but does not record any Personal Data.
• From de-identified or aggregated Personal Data, including payment data associated with a Financial Product. 

Biometric Information: 

For the purposes of this Privacy Notice, “biometrics” may include an individual’s physiological characteristics that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Examples of biometrics include, but are not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted. 

We do not collect biometric information, but smartphones do for access. The consent process is part of the smartphone and is controlled by the user/worker. 

Data Retention: 

We retain Personal Data for as long as necessary to provide the Services and fulfill the transactions requested by or on behalf of customers, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, product development, detecting and preventing fraud and abuse, enforcing our agreements, and for any other necessary business purpose. 

Our collection of Personal Data is limited to the business and commercial purposes described below: 

1. Perform services, including maintaining or servicing accounts, processing transactions, and/or other benefits, providing customer service, and other related activities (“Services”). 
2. Verify customers’ information, identity, and eligibility to receive Services. 
3. Send transactional communications as part of our Services and marketing communications that we believe may interest you. 
4. Determine your eligibility for, and administer your participation in, certain features of the Services, including, but not limited to, surveys, contests, sweepstakes, promotions and rewards; 
5. Conduct research, assessments, and analytics relating to our Services and develop new services, products and technological improvements. 
6. Administer, audit, and improve our Platform. 
7. Improve, upgrade, or enhance our Services or business operations. 
8. Administer quality and safety maintenance for our Platform or Services. 
9. Facilitate applicant tracking and employee recruitment. 
10. Contact customers and consumers with information on Services, new Services or products, or upcoming events, including via SMS or MMS text messaging if mobile phone number is provided for that purpose and auditing those interactions. 
11. Perform advanced analytics and provide insights to customers. 
12. Detect fraud, theft, or other activities to ensure security and integrity by detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity. 
13. Comply with legal, reporting, and regulatory requirements or to defend against a legal claim. 
14. For other purposes that are compatible with this Privacy Policy or where permitted by applicable law. 
15. In any other way we may describe when you provide the information, or for which you provide authorization. 

Anonymous Information: 

We may use Anonymous Information in the following ways: 

• To evaluate the Site’s effectiveness and usability
• To improve our products or services
• To ensure the Site displays properly and diagnose problems
• To measure the number of visitors to the Site
• For other activities to the extent permitted by law. 

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you with notice. 

We do not sell Personal data for monetary consideration. We only make business purpose Personal data disclosures as detailed above and pursuant to written contracts that describe the purposes of use, require the recipient to keep Personal Data confidential, and prohibit using the disclosed Personal Data for any purpose except performing the contract. 

We may share the information we obtain about you with our affiliates and subsidiaries; our Banks, our Insurers; other companies in connection with co-branded products, services or programs; joint marketing partners; research study partners; and consumer reporting agencies. We also may share the information we obtain about you with vendors and other entities we engage to perform services on our behalf, such as payment and check deposit processors, risk detection and mitigation tools, and modeling and analytics tools. 

We also may disclose Personal Data (1) if we are required to do so by law or legal process (such as a court order or subpoena); (2) in response to requests by government agencies, such as law enforcement authorities; (3) to establish, exercise or defend our legal rights; (4) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (5) in connection with an investigation of suspected or actual illegal activity; (6) to defend our decisions related to a dispute, which includes sharing limited dispute and decision related information, as permitted by law, with the press if the member has shared related details of the dispute with the press already; (7) in connection with the sale, transfer, merger, acquisition, joint venture, reorganization, divestiture, dissolution, or liquidation of our business or asset (disclosure associated with these events includes full transfer of your Personal Data to the resulting entitles); or (8) otherwise with your consent. 

We maintain organizational, technical, and physical safeguards designed to protect the Personal Data you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. SSL encryption also is used on our Site when you are asked to enter confidential information as part of your application. You can tell you have entered an encrypted session in several ways. Whenever you see an unbroken key, a locked padlock, or similar icon on your browser screen, you have entered an encrypted session. In addition, when your session changes from “http” to “https,” you are in an encrypted session. More information about our online security can be found here. 

We do not knowingly collect or use Personal Data from children under 18 years of age without obtaining verifiable consent from their parents. We are not responsible for the data collection and use practices of non-affiliated third parties to which our Site may link. 

Our Site may include links to third-party websites. We are not responsible for the information collection practices of third-party links you click to from our Site. We cannot guarantee how these third parties use cookies or whether they place cookies on your computer that may identify you personally. We urge you to review the privacy policies of each of the linked websites you visit before you provide them with any Personal Data. 

Ouro uses cookies or other similar tracking technologies when you visit our Site. Cookies are text files containing small amounts of information, which your computer or mobile device downloads when you visit a Site. When you return to our Sites – or visit websites that use the same cookies – they recognize these cookies and therefore your browsing device. 

We use cookies and other tracking technologies to do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience. They can also help ensure that ads you see online are more relevant to you and your interests. We also use similar technologies such as pixel tags and JavaScript to undertake these tasks. 

We use cookies to: 

• Ensure your security and privacy when in our secure Sites
• Store login details for our secure sites
• Temporarily store input information in our calculators, tools, illustrations and demonstrations
• Provide you with ads that are more relevant to you and your interests, and improve our targeting and enhance your journey through our sites and partner sites
• Improve our understanding of how you navigate through our sites so we can identify improvements
• Evaluate our sites’ advertising and promotional effectiveness; and
• We use both our own (first-party) and partner companies’ (third-party) cookies to support these activities 

We may also allow our business partners to place web beacons on our site or to place cookies on your device for advertising or other purposes. 

