Last Updated/Effective Date: April 11, 2023
Last Updated/Effective Date: April 11, 2023
This Privacy Notice includes important information about your Personal Information and we encourage you to read it carefully.
FinLocker is a secure financial fitness tool that aggregates and analyzes a consumer’s financial data to offer personalized journeys to achieve loan eligibility for a mortgage and other financial transactions. FinLocker, LLC and its affiliates (“FinLocker,” “we,” “us,” or “our”) respect your privacy. We want to be clear about our use of the Personal Information (defined below) that you entrust to us.
This Privacy Notice describes the Personal Information that we collect, use, or share on the sites, applications, social media pages, or other platforms that link to this Privacy Notice (collectively, the “Site”). This Privacy Notice also describes your rights and choices, including the right to object to some uses of your Personal Information by us and how you can contact us about our privacy practices.
We may collect a range of Personal Information. “Personal Information” means information that uniquely identifies, relates to, describes, or is reasonably capable of being associated with or linked to you. Personal information does not include information that is anonymous or aggregated. It also does not include information that cannot be associated with or be used to identify a particular person.
The types of Personal Information we collect may include:
- Contact Information – If you submit an inquiry, register for an account, or provide information on our Site, we may collect your contact information. This may include your name, email address, demographic information, and phone number.
- Demographic Information – When you create an account, you may also be asked to provide identification information to confirm your identity, including your first and last name, address, date of birth, full or partial social security number and phone number.
- Third Party Site Accounts – We may collect certain passwords, usernames, account numbers, and other account information for third party sites and Internet services (“Third Party Sites”) which you permit us to access on your behalf.
- Third Party Site Information – We may collect, on your behalf, your account and other Personal Information from Third Party Sites that you register under your account via the Site. For example, if you register your Bank of America® account with us, we will access your Bank of America® information via our Site in order to present it to you and to share it with other parties authorized by you.
- Other Financial and Personal Information – We may collect, on your behalf, financial and other Personal Information from the parties you have authorized us to share information with and from other parties (e.g., automated underwriting systems, Consumer Reporting Agencies, and other third party information providers). Where required by law, our data providers or otherwise, we will obtain your authorization before seeking Personal Information from such third parties. You may upload documents and files to the Site, such as tax return documents, property related documents, or employment-related information and input employment, property, and other information about you to allow us to provide more comprehensive services to you, and to enable us to share these documents with other parties authorized by you. Depending on your use of the Site, you also may submit information relating to your co-borrowers, beneficiaries, dependents, or other people.
- Location Data – While navigating our Site your mobile device or browser may share your location data, both through Wi-Fi and GPS. We will collect this information based on the settings of your phone and browser.
- Usage Information – When you use our Site, our servers may automatically record information, including your Internet Protocol address (IP Address), browser type, referring URLs (e.g., the site you visited before coming to our Site), domain names associated with your internet service provider, information on your interaction with the Site, and other such information.
- Communication Information – We may collect audio, electronic, or visual information, which includes screen sharing views; any data in any files uploaded, emailed or otherwise provided by customers; the contents of your communications with us, whether via e-mail, social media, telephone or otherwise, and inferences we may make from other Personal Information we collect.
- We May Collect Your Personal Information Directly From You – For example, if you request information from us, or complete the “Contact Us” form on our Site.
- We May Also Collect Personal Information From Third Parties – For example, we may work with business partners, subcontractors, advertising networks, analytics providers, and search information providers, who may provide us with Personal Information. Such third parties may also include public records databases or other publicly available sources.
- Your Choices – Most browsers provide you with the ability to block, delete, or disable cookies and similar technologies, and your mobile device may allow you to disable transmission of unique identifiers and location data. If you choose to reject cookies or block device identifiers, some features of the Site may not be available, or some functionality may be limited or unavailable.
