Privacy and Data Protection Policies


Last Updated: February 20, 2024

Privacy Provisions Applicable to Fold Prepaid Debit Cardholders and Applicants

If you are a Fold cardholder or have applied for a Fold card, the principal privacy policy governing your prepaid card program belongs to Sutton Bank, the bank issuing your card, and is available at https://www.suttonbank.com/_/kcms-doc/85/49033/WK-Privacy-Disclosure- 1218.pdf.

You may link an external, U.S.-issued bank account (an “Eligible Bank Account”) to your Fold VISA Prepaid Debit Card to load the card. Fold reserves the right to limit which banks or what types of accounts constitute an Eligible Bank Account. If you choose to link your Eligible Bank Account by providing the username and password you use to access your bank information online, you acknowledge (i) your personal and financial information is being provided to Plaid Inc.;(ii) that your personal and financial information will be collected, processed, transferred, or stored in accordance with Plaid Inc.’s Privacy Policy; and (iii) that you acknowledge and agree to Plaid Inc.’s Privacy Policy, available at https://plaid.com/legal/#end-user-privacy-policy.

Please Note: Fold, Inc. does not take responsibility for the content, products, services or privacy policies of third-party services, including those referenced above. We encourage you to carefully review the privacy policies of any third-party services you access.

Fold Privacy Policy

This Privacy Policy describes Fold, Inc.’s ("Fold", “we”, “our” or “us”) policies and procedures regarding our collection, use and disclosure of your information in connection with your access and use of our Fold mobile application (the “App”) and at Foldapp.com (the “Site”), and the other services, features, products, content or applications offered by Fold (together with the Site and the App, the “Services”). As used in this Privacy Policy, “Personal Data” means any information that can be used to individually identify a person or meets an applicable legal definition of “personal data,” “personal information,” or any similar term. All defined terms not defined herein shall have the meaning ascribed to them in the Fold Terms of Service, of which this Privacy Policy is a part. Please also see our GLBA Privacy Notice for more information on how we handle Personal Data that is subject to the Gramm-Leach-Bliley Act.

We urge you to read this Privacy Policy in full, but wanted to mention a few things upfront:

  • This Privacy Policy covers our treatment of Personal Data that we collect about you (a) from you directly, when you register for and use your Account on the Services; (b) from your web browser and/or device, as you interact with the Services generally; and (c) from third party websites and services, including our business partners and service providers.
  • The Services are hosted and operated in the United States and elsewhere throughout the world through us and certain of our service providers. By using the Services, you acknowledge that any Personal Data you provide to us will be hosted on servers in the United States and servers in other countries.
  • If you have any questions about this Privacy Policy, about our collection and use of your Personal Data, or whether any of the following applies to you, please contact us directly at support@foldapp.com, or at 11201 N Tatum Blvd, Ste 300 #42035 Phoenix AZ 85028.
  • As noted in our Terms of Service, we do not knowingly collect or solicit Personal Data from anyone under the age of 18. If you are under the age of 18, you are not allowed to use the Services, so please do not access or use the Site or the App, or attempt to send us any Personal Data. If we confirm that we have collected Personal Data from an individual under the age of 18, we will delete that information as quickly as possible.
  • This Privacy Policy does not apply to the practices of third parties that we do not own or control, including, but not limited to, any third-party websites, services, products or applications (each a “Third-Party Service”) that you elect to access and may interact with during your use of the Services, or to individuals that we do not manage or employ. We take steps to only work with Third-Party Services that share our respect for your privacy, although we cannot take responsibility for the content, products, services or privacy policies of those Third-Party Services. We encourage you to carefully review the privacy policies of any Third-Party Services you access.
  • Fold takes the protection of your personal data very seriously. To find out more, go to “How Do We Protect Your Personal Data?”

Quick Links

What Does This Privacy Policy Cover?

This Privacy Policy covers Fold’s processing of Personal Data that Fold gathers when you are accessing and using the Services. As used in this Privacy Policy, “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure.

This Privacy Policy does not apply to the practices of third parties, and their sites, services or applications that Fold does not own or control, or to individuals that Fold does not employ or manage (“Third Parties”). While we attempt to provide access only to those Third Parties that share our respect for your privacy, we cannot take responsibility for the content, actions or data protection policies or practices of those Third Parties. We encourage you to carefully review the data protection policies and practices of any Third Parties you access, and to carefully consider what kind of Personal Data you choose to post or otherwise make available through the Services.

This Privacy Policy also covers Fold’s treatment of any Personal Data that Fold’s business partners and service providers share with Fold, or that Fold shares with its business partners and service providers, to the extent Fold is the legally responsible party for such Personal Data under applicable privacy laws.

What Personal Data Does Fold Collect from You?

We collect Personal Data about you when (i) you provide such information directly to us, (ii) when third parties such as our business partners or service providers provide us with Personal Data about you, or (iii) when Personal Data about you is automatically collected in connection with your use of our Services.

By providing Personal Data of others to Fold, you represent that you have authority to do so. We disclaim responsibility for the information of others that you provide to us in the course of your use of the Services.

Information We Collect Directly from You

We receive Personal Data directly from you when you provide us with such Personal Data, including without limitation the following:

  • Account information, including your:
    • first and last name and
    • email address.
  • Any Personal Data that you make available on or through the Services.
  • Any Personal Data you provide us when making purchases, including your:
    • first name, last name
    • email address
    • billing address
    • date of birth, and
    • social security number.
  • Any personal Data required to complete Know Your Customer Background Checks and/or comply with the USA PATRIOT ACT, when opening and maintaining a Fold VISA Prepaid Debit Card Account with Sutton Bank; or when opening, using, and maintaining other accounts or services provided by Fold or Fold’s business partners; including:
    • first name, middle name, last name,
    • social security number
    • address,
    • date of birth, and
    • Drivers license or government issued ID and
    • Job applicant details, such as information included in your resume or CV, references, job history, and other information collected as part of evaluating your candidacy and processing your application for employment.

If applicable, in order to allow you to make payments, we, using Stripe as a third-party payment processor, may collect payment information from you. This information is used solely to collect and provide payments related to the Services, and is only stored by Stripe, not by us. You should review the terms of service and privacy policies of Stripe, available at https://stripe.com/us/privacy.

If applicable, in order to allow you to make complete instant funding and ACH transfers, we, using Astra, Inc. as a third-party payment processor, may collect payment information from you. This information is used solely to collect and provide payments related to the Services, and is only stored by Astra, not by us. You should review the terms of service and privacy policies of Astra, available at https://astra.finance/privacy/. If applicable, in order to create and manage your Fold Prepaid Debit Card account with Sutton Bank, we, using Sutton Bank as an issuing bank, collect Personal Data from you and will access that information from time to time. This information is used solely to provide you with the Fold Prepaid Debit Card and related services by Sutton Bank, not by us. You should review the privacy policies of Sutton Bank, available at https://www.suttonbank.com/_/kcms- doc/85/49033/WK-Privacy-Disclosure-1218.pdf.

If applicable, in order to facilitate the verification of your identity, Fold will use a third-party technology from Incode Technology, Inc. (hereinafter “Incode”) to collect information from or about you, such as your biometric information, selfie, and government-issued identification (collectively, “Biometric