Privacy Policy

Last updated May 29th, 2024


Introduction

This Privacy Policy (the “Policy”) describes the type of information that Carefull Corporation (the “Company,” “we” or “us”) gathers from visitors to the Company website and users of the Company’s services (collectively, the “Services”).

Collection, Use, and Sharing of Personal Information

“Personal Information” means information that can be associated with a particular user. Unless otherwise indicated, the term “user account” refers to a user’s own account, whereas the term “managed profile” refers to a user account that is set up and managed by a user on behalf of another individual. The chart below details what Personal Information we collect.

What Personal Information We Collect

How We Collect the Personal Information

Why We Collect the Personal Information

First name, last name, email address, and phone number of a user account or managed profile.

Users input this information directly when creating user accounts or managed profiles.

We use this information to create user profiles and communicate with users in accordance with their preferences.

Address, driver’s license information, date of birth, if credit monitoring is utilized.

Users input this information directly if utilizing credit monitoring features.

We use this information to cause the credit monitoring features of the Services to operate properly.

Home address, if credit or home title monitoring is utilized.

Users input this information directly if utilizing home title or credit monitoring features.

We use this information to cause the credit or home title monitoring features of the Services to operate properly.

Contact information for trusted contacts, including those contacts’ names, email addresses, and phone numbers.

Users input this information directly.

We use this information to verify trusted contacts as part of operating the Services.

Personal information contained in feedback or correspondence.

Although we do not directly seek personal information, users may share personal information incidental to providing feedback or correspondence to us.

We use this information to communicate with users about the topics about which they communicate with us.

Information related to user preferences for receiving communications, and details about how recipients engage with our communications.

Users are able to set their preferences directly through the Services.

We use this information to improve our communications with users and abide by a user’s communication preferences.

Personal information that is received from social media in accordance with social media platform policies.

We may maintain pages on social media platforms, such as Instagram, Facebook, YouTube, Twitter, or LinkedIn. When visiting or interacting with these platforms, the platform’s privacy policy will apply to its collection, use, and processing of personal information.

We use this information to improve and deliver the Services.

Device data, including a device’s operating system type and version, manufacturer and model, browser type, screen resolution, device identifiers, RAM and disk size, CPU usage, device type, IP address, language settings, mobile device carrier, and radio/network information.

This information is gathered automatically when a user uses the Services. Automatic information gathering is accomplished through cookies, web beacons, and local storage technologies (such as HTML5) that provide cookie-like functionality.

We use this information to improve and deliver the Services.

Information related to a user’s interactions with the Services, including pages or screens viewed, user preferences, the time spent on a page or screen, usage history, navigation paths between pages or screens, information about activity on a page or screen, access times, and duration of access.

This information is gathered automatically when a user uses the Services. Automatic information gathering is accomplished through cookies, web beacons, and local storage technologies (such as HTML5) that provide cookie-like functionality.

We use this information to improve and deliver the Services.

Location information as explained under “Location Access,” below.

Please see “Location Access,” below.

Please see “Location Access,” below.

Information obtained from marketing partners, as discussed under “Marketing Partners,” below.

Please see “Marketing Partners,” below.

We use this information to improve and deliver Carefull’s services.

Information obtained from third party data providers, including credit activity or home title data providers.

This information is gathered automatically when user uses the Services. Automatic information gathering is accomplished through secure third party services.

We use this information to improve and deliver Carefull’s services.

To utilize features of the Services related to credit monitoring, we also request (but do not retain) a user’s social security number or credit activity. Similarly, when a user utilizes features of the Services that monitor bank accounts, we request (but do not retain) online banking login credentials.

We use Plaid Inc. (“Plaid”) to link Service Beneficiaries’ financial accounts to the Services in order to gather certain data from financial institutions. Plaid will access and transmit personal and financial information from relevant financial institution(s) to the Services. Personal and financial information will be transferred, stored, and processed by Plaid in accordance with the Plaid end user privacy policy.

‍Payments on our Services are handled by Stripe. The information provided to Stripe in connection with payment information and transactions is handled in accordance with Stripe’s terms and privacy policies. For more information, please read Stripe’s Services Agreement here, and Privacy Policy here.

