Last updated: July, 2018
If you do not accept this policy, you may not use the service.
This Privacy Notice should be read alongside:
In the course of using Cleo, engaging with Cleo websites, or corresponding with the team at Cleo, you provide us with or we collect various pieces of personal data.
We collect and use the data outlined below to provide a contracted service to you or to further operate and develop our business.
Your personal data will not be sold, distributed, or leased to any third parties. We only share your personal data in cases in which it is necessary for us to provide our services.
We do not collect information regarding your race, ethnicity, religious or philosophical beliefs, political beliefs, sexual orientation, genetic information, or information about your health.
By using Cleo, you agree that we may collect, hold, process, and use your information (including personal information) for the purpose of providing you with the Cleo services and developing our business which includes (without limitation):
If you cancel your user account for the Service, we will promptly and securely delete all of the Personal Information we hold about you. We reserve the right to retain any Anonymous Data collected up to the point of cancellation and to continue using it in accordance with this policy.
We may gather or you may provide various kinds of personal information in the course of using Cleo, visiting our websites, or interacting with the team.
i) Contact details, such as but not limited to your name, email address, and phone number.
ii) Identity data to enable you to use optional ancillary service Cleo wallet, provided by Dwolla. This may include but is not limited to name, postal address, email, phone number, SSN, and date of birth.
iv) Transaction data, provided through third-party provider Plaid, such as but not limited to transaction dates and amounts, and merchant types and descriptions.
v) Facebook data enabling you to chat to Cleo in Facebook Messenger, such as but not limited to name and email address.
We collect the following personal information from you automatically when you visit our websites or use our online services:
You can read more about how we gather Cookie data in our Cookies Policy here .
We may receive the following personal information about you from third-party service providers, in accordance with your legitimate interests.
Below is a list of the people with whom we share your personal data, the data types, and why we share it.
We require third-party providers and services to respect your privacy and the security of your personal data.
We may share information about you with suppliers that we engage to help us provide certain services and/or functionality e.g online payment processing. We will use reasonable endeavours to control and be responsible for the use of your information by such suppliers. Furthermore, by using the Site, you consent to the transfer of your personal information to the European Economic Area and other geographies in the event that the processing of your information involves such a transfer.
We take the security of your personal information very seriously and have appropriate physical, technical, and administrative procedures in place to help protect your personal information from unauthorized access, use, or disclosure as required by law in England.Once we have received your User Information, we use strict procedures and security features to prevent unauthorised access including:
We encrypt personal data appropriately and use proper technical and organisational measures across the business.
All of the personal data we hold is hosted on Heroku’s cloud platform, which provides us with a wide range of resilience, scaling, and security features. Heroku’s cloud platform is hosted on the Amazon Web Services’ platform. Heroku is accredited under ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402, FISMA Moderate, and Sarbanes-Oxley (SOX).
All third-party interactions with the Cleo service are made through a secure socket layer (SSL), the standard security technology for establishing an encrypted link between a web server and a browser.
We have written contracts with each of those third-party processors which contain safeguards for your information.
When you choose to delete Cleo, we delete all information about you from our database and our backup database within 24 hours, except that which is required for fraud detection.
The deletion policies of Facebook and Plaid are linked below, and form part of the basis of our contracts with them.
Facebook’s deletion policy can be found here: https://www.facebook.com/policy.php
Plaid’s deletion policy can be found here: https://plaid.com/legal/
Dwolla retains records as required for regulatory purposes.
We do not knowingly collect Personal Information from children under the age of 18 through the Platform. If you are under 18, please do not give us any Personal Information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Policy by instructing their children never to provide Personal Information through the Platform without their permission. If you have reason to believe that a child under the age of 18 has provided Personal Information to us, please contact us, and we will endeavor to delete that information from our databases.