To the extent permitted by applicable law, we may use Personal Information to:
- operate the Site and provide support to our business functions;
- contact and access Third Party Sites you have permitted us to access;
- fulfill customer requests, such as to create an account or complete purchases initiated by you through our Site;
- protect against criminal activity, claims and other liabilities;
- confirm your accounts are valid and verify your identity;
- send you information about the company which has provided you with an account on our Site (the “Locker Sponsor”), and the Locker Sponsor’s products, services, and promotions;
- respond to reviews, comments, or other feedback provided to us;
- support and personalize the Site and the Locker Sponsor’s advertising efforts;
- protect the security and integrity of the Site;
- provide customer support;
- the extent required for benchmarking, data analysis, audits, developing new products, enhancing the Site, facilitating product, software and applications development, improving the Site or our services, conducting research, analysis, studies or surveys, identifying usage trends, as well as for other analytics purposes;
- meet our contractual requirements and enforce our Terms of Service;
- comply with applicable legal or regulatory requirements and our policies;
- market, advertise, and provide the Site and our services;
- provide information to Authorized Third Parties, with your consent; and
- the extent necessary for any other lawful purpose for which the Personal Information is collected.
Our Site allows you to provide, and grant access to, your financial and Personal Information to third parties, such as your Locker Sponsor, other providers of services and products that you may be interested in, and family members that you authorize to receive such information (“Authorized Third Parties”). Authorized Third Parties can receive your Personal Information in three ways:
- First, with your express, informed consent, we may disclose your Personal Information to certain Authorized Third Parties, including Locker Sponsors. We will seek your express consent to disclose this information at the time you create an account with us, or via a separate process at our discretion prior to disclosing any of your Personal Information.
- Second, using our Site, you can select what information you want us to provide to an Authorized Third Party.
- Third, you can grant Authorized Third Parties direct access to your Personal Information we possess through options you select within the Site.
All the information we provide to an Authorized Third Party or that an Authorized Third Party directly accesses from us will be in their possession and generally becomes part of their “file(s)” or “loan file” on you. While we control the provision of and access to your Personal Information we possess, we do not control how an Authorized Third Party uses your Personal Information once such information is in the Authorized Third Party’s possession. Your Personal Information in the possession of an Authorized Third Party, and their use of that information including how long such information is retained, will be governed by the privacy policies and other applicable policies of that Authorized Third Party.
You acknowledge and agree that you will not request that FinLocker share your information with any type of third party where FinLocker indicates the type of third party which you have requested we share your Personal Information with is restricted from receiving information from FinLocker or the Site.
Notwithstanding anything in this Privacy Notice to the contrary, all information in possession of an Authorized Third Party, and their use of such information, will not be subject to this Privacy Notice and we will not be responsible for such possession or use. The links to the privacy policies of these third parties can be provided on request.
We will not sell, publish or share your Personal Information without your permission, except as specifically described in this Privacy Notice. We may disclose your Personal Information in the following circumstances:
- To Authorized Third Parties – We may disclose your Personal Information to third parties who are affiliated, transacting or working with, or otherwise providing services on behalf of, an Authorized Third Party (for example, a mortgage lender may transfer their access to your Personal Information to a third party they may sell or assign your mortgage to, or to a third party they use to originate your loan or service your loan)
- To Provide Our Services – We may disclose your Personal Information to our parent, subsidiary, third parties and other related companies, including, but not limited to, our partners, vendors, consultants and professional advisors, trusted affiliates, independent contractors and business partners who will use the information only as necessary for them to perform or provide the Site and for the specific purposes for which the information was collected. For example, if we have a co-brand partner who acts as a Locker Sponsor and you access the Site as brought to you by one of those partners, through a co-branded URL, your email address used for registration on the Site may be provided to that co-brand partner. We will also share information regarding how you use the Site with our co-brand partners. This may include the fact that you have registered on the Site, as well as the fact that you have chosen to add certain information (such as your credit score, financial accounts, assets or paycheck information) to your account. We will not share the specific information you add without your consent as described in this Privacy Notice.
- To Third Parties for Marketing Purposes – We may share your Personal Information with third parties for their marketing purposes. This may include third parties whose services we believe you may be interested in, or who are interested in providing you with services.
- For Legal Obligation or Safety Reasons – When we have a good faith belief that access, use, preservation or disclosure of Personal Information is reasonably necessary to (a) satisfy or comply with any requirement of law, regulation, legal process, or enforceable governmental request, (b) enforce or investigate a potential violation of the Terms of Service, (c) detect, prevent, or otherwise respond to fraud, security or technical concerns, (d) support auditing and compliance functions, or (e) protect the rights, property, or safety of FinLocker, its users, or the public against harm.
- In the Case of a Merger or Sale – If we are involved in a merger, acquisition, or any form of transfer or sale of some or all of its business, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding. Personal Information may be transferred along with the business. Where legally required we will give you prior notice and if you have a legal right to do so, an opportunity to object to this transfer.
