Privacy Policy

This Privacy Policy describes how Moov Financial, Inc. (“Moov,” “we,” “us,” or “our”) collects, uses, and discloses your Personal Information when you use our payment processing services, visit our websites, attend one of our events, or interact with us through our online communities or in any other way (collectively, the “Services”). Please read it carefully because it tells you about your privacy rights, including how you can contact us. By visiting the Website or using our Services in any other way, you accept the practices described in this Privacy Policy. If you do not agree to all of the terms of this Privacy Policy, you may not access or use the Services.

1. About Us.

Moov is the provider of a technology platform and related APIs (collectively, the “Moov Platform”) through which Moov, in conjunction with one or more financial institution partners, enables users to establish and maintain an Account through which users may link existing Payment Methods to initiate Transactions (the Moov Platform, the Moov Account, and the related services, are collectively, the “Payment Processing Services”).

2. Definitions.

3. Categories of Personal Information Collected, Why We Collect It, and How We Use & Share It.

3.1. We Collect Personal Information to Provide our Payment Processing Services.

  • Account Information. When you sign up to use our Payment Processing Services, we ask you to provide information that we need to establish and maintain an Account. This information includes company name, company type, EIN, email address, phone number, company website, industry codes, financial or tax information, identification documents, Payment Methods, Linked Account information, and beneficial owner information. We use this information to set up and provide your Account, verify your identity, prevent and reduce fraud, enhance security, conduct customer due diligence, and otherwise comply with our legal obligations, which include KYC, KYB, and tax obligations.
  • Transaction Data. When you instruct us to facilitate your acceptance or disbursement of a Transaction, we process transaction data, which may include your name, email address, billing address, shipping address, Payment Methods, Linked Account numbers, CVC/CVV, PIN, merchant or payee information, purchase amount, purchase date, and other transaction-related information.
  • Usage Data. When you use our Payment Processing Services, we also automatically collect data about your Account and your usage, which may include your login and password details, device ID, IP address, operating system, browser type, and other diagnostic data. We use this information to of authenticate you or the Transaction, monitor the Transaction, monitor usage trends, detect risk, and improve and optimize our Payment Processing Services.
  • Responding to Questions. If our contract states that we will provide you with support, we will process questions, queries, or requests you send or share with us in relation to our Payment Processing Services. We will also process your data if you contact us about this Privacy Policy. We may need data related to your Account, Transaction, or usage in order to provide this support.
  • Other Uses. In addition to the uses described above, we may use your information for the purposes of: (1) protecting you and the Payment Processing Services from fraud, financial crimes, and/or other unauthorized or illegal activity, including the prevention, investigation, and detection of money laundering; (2) improving our internal training; and (3) correcting errors or bugs in the Payment Processing Service.

3.2. We Collect Personal Information When You Visit and Use our Website. When you browse our Website, we receive your Personal Information either directly from you or through our use of cookies and similar technologies.

  • Information Provided by You. When you choose to complete a form on our Website or on third party websites featuring our advertising (e.g., LinkedIn), we will collect the information included in the form (e.g., contact information such as individual name, business name, email address, etc.).
  • Cookies. When you visit our Website, we use cookies and similar technologies, which may collect IP address, device information, and usage data (e.g., which pages you visit most). For more information about our use of cookies and similar technologies, please see our Cookies Policy at https://moov.io/legal/cookies-policy.
  • Use. dWe use the Personal Information described above in order to communicate with you, including about our Events or Payment Processing Services. These communications may be via email. We also use the Personal Information described above to ensure that our Website works properly, to understand how you use our Website, to improve our Website, to perform statistical analyses for optimizing our Website, and to secure our Website.

3.3. We Collect Personal Information When You Attend Our Events. You must register to attend an Event, for which we may request the following information (“Contact Information”): name; job title; company name; address information (including city, state, and zip code); phone number; emergency contact information; LinkedIn profile; and conference plans. This section describes how we use and share the information provided by you in this context.