We do not share Personal Information, except as explained below under “Sponsoring Partners” “Third-Party Contractors,” “Marketing Partners,” “Business Transitions,” and “Compliance with Law and Prevention of Harm.”

Sponsoring Partners – Many users learn about the Services or determine to use the Services in connection with the use of a sponsoring partner, such as a financial advisor or bank. Where a user determines to utilize a sponsoring partner in conjunction with the Services, the user may determine what information is shared with the sponsoring partner as to a user or managed profile. By default, the names and balances of financial accounts, as well as the names, email addresses, and phone numbers of trusted contacts, are shared unless the user disables sharing. A user, including in the context of managing a managed profile, may opt in to sharing additional information, such as transactions or alerts within particular financial accounts.

Third-Party Contractors – We may use contractors (“Service Providers”) to perform limited services on our behalf, such as hosting websites and providing email services. Service Providers are required to obtain only the Personal Information they need to deliver the service they were hired to perform, to maintain the confidentiality of Personal Information, and not to use Personal Information for any purpose other than the service they were hired to perform.

Marketing Partners – We may engage third-party advertising companies and social media companies to display ads promoting our services across the Internet. These companies may use cookies and similar technologies to collect information about interactions (including the data described above) over time across the Internet and use that information to serve online ads that they think will be of interest. This is called interest-based advertising. Users can opt out of sharing for interest-based advertising purposes by clicking the “Do Not Share My Personal Information” link on our website.

Business Transitions – We may share information with businesses that are legally part of the same group as the Company, or that become part of that group. We reserve the right – in the event of a business transition such as a merger – to transfer Personal Information to a new business owner, on the condition that such Personal Information must be treated in accordance with this Policy.

Compliance with Law and Prevention of Harm – We may disclose your Personal Information or any information submitted via the Services if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce any applicable terms of service, including investigations of potential violations thereof; (iii) detect, prevent, or otherwise address fraud or security issues; or (iv) protect against harm to the rights, property or safety of the Company, our users, yourself or the public. We may be required to disclose Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Third Party Content – The Services may include embedded content (e.g., videos, images, articles, etc.) that are linked from other websites. Embedded content is subject to the privacy policies of such websites, rather than this Policy.

No Sale of Personal Information – We do not sell Personal Information.

Use, Sharing, and/or Sale of Non-personal Information – We may aggregate data on user behavior with respect to the Services. This data does not enable identification of individual users and is not Personal Information as defined by this Policy. As such, our use, sharing, and/or sale of non-personal Information is not restricted by this Policy.

User Choices with Respect to Personal Information

Users may opt out of marketing-related communications by following the opt-out or un-subscribe instructions at the bottom of our emails or by contacting us at privacy@getcarefull.com. This will not opt users out of mandatory service communications.

Users may also opt out of the use of personal information for interest-based advertising through the following platforms:

- Google

- Facebook

- LinkedIn

- Microsoft

Users of the Services may request information about our collection, use, and disclosure of their information (a “Request to Know”), including:

- the categories and specific pieces of Personal Information we have collected about the user;

- the categories of sources from which we have collected the user’s Personal Information;

- the business or commercial purpose for collecting or selling the user’s Personal Information;

- the categories of Personal Information we have sold about the user; and

- the categories of Third Parties with whom we have shared or disclosed for a business purpose.

Users may also request that we delete their Personal Information (a “Request to Delete”).

Requests to Know

Users may submit a Request to Know by emailing us at care@getcarefull.com.

Users may submit two types of Requests to Know: (1) A request for the specific pieces of Personal Information that we have collected about you in the past twelve months; or (2) a request for the categories of Personal Information that we have collected about you in the past twelve months, and we have used and disclosed that Personal Information.

When you submit a Request to Know, we may ask you to provide certain pieces of information in order to verify your identity, such as your name, email address, and phone number. If you submit a Request to Know for the specific pieces of information that we have collected about you, we may also require you to submit a signed declaration under the penalty of perjury stating that you are the consumer whose Personal Information is the subject of the Request to Know.