- To Service providers – When we hire a service provider to help operate the Site or our business, we may give access to Personal Information as necessary to perform such services. This may include service providers that operate our Site, send our communications, or manage our customer relations.
We may share or make available anonymous, de-identified or aggregate information that cannot be used to identify you individually. This anonymous, de-identified or aggregate information is not Personal Information, and we may use anonymous, de-identified or aggregate information for any purpose allowed by law.
Upon your termination of your account registered for use of the Site, we will terminate your account. Upon your termination of your account, we will delete all Personal Information included in your account. Notwithstanding the foregoing, we may retain one copy of your Personal Information in order to comply with our obligations under our agreements with your Locker Sponsor, for a period not to exceed seven (7) years from the date you terminate your account.
If you choose to initiate a transaction for a financial product or service with an Authorized Third Party, we may retain the information associated with such transaction for the period required by our agreement with such Authorized Third Party.
To the extent you have authorized the disclosure of your Personal Information to Authorized Third Parties pursuant to Section 4 of this Privacy Notice, any Personal Information in the possession of those Authorized Third Parties at the time you terminate your FinLocker account will be subject to the privacy policies of the applicable Authorized Third Party.
We use our commercially reasonable efforts to protect the confidentiality and security of Personal Information we process. These efforts include technical and administrative security measures such as, but not limited to, firewalls, encryption techniques, and authentication procedures, among others, designed to maintain the security of your online session, the information we store, and the information we share with others. However, despite these efforts to store Personal Information in a secure operating environment, we cannot guarantee the security of Personal Information during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of Personal Information, we cannot guarantee that our security measures will prevent third parties such as hackers from illegally obtaining access to Personal Information.
Depending on where you live, you may have the right to exercise certain controls and choices regarding our collection, use, and sharing of your Personal Information. To opt-out of marketing communications please email us at firstname.lastname@example.org or by following the instructions included in the email or text correspondence.
Please note that, even if you unsubscribe from certain correspondence, we may still need to contact you with important transactional or administrative information, as permitted by law. Additionally, if you withdraw your consent or object to processing, or if you choose not to provide certain Personal Information, we may be unable to provide some or all of our services to you.
To exercise other rights with respect to your Personal Information, please see Section 15.
This Site is hosted in the United States. If you are visiting this Site from outside of the United States, please note that by providing your Personal Information it is being transferred to, stored, collected, or processed in the United States, where our data center and servers are located and operated.
We do not knowingly collect or solicit any Personal Information from children under the age of 16. In the event that we learn that we have collected Personal Information from a child, we will promptly take steps to delete that information. If you are a parent or legal guardian and think your child has given us their Personal Information, you can email us at email@example.com or contact us using the information listed in Section 17.
Our Site may contain links to third party websites and services that are not owned or controlled by us. We are not responsible for the practices employed by any websites or services linked to or from the Site, including the information or content contained within them. We encourage you to investigate and ask questions before disclosing Personal Information to third parties, since any Personal Information disclosed will be subject to the applicable third party’s Privacy Notice.
This Section applies to our collection and use of “Personal Information” if you are a resident of California, as required by the California Consumer Privacy Act (“CCPA”) of 2018 and its implementing regulations, as amended by the California Privacy Rights Act (the “CPRA”). This Section describes (1) the categories of Personal Information collected and disclosed by us, subject to CPRA, (2) your privacy rights under CPRA, and (3) how to exercise your rights.
When we use the term “Personal Information” in the context of the CPRA, we mean information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household. Any information we collect described in Section 2 of this Privacy Notice not listed in this Section 14 is subject to the Fair Credit Reporting Act or Gramm-Leach-Bliley Act, and is not subject to the CCPA or CPRA or their respective requirements.
If you would like to receive a copy of this Section in an alternate format (e.g., printable) or language, please contact us using the information provided in Section 16.
A. Categories of Personal Information Collected, Used, and Shared
We have collected the following categories of Personal Information from our consumers within the last 12 months. The sources from which we obtain this information and the ways in which we use this information are set forth in Section 2 and Section 3 above. We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
|Categories of CA Personal Information We Collect||Categories of Third Parties to Which We Disclose Personal Information for a Business or Commercial Purpose||Categories of Third Parties to Which We May Sell or Share Personal Information||Retention Period|
|Geolocation data||Service providers, Authorized Third Parties, Locker Sponsors||We do not sell or share this information.||Twenty-six (26) months from date of collection.|
We share each of these categories of Personal Information with our service providers to the extent necessary for them to facilitate our business purposes. We also share this Personal Information for the purposes set forth in Section 5 above.