  • Registration. We use this Contact Information to offer and communicate about, the upcoming Event to you. We may also use this information to send you emails prior to the Event informing you of Event-related activities, such as on-site events and speaker announcements. We share this information with our agents or service providers who assist us in putting on the Event. We also share this information with our service providers for our business purposes of understanding more about you and how you interact with or use Moov.
  • Exhibitors and Sponsors. With your consent, we may provide your Contact Information to Exhibitors and Sponsors in two scenarios. First, during registration you may opt-in for us to share your Contact Information with our Exhibitors or Sponsors. Second, Exhibitors or Sponsors may ask to scan your badge at exhibit booths and session rooms. Scanning of your badge is optional. When you allow your badge to be scanned by Exhibitors and/or Sponsors during an Event, you are opting-in to receive marketing communications from them. If you opt-in during registration, or scan your badge, we will share your Contact Information with those parties, so they can contact you directly with marketing information. You will be subject to their communications and privacy policies and must opt-out with them directly.

3.4. We Collect Personal Information When You Interact with Our Online Communities. Moov offers a community (currently through Slack) that you may join to support the development of open-source implementations of financial protocols. If you sign-up to join our Slack community, you will provide us with your Contact Information (name, email address, etc.). We will use this information to communicate with you, to share ideas about open-source software, and to learn how you interact with or use Moov. We may also share this information with our service providers in order to understand more about you and how you interact with or use Moov.

4. Additional Uses of Your Personal Information.

In addition to the uses described above, we may use your Personal Information for the following purposes below.

4.1. Contacting You. We may use your Personal Information to contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication, related to the Payment Processing Services, including authentication and security updates.

4.2. Newsletters and Marketing. We may use your Personal Information to contact you with newsletters, marketing materials, and other information that may be of interest to you. You may opt-out of receiving certain communications from us by following the unsubscribe link or instructions provided in any email we send. As of the “Last Updated” date above, we use Mailchimp to manage and send emails to you. Mailchimp is an email marketing sending service provided by Intuit. For more information on the privacy practices of Mailchimp, please visit their Privacy Policy at https://www.mailchimp.com/legal/privacy.

4.3. Corporate Transactions. We may use your information to evaluate or conduct a merger, reorganization, sale of assets, joint venture, assignment, transfer, change of control, investment, dissolution, or other business combination or acquisition or disposition of all or any portion of our business, assets, or stock, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us may be among the assets transferred.

5. Sharing Your Data.

In addition to the ways described above, we share Personal Information in the following ways:

5.1. Affiliates. We share Personal Information with our affiliated entities. When we share this information, it is for the purposes identified in this Privacy Policy.

5.2. Technology Platforms, Service Providers, and Processors. We need the help of technology platforms, service providers, and processors (collectively, for purposes of this section, “Processors”) to be able to offer you the Payment Processing Services, Websites, and Events. These Processors may provide a variety of services, including hosting, fraud detection and loss prevention, KYC/KYB compliance, identity verification, business verification, address identification, email marketing, intelligence account verification, error management, and event monitoring and management. We authorize these Processors to use the Personal Information that we make available to perform services on our behalf and to comply with applicable legal requirements. We have concluded agreements with these Processors to protect your Personal Information and to use it only in order to provide us with the services.

5.3. Financial Partners. We partner with or use financial institutions or card networks (collectively referred to as “Financial Partners”) to offer the Payment Processing Services and route and track your Transactions. We share your information with them for these purposes. For more information about our bank partners, see our Platform Agreement at https://www.moov.io/legal/platform-agreement/.

5.4. Others Parties Identified in our Cookies Policy. We embed certain social media services on our Website, and these social media services use cookies that may identify you. Please see our Cookies Policy at https://moov.io/legal/cookies-policy for more detail.

5.5. Other Parties With Your Consent. We may resell third-party services as ancillary services to the Payment Processing Services. Alternatively, we may refer you to third-party services that can provide these ancillary services. This information is only shared with your consent and we will disclose the identity of the third party prior to reselling their ancillary services or referring you to them.

5.6. Corporate Transactions. If we enter into, or intend to enter into, a corporate transaction such as a merger, reorganization, sale of assets, investment, dissolution, joint venture, assignment, transfer, change of control, or other business combination or acquisition or disposition of all or any portion of our business, assets, or stock, we may share your information with these third parties in connection with that transaction or potential transaction, and your Personal Information may be part of the transferred assets. The acquiring entity will have the right to continue to use your Personal Information pursuant to the terms of this Privacy Policy.