If we are able to verify your identity, we will respond to your Request to Know by: (a) providing the requested information; or (b) explaining why we are not required to provide the requested information. If we are unable to verify your identity, we will respond by explaining why we cannot verify your identity. We will confirm receipt of your Request to Know within 10 days and will respond to your Request to Know within 45 days. If a response requires additional time, we will notify you of the basis for the delay and may extend our response period up to an additional 45 days.

If we provide the information requested, we will provide the information free of charge and in a readily usable portable format. We have no obligation to provide Personal Information to you more than twice in a 12-month period. If a Request to Know or series of Requests to Know are manifestly unfounded or excessive, we may charge a reasonable fee for processing the Request(s) to Know, or may refuse to process the Request(s) to Know.

Requests to Delete

Users may submit a Request to Delete by emailing us at care@getcarefull.com. When you submit a Request to Delete, we may ask you to provide certain pieces of information in order to verify your identity, such as your name, email address, and phone number. If we are able to verify your identity, we will respond to your Request to Delete by (a) deleting your Personal Information and, if applicable, directing any of our Service Providers to delete your Personal Information; or (b) explaining why we are not required to delete your Personal Information. We may choose to delete Personal Information by de-identifying, aggregating, or completely erasing the Personal Information. We will specify the manner in which we delete your Personal Information.

If a Request to Delete or series of Requests to Delete are manifestly unfounded or excessive, we may charge a reasonable fee for processing the Request(s) to Delete, or may refuse to process the Request(s) to Delete.

Protection and Retention of Personal Information

We follow generally accepted industry standards, including the use of appropriate administrative, physical, and technical safeguards, to protect Personal Information. The appropriate administrative, physical, and technical safeguards employed by us may vary depending on the nature of Personal Information collected, with more stringent measures applied to information of a sensitive nature.

However, no method of transmission over the Internet, or method of electronic storage, is entirely secure. Therefore, while we strive to use commercially reasonable means to protect Personal Information, we cannot guarantee its absolute security or confidentiality. Please be aware that certain Personal Information and other information provided by you in connection with your use of the Services may be stored on your device (even if that information is not collected by us). You are solely responsible for maintaining the security of your device from unauthorized access.

Personal Information will be retained for as long as is reasonably necessary to achieve the purposes set forth in this Policy, and to comply with all applicable laws.

Other Provisions

Accessibility and Language – Any person that is unable to access this Policy through the Services may request this Policy in an alternative format or language by contacting us at care@getcarefull.com.

International Users – The Company and its servers are located in the United States and are subject to applicable local, state, and federal laws. Users who choose to access the Services do so on their own initiative and at their own risk, and are responsible for complying with all applicable laws, rules and regulations. Users who choose to access the Services consent to the use and disclosure of information in accordance with this Policy and subject to such laws. We may limit the Service’s availability, in whole or in part, to any person, geographic area or jurisdiction we choose, at any time and in our sole discretion. We do not represent or warrant that the Services, or any part thereof, is appropriate or available for use in any other jurisdiction.

Children’s Privacy – The Services are neither directed to nor structured to attract Users under the age of 18. If you are under the age of 18, you are not permitted to use the Services. The Company does not knowingly collect Personal Information from users under the age of 18. If you are a parent with concerns about children’s privacy issues in conjunction with the use of the Services, please contact the Company at care@getcarefull.com.

Do Not Track Signals and Collection of Information for Third-Party Advertising – The Company does not authorize the collection of personally identifiable information from our users for third-party use through advertising technologies.

Amendments – We may modify or amend this Privacy Policy from time to time. If we make any material changes, as determined by us, to this Privacy Policy, including in the way in which Personal Information is collected, used or transferred, we will notify you by e-mail to the address specified in your profile or by means of a notice on the Services prior to the change becoming effective.

Contact Information

If you have questions about this Policy, please contact care@getcarefull.com.

Effective Date

The effective date of this Policy is June 29, 2024.

Carefull Corporation

132 West 31st Street, 9FLR

New York, NY 10001

1 (833) 836-0050

hello@getcarefull.com

For everyone

Home

Articles

© 2024 Carefull Corporation