Privacy & Storage
Last updated
Last updated
Connection: upon connecting to your bank, we only store (1) bank balance and (2) an AES-256 encrypted in our database provided to us by Plaid. The asset report token allows us to make an API request to Bank servers to collect PII at a later point in time. You will be able to disconnect at any point via which severs our ability to access to your personal data from Bank servers. We do NOT store any personally identifiable information (PII) at this stage.
Borrow: upon borrowing, we make an api request to the bank via the asset report token and our plaid client id, and store AES-256 encrypted (1) full name, (2) email address, (3) phone number, and (4) city/state such that in the case you sever the Plaid endpoint we still have a means of legal recourse via collections agencies. This approach strikes a balance between collecting minimal viable personal data whilst maintaining effective collection strategies by outsourcing skip tracing to licensed collections agencies with access to commercial databases via TLOxp. We do NOT have access to Social Security Numbers or Date of Birth.
Repayment: a “purge PII” button appears in your dashboard. Pressing it deletes the four fields above and leaves only hashed bank acct + anonymized credit history. You may reconnect Plaid later to reopen a line of credit.
Connection: upon connecting to your credit karma, we store in our database (1) credit scores, credit age, credit utilization, derogatory marks, num. hard inquiries, payment history, and total accounts (non-PII) and (2) a SHA-256 hash of your first and last name to ensure the credit data belongs to the bank account. We do NOT store any personally identifiable information (PII) from Credit Karma.
Connecting to credit karma does NOT trigger a hard check on your credit report.
Connection: upon connecting your wallet, we store the IP address for fraud-risk scoring.