5.7. Compliance Obligations. We share Personal Information: (A) to comply with applicable laws and regulations; (B) to comply with rules established and imposed by providers of payment methods (e.g., card network rules; Nacha rules); (C) for purposes of ensuring the rights, safety and property of Moov and the rights, safety and property of our partners and users (e.g., protecting against security incidents); (D) to enforce our contractual rights; and (E) to respond to valid legal process requests from courts, regulators, law enforcement agencies, and other public and government authorities.

6. Security.

Securing your Personal Information is important to us. In order to prevent unauthorized people or parties from being able to access and misuse your data, we have instituted administrative, technical, and organizational measures to safeguard and secure your Personal Information. However, please remember that no method of transmission of data over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially reasonable means to protect your Personal Information, we cannot guarantee its absolute security.

7. Retention.

We retain your Personal Information as long as we provide the Services to you. After we stop providing Services (either to you or to a party with whom you transacted business), and even if you close your account or complete a Transaction, we may retain your Personal Information: (A) to comply with our legal and regulatory obligations; (B) to comply with our contractual obligations, including obligations owed to Financial Partners where data retention is mandated; (C) to pursue our business purposes of detecting and preventing fraud, preventing loss, processing chargebacks and refunds, and complying with valid legal process requests from courts or competent authorities; and (D) to comply with our tax, accounting, and financial reporting obligations.

8. Your Rights.

You may have choices regarding our collection, use, and disclosure of your Personal Information. We have set forth these choices below. Please also see the jurisdiction-specific terms at the end of this Privacy Policy.

8.1. Opt-out of Electronic Communications. You may opt out of receiving marketing materials from us at any time by clicking the “unsubscribe” button or similar link in any marketing email.  Even after such opt-out, you may receive additional emails for a short period of time while we process your request. We also may contact you by email or otherwise with information that is not primarily marketing, for example, regarding updates to the Services or information about your Account or any contracts or arrangements.

8.2. Deletion of Cookies. See our Cookies Policy available at https://moov.io/legal/cookies-policy for how to delete any cookies that are stored on your computer.

9. Privacy of Minors/Children.

The Services are not knowingly offered to minors under the age of 18. Our Platform Agreement available at https://moov.io/legal/platform-agreement/ requires users to represent that they are 18 years of age or older. We request that users under the age of 18 not create an account or use the Services or provide Personal Information through the Services. If you believe a minor who is under the age of 18 has provided us with Personal Information, please contact us at [email protected] or by phone at 1(855) 977-MOOV.

10. Visiting our Services from Outside the United States.

Your information may be transferred to, and maintained on, computers located outside of your state, province/territory, or country where the privacy laws may not be as protective as those where you live.  If you are located outside the United States and choose to provide Personal Information to us, please be aware that we transfer your Personal Information to the United States and process and store it there.  As a result, this information may be subject to access requests from governments, courts, law enforcement officials, and national security authorities in the United States according to its applicable laws and regulations.  Subject to the applicable laws, we will use reasonable efforts to ensure that appropriate protections are in place to maintain protections on your Personal Information.  By submitting your Personal Information, you consent to having your Personal Information transferred to, processed, and stored in the United States.

Our Services may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s website. We strongly advise you to review the Privacy Policy of every website you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services.

12. Updates.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page, along with the “Last Updated” legend at the top of this Privacy Policy. Any changes are effective as of the date of the “Last Updated” legend at the top of this Privacy Policy, and your continued access or use of our Payment Processing Services after we post an updated Privacy Policy means that you accept the revisions. It is your responsibility to review this Privacy Policy periodically for any changes.

13. Notice to Residents of Nevada.

If you are a resident of Nevada, you have the right to opt-out of the sale of Personal Information to third parties. You can exercise this right by contacting us at [email protected] with the subject line “Nevada Privacy Request” and providing us with your name and the email address associated with your account. Please note, however, that we do not sell your Personal Information to third parties.

14. Notice to Residents of California.

If you are a resident of California, please refer to the California Privacy Notice in the Annex of this Privacy Policy.

15. Contact Us.

If you have any questions, comments, requests, or complaints, or wish to exercise your privacy rights, please contact us at [email protected] or by phone at 1(855) 977-MOOV.

