Privacy and Cookies Policy

Last updated: July, 2018

Introduction

At Cleo, we’re building an AI assistant that makes it easy to manage your money. Cleo, as with all AI, relies on data to be effective: it’s at the heart of what we do, letting us make your money work more efficiently and intelligently for you. We take the security of your data very seriously, and we are committed to assuring and respecting your privacy. This Privacy Policy sets out how and on what basis we collect information about people, and the ways in which it is protected.

If you do not accept this policy, you may not use the service.

This privacy policy ("Privacy Policy") explains how personal information is collected, used, stored, and disclosed by Cleo AI ("Cleo," "we," "us," and "our"). This Privacy Policy applies to consumer users (individually referred to as "you") of our websites, applications, and other online services to which this Privacy Policy is posted (collectively, our "Services").

This Privacy Policy is part of our Terms and Conditions. By accessing or using our Services, you agree to this Privacy Policy and our Terms and Conditions. The provisions contained in this Privacy Policy supersede all previous notices and statements regarding our privacy practices with respect to our Services. If you do not agree to every provision of this Privacy Policy and our Terms of Use, you may not access or use our Services.

Other relevant policies and terms

This Privacy Notice should be read alongside:

  • Cleo Terms and Conditions
  • Cleo Cookie Policy (see also Section 4 below)

How and why we collect data

In the course of using Cleo, engaging with Cleo websites, or corresponding with the team at Cleo, you provide us with or we collect various pieces of personal data.

We collect and use the data outlined below to provide a contracted service to you or to further operate and develop our business.

Your personal data will not be sold, distributed, or leased to any third parties. We only share your personal data in cases in which it is necessary for us to provide our services.

We do not collect information regarding your race, ethnicity, religious or philosophical beliefs, political beliefs, sexual orientation, genetic information, or information about your health.

By using Cleo, you agree that we may collect, hold, process, and use your information (including personal information) for the purpose of providing you with the Cleo services and developing our business which includes (without limitation):

  • Personalising your visits to Cleo to improve the information services provided to you.
  • Informing you about the latest changes to the Site, products, services or promotional offers that you might find interesting.
  • To notify you about changes to the Service.
  • Communicating (and personalising such communication) with you.
  • Enabling you to share our content with others e.g. using an ‘Email a friend’ or ‘Share this’ functionality.
  • Conducting market research.
  • Carrying out technical and statistical analysis to measure the performance of our services and the Site.

If you cancel your user account for the Service, we will promptly and securely delete all of the Personal Information we hold about you. We reserve the right to retain any Anonymous Data collected up to the point of cancellation and to continue using it in accordance with this policy.

The data we collect

We may gather or you may provide various kinds of personal information in the course of using Cleo, visiting our websites, or interacting with the team.

i) Contact details, such as but not limited to your name, email address, and phone number.

ii) Identity data to enable you to use optional ancillary service Cleo wallet, provided by Dwolla. This may include but is not limited to name, postal address, email, phone number, SSN, and date of birth.

iv) Transaction data, provided through third-party provider Plaid, such as but not limited to transaction dates and amounts, and merchant types and descriptions.

v) Facebook data enabling you to chat to Cleo in Facebook Messenger, such as but not limited to name and email address.

Information we collect about you, either directly or indirectly

We collect the following personal information from you automatically when you visit our websites or use our online services:

  • The Internet Protocol (IP) address used to connect your computer or access device to the internet
  • Your login information
  • Your geographic location
  • Your browser information, and
  • Your operating system.

You can read more about how we gather Cookie data in our Cookies Policy here .

Information we collect or receive from other sources

We may receive the following personal information about you from third-party service providers, in accordance with your legitimate interests.

  • Our third-party provider Plaid: such as but not limited to bank account number, sort code, balances, and transaction data.
  • Facebook: name, unique identifier, and aggregated analytics information.
  • Dwolla: payment details required for receiving, handling, and solving complaints, both regulatory and non-regulatory.
we share with other sources

Below is a list of the people with whom we share your personal data, the data types, and why we share it.