Disabling Cookies and Do-Not-Track: 

While you may disable the usage of cookies through your browser settings, we do not change our practices in response to a “Do Not Track” signal in the HTTP header from your browser or mobile application. We track your activities if you click on advertisements for Ouro services on third-party platforms such as search engines and social networks and may use analytics to track what you do in response to those advertisements. We may also use web beacons and tracking URLs in our messages to you to determine whether you have opened a certain message or accessed a certain link. 

Currently nineteen states have passed and signed privacy legislation into law. State laws, among other provisions, provide consumers with the right to know, right to delete, right to correct, right to opt-out, and right to non-discrimination. Specific state notices are provided below. 

Generally State privacy laws exclude Personal Data already covered by Federal financial services privacy laws such as the Gramm-Leach-Bliley Act (GLBA). As a result, these rights granted do not apply to Personal Data related to a financial account. However, California, Minnesota, and Oregon impose additional obligations for data not covered by GLBA. Specifically, this includes marketing data collected through prospect lists, tools like Google Analytics on Ouro websites, employee information, business contact data (such as contacts at retail stores, distributors, or vendors), and mobile app usage data. 

Refer to the State Privacy Notice Addendum for your specific residency state disclosures, if applicable. 

How to Exercise Your Privacy Rights: 

Consumers or their authorized agents may submit a request by phone at 1-866-387-7363, or by submitting a Privacy Request Form to us by mail at P.O. Box 2136, Austin, TX 78768-2136, or by email at privacy@ouro.com. If you’re making a request as an Authorized Agent, you must also fill out, sign and attach the Authorized Agent Form to your request. If the request is submitted by someone with a power of attorney (POA), the POA may be submitted instead of the Authorized Agent Form. 

Authentication/Verification. To help protect your privacy and maintain security when you submit a privacy request, we are required to reasonably validate your identity. To fulfill your request, we may require you to sign a declaration under penalty of perjury that you are the consumer whose Personal Data is the subject of the request. If we cannot validate the requestor based on the information provided, we will notify the requestor that we are unable to fulfill the request. We will only use Personal Data provided in the request to verify the requestor’s identity or authority to make it. We will confirm receipt of a request within ten (10) business days. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will  inform you of the reason and extension period. We do not charge a fee to process or respond to a verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will detail why we made that decision and provide a cost estimate before completing the request. 

Declining Requests. Except for the automated controls described in this Notice, if you send us a request to exercise your rights or the choices in this section, to the extent permitted by applicable law, we may charge a fee or decline requests in certain cases. For example, we may decline requests where granting the request would be prohibited by law, could adversely affect the privacy or rights of another person, would reveal a trade secret or other confidential information, would interfere with a legal or business obligation that requires retention or use of the data, or because the data at issue is not covered under the law you are asserting. 

Appeal. You have the right to appeal our decision to refuse to act on a data privacy request within a reasonable period after you receive our decision. To appeal our decision, forward your denial email to privacy@ouro.com for our Privacy Team to review your data subject request. Within 45 days, we will provide you with a written explanation of the justification for declining to act on your request. If you disagree with our explanation, you have the right to file a complaint with your state’s Attorney General. 

Data Retention. We retain personal data for as long as necessary to provide the Services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different Services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations. 

Notice of Financial Incentives. We may offer rewards or prizes for participation in certain activities that may be considered a “financial incentive”. These activities may involve the collection of Personal Data. The categories of Personal Data we collect are limited to what information you provide us, but may include: identifiers, protected class/demographic information, commercial information, online activities, geolocation information (general and precise), sensory information, employment information, and inferences. Activities we engage in that may be considered as a financial incentive include surveys where we may provide compensation such as a gift card in exchange for your time and responses, or a prize through your participation in promotions and sweepstakes. Participation in these programs may be subject to separate terms and conditions. Your participation in these programs is voluntary and you can terminate at any time as explained in any applicable terms. When we offer gift cards in exchange for your participation in a survey or when we engage in promotions or sweepstakes, the amount provided is reasonably related to the value of the data you provide, which takes into account a number of factors, including, the anticipated benefit we receive such as product improvement, better understanding how you use our products, to enhance our understanding of consumer and market trends, increased consumer engagement, and the anticipated expenses we incur in relation to the collection, storage, and use of the information we receive. The value may vary across surveys, promotions, and sweepstakes. 

Where we offer you a financial incentive for providing your Personal Data, our accompanying disclosure will provide: 

1. A succinct summary of the financial incentive or price or service difference offered; 
2. A description of the material terms of the financial incentive or price or service difference, including the categories of Personal Data that are implicated by the financial incentive or price or service difference and the value of your Personal Data; 
3. How the consumer can opt-in to the financial incentive or price or service difference; 
4. A statement of the consumer’s right to withdraw from the financial incentive at any time and how the consumer may exercise that right; and 

5. An explanation of how the financial incentive or price or service difference is reasonably related to the value of your Personal Data. 

Changes to This Privacy Notice. This Notice may be revised from time to time due to legislative changes, changes in technology, our privacy practices, or new uses of your information not previously disclosed in this Policy. Revisions are effective upon posting and your continued use of this Platform or Services will indicate your acceptance of those changes. Please refer to this Policy regularly. 

Contact Information. If you have any comments, concerns, or questions about this Privacy Policy, please contact us at privacy@ouro.com.