Annex: California Privacy Notice

Pursuant to the California Privacy Rights Act (“CPRA”), residents and households located in the state of California have certain rights regarding the processing of their Personal Information.

1. Notice of Collection and Use of Personal Information.

We may collect (and may have collected during the 12-month period prior to the “Last Updated” date above) the following categories of Personal Information about you:

1.1. Identifiers. This includes things such as name, postal address, IP address, email address, account name, social security number, driver’s license number, passport number, and similar identifiers.

1.2. Additional Data Subject to Cal. Civ. Code § 1798.80. This includes things like name, address, telephone number, driver’s license or state identification card number, education, credit card or debt card number, and other financial information.

1.3. Characteristics of Protected Classifications under California or Federal Law. This includes race, gender, and age noted in identification documents that you submit to Moov so that Moov can verify your identity and perform KYC/KYB verifications.

1.4. Commercial Information. This includes payment and transaction data that a merchant may receive when you choose to do business with them.

1.5. Biometric Information. This consists of biometric information from photo identification documents (e.g., drivers licenses) you submit to Moov so that Moov can verify your identity and perform KYC/KYB verifications.

1.6. Internet or other electronic network activity information. This includes certain information about devices and browsers that use the Services as well as usage data.

1.7. Geolocation Data. We use your IP address to determine your general location (such as city, state, or zip code).

1.8. Sensory Information. This includes audio, electronic, visual, and similar information, such as if you call us pursuant to an agreement with us where we have agreed to provide you with certain back-end support.

1.9. Professional or Employment-Related Information. This includes things like professional or educational records for purposes of verifying your identity.

2. Business Purpose for Collection and Use of Personal Information.

We may use (and may have used during the 12-month period prior to the “Last Updated” date above) your Personal Information for the purposes described in our Privacy Policy above and for the following business purposes:

  • 2.1. performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytics services, or providing similar services;
  • 2.2. auditing related to a current interaction with you and concurrent transactions;
  • 2.3. detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
  • 2.4. debugging to identify and repair errors that impair existing intended functionality;
  • 2.5. undertaking internal research for technological development and demonstration; and
  • 2.6. undertaking activities to verify or maintain the quality or safety of the services offered by us and to improve, upgrade, or enhance services offered by us.

3. Sources of Personal Information.

We obtain (and may have obtained during the 12-month period prior to the “Last Updated” date above) your Personal Information from the following categories of sources:

  • 3.1. directly from you, such as when you provide us with Account information or payment data to facilitate a Transaction for you;
  • 3.2. your devices, such as when your use our Website;
  • 3.3. our Financial Partners, such as when we facilitate the processing of a Transaction;
  • 3.4. external banks (i.e., banks other than Financial Partners) if you link a bank account or if you initiate a Transaction to a third-party bank account;
  • 3.5. Service Providers who provide services on our behalf;
  • 3.6. embedded cookie/analytics providers or social media networks, such as LinkedIn; and
  • 3.7 operating systems and platforms.

4. Categories of Third-Parties with whom Personal Information is Shared.

During the 12-month period prior to the “Last Updated” date of the Privacy Policy, we may have shared your Personal Information with certain categories of third parties, as described in our Privacy Policy.

5. Categories of Personal Information Sold.

Moov does not engage in the sale of Personal Information as defined in the CPRA.

6. Categories of Personal Information Shared.

Moov does not engage in sharing your Personal Information for cross-context behavioural advertising as defined in the CPRA.

7. Data Retention.

Moov will retain your Personal Information for the duration necessary for Moov: (A) to comply with our legal and regulatory obligations; (B) to comply with our contractual obligations, including obligations owed to Financial Partners where data retention is mandated; (C) to comply with our contractual obligations, including obligations owed to Financial Partners where data retention is mandated; (D) to pursue our business purpose of detecting and preventing fraud, preventing loss, processing chargebacks and refunds, and complying with valid legal process requests from courts or competent authorities; and (E) to comply with our tax, accounting, and financial reporting obligations.

8. Your Rights.

Under CPRA, you have certain rights, which are set forth below.