We will retain your Personal Information in accordance with Section 7 above.
B. Your California Privacy Rights
Subject to certain exceptions, if you are a resident of California, you may have the following rights:
|Notice||The right to be notified of what categories of Personal Information will be collected at or before the point of collection and the purposes for which they will be used and shared.|
|Access||The right to request the categories of Personal Information that we collected in the previous twelve (12) months, the categories of sources from which the Personal Information was collected, the specific pieces of Personal Information we have collected about you, and the business purposes for which such Personal Information is collected and shared. You may also have the right to request the categories of Personal Information which were disclosed for business purposes, and the categories of third parties in the twelve (12) months preceding your request for your Personal Information.|
|Data Portability||The right to receive the Personal Information you have previously provided to us in a portable and readily usable format.|
|Erasure||The right to have your Personal Information deleted. However, please be aware that we may not fulfill your request for deletion if we (or our service provider(s)) are required or permitted to retain your Personal Information for one or more of the following categories of purposes: (1) to complete a transaction for which the Personal Information was collected, provide a good or service requested by you, or complete a contract between us and you; (2) to ensure our website integrity, security, and functionality; (3) to comply with applicable law or a legal obligation, or exercise rights under the law (including free speech rights); or (4) to otherwise use your Personal Information internally, in a lawful manner that is compatible with the context in which you provided it.|
|Correction||You have the right to request that we correct any incorrect personal information that we collect or retain about you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see below), we will correct (and direct any of our service providers that hold your data on our behalf to correct) your personal information from our records, unless an exception applies. We may deny your correction request if (a) we believe the personal information we maintain about you is accurate; (b) correcting the information would be impossible or involve disproportionate; or (c) if the request conflicts with our legal obligations.|
|Automated Decision Making||You have the right to request information about the logic involved in automated decision-making and a description of the likely outcome of processes, and the right to opt out. FinLocker does not currently engage in any automated decision-making practices.|
|To Opt Out of Sales or Sharing of Personal Information||You have the right to opt out of the sale or sharing of your Personal Information.|
|Use of Sensitive Personal Information||You have the right to limit the use of your sensitive Personal Information.|
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your Personal Information. You may also make a request on behalf of your minor child.
You may only make a request for access or data portability twice within a 12-month period. The request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We will only disclose your Personal Information with your consent or as otherwise described in this Privacy Notice. You may revoke your consent to our sharing of Personal Information with Authorized Third Parties and opt-out of future disclosures at any time by contacting us at firstname.lastname@example.org.
If we disclose Personal Information to a third party with your consent, you should contact such third party directly if you want to exercise your rights for the disclosed Personal Information.
You will not be discriminated against in any way by virtue of your exercise of the rights listed in this Privacy Notice which means we will not deny goods or services to you, provide different prices or rates for goods or services to you, or provide a different level or quality of goods or services to you.
To exercise your privacy rights under applicable data protection law, please submit a request to us by one of the following methods:
- Calling us toll free at 888-231-2070
- E-mailing us at email@example.com
Verification: We must verify your identity before fulfilling your requests. If we cannot initially verify your identity, we may request additional information to complete the verification process. We will only use Personal Information provided in a request to verify the requestor’s identity. If you are an authorized agent making a request on behalf of a California consumer, we will also need to verify your identity, which may require proof of your written authorization or evidence of a power of attorney.
We endeavor to respond to requests within the time period required by applicable law. If we require more time, we will inform you of the reason and extension period in writing.
If you have an account with us, we may deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us.
We may deny certain requests, or only fulfill some in part, as permitted or required by law. For example, if you request to delete Personal Information, we may retain Personal Information that we need to retain for legal purposes.
Please note that we may modify or update this Privacy Notice from time to time, so please review it periodically. We may provide you with an updated Privacy Notice if material changes are made. Unless otherwise indicated, any changes to this Privacy Notice will apply immediately upon posting to the Site.
If you have any questions about our practices or this Privacy Notice, please contact us at firstname.lastname@example.org. You may also write to us at:
168 N. Meramec Ave, Suite 250
St. Louis, Missouri 63105