We require third-party providers and services to respect your privacy and the security of your personal data.

  • Plaid Inc. provide transaction processing services and issue resolution services to Cleo and yourself, using your login and bank account details.
  • Facebook Inc. provide you with access to Cleo via Facebook Messenger, using your contact details.
  • Dwolla provide our US Cleo wallet services, which entails processing contact details, financial data, and Know Your Customer data, as required.
  • Intercom Inc. provide Cleo and yourself with online customer support messaging services, using your contact details.
  • MailChimp/Apple Inc. provide us with marketing services using your contact details.
  • Heroku/Amazon Web Services provide us with data storage facilities, for the supply of your personal, transaction, status verification, and online conversation data.
  • Google Inc. provide us with email and data storage facilities (via Google Drive) for suppliers’ contact details and financial data, as well as customer contact details and transaction data where required for product testing and development.

Sharing Your Information

We may share information about you with suppliers that we engage to help us provide certain services and/or functionality e.g online payment processing. We will use reasonable endeavours to control and be responsible for the use of your information by such suppliers. Furthermore, by using the Site, you consent to the transfer of your personal information to the European Economic Area and other geographies in the event that the processing of your information involves such a transfer.

Keeping Your Personal Information Secure

We take the security of your personal information very seriously and have appropriate physical, technical, and administrative procedures in place to help protect your personal information from unauthorized access, use, or disclosure as required by law in England.Once we have received your User Information, we use strict procedures and security features to prevent unauthorised access including:

  • encrypting any Personal Information which we transfer to Plaid Inc (“Plaid”).; and
  • having in place an agreement with Plaid which requires it to have in place appropriate measures to safeguard the security of the Personal Information we send to them.

Cleo uses Plaid Inc. (“Plaid”) to gather End User’s data from financial institutions in the U.S.. By using our service, you grant Cleo and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid Privacy Policy .

Cleo uses Dwolla to provide customers with the Cleo wallet functionality. By using our service, you agree to your personal and financial information being transferred, stored and processed by Dwolla in accordance with the Dwolla Privacy Policy .

The security of your personal information

We encrypt personal data appropriately and use proper technical and organisational measures across the business.

All of the personal data we hold is hosted on Heroku’s cloud platform, which provides us with a wide range of resilience, scaling, and security features. Heroku’s cloud platform is hosted on the Amazon Web Services’ platform. Heroku is accredited under ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402, FISMA Moderate, and Sarbanes-Oxley (SOX).

All third-party interactions with the Cleo service are made through a secure socket layer (SSL), the standard security technology for establishing an encrypted link between a web server and a browser.

We have written contracts with each of those third-party processors which contain safeguards for your information.

How long do we keep information about you?

When you choose to delete Cleo, we delete all information about you from our database and our backup database within 24 hours, except that which is required for fraud detection.

The deletion policies of Facebook and Plaid are linked below, and form part of the basis of our contracts with them.

Facebook’s deletion policy can be found here: https://www.facebook.com/policy.php

Plaid’s deletion policy can be found here: https://plaid.com/legal/

Dwolla retains records as required for regulatory purposes.

Children’s Privacy

We do not knowingly collect Personal Information from children under the age of 18 through the Platform. If you are under 18, please do not give us any Personal Information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Policy by instructing their children never to provide Personal Information through the Platform without their permission. If you have reason to believe that a child under the age of 18 has provided Personal Information to us, please contact us, and we will endeavor to delete that information from our databases.

Updates to the Privacy Policy

As things are always changing, we reserve the right to revise or add to this Privacy Policy on occasion. We encourage you to bookmark and review this page periodically to ensure you are familiar with the most current version of this Policy and that you are aware of what information we collect, how we use it, and under what circumstances we disclose it.

You can determine when this Privacy Policy was last revised by checking the "date of last update" at the top of this Privacy Policy. If we change this policy, we will post the revised policy here with an updated effective date. If we make significant changes to the policy, we may also notify you by other means such as sending an email or posting a notice on our home page.

If you have any questions or comments about the content of this Privacy Policy Notice please contact us at team@meetcleo.com