8.1. You have a Right to Know About Personal Information Collected, Disclosed, or Sold.

  • Right to Know. California residents have the right to request that Moov disclose what Personal Information it collects, uses, discloses, and sells. This is called the “Right to Know”. Under the Right to Know, you can request a listing of the types of Personal Information we have collected about you, the sources of that information, how we use the information (e.g., our business or commercial purposes for collecting or selling Personal Information), other individuals and business with whom we share Personal Information, and the specific pieces of Personal Information that we have collected about you. If you would like the above information, you may contact us at [email protected] or by phone at 1(855) 977-MOOV. When you make a request under your Right to Know, you can expect the following:

    1. We will verify your identity. You will need to provide us the following information: email address and full name in order for us to verify that you are who you say you are. We may also need further information related to your Account in order to validate your identity.
    2. We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at [email protected].
    3. We will respond to your request within 45 days. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
    4. In certain cases, a Request to Know may be denied, for example, if we cannot verify your identity or if providing you the information could create an unreasonable risk to someone’s security (for example, we do not want very sensitive information disclosed inappropriately). If we deny your request, we will explain why we denied it. If we deny a request, we will still try to provide you as much of the information as we can, but we will withhold the information subject to denial.

8.2. You have a Right to Request Deletion of Personal Information about You. You may have a right to request the deletion of your Personal Information collected or maintained by Moov. If you would like this information deleted, contact us at [email protected] or by phone at 1(855) 977-MOOV. When you make a request for deletion, you can expect the following:

  • After you request deletion, you will need to confirm that you want your information deleted.
  • We will verify your identity. You will need to provide us the following information: email address and full name. We may also need further information related to your Account in order to validate your identity.
  • We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
  • We will respond to your request within 45 days. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
  • In certain cases, a request for deletion may be denied, for example, if we cannot verify your identity, the law requires that we maintain the information, or if we need the information for internal purposes such as providing Services or complying with our contractual obligations. See Section 7 above for more on our data retention practices. If we deny your request, we will explain why we denied it and delete any other information that is not protected from deletion.

8.3. Right to Request Correction. You may have the right to request that we correct inaccurate Personal Information that we maintain about you. We will honor such request but might not be able to fulfil your request if it is impossible to do so or would involve disproportionate effort, or if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If you would like this information corrected, please contact us at [email protected] or by phone at 1(855) 977-MOOV.

8.4. Right to Limit the Use and Disclosure of Sensitive Personal Information. You have the right to limit certain ways in which a business uses and discloses Sensitive Personal Information. Please note, however, that Moov does use or disclose sensitive Personal Information in a way covered by this right; in particular, Moov does not process “Sensitive Personal Information” for purposes of inferring characteristics about a consumer.

8.5. Right to Opt-Out of the Sale or Sharing of Personal Information. CPRA entitles California residents to opt-out of the sale or sharing of their Personal Information by businesses, as those terms are defined in CPRA. Moov does not sell or share Personal Information under CPRA.

8.6. Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights. You have a right not to receive discriminatory treatment by us for exercising any of your privacy rights conferred by the CPRA. We will not discriminate against any California consumer because such person exercised any of the consumer’s rights under CPRA.

9. Authorized Agents.

If you would like, you may designate an authorized agent to make a request under the CPRA on your behalf. We will deny requests from agents that do not submit proof of authorization from you. To verify that an authorized agent has authority to act for you, we may require a copy of a power of attorney or require that you provide the authorized agent with written permission and verify your own identity with us.

10. Rights Provided by California Civil Code Section 1798.83.

A California resident who has provided Personal Information to a business with whom he/she has established a business relationship for personal, family, or household purposes (a “California Customer”) may request information about whether the business has disclosed Personal Information to any third parties for the third parties’ own direct marketing purposes. In general, if the business has made such a disclosure of Personal Information, upon receipt of a request by a California Customer, the business is required to provide a list of all third parties to whom Personal Information was disclosed in the preceding calendar year, as well as a list of the categories of Personal Information that were disclosed. Please note, however, that Moov does not disclose your Personal Information to third parties for the third parties own direct marketing purposes. California Customers may request further information about our compliance with this law by mailing us at 1025 Technology Pkwy, Suite M, Cedar Falls, IA 50613 or emailing us at [email protected]. Please note that we are only required to respond to two requests per California Customer each year under Code Section 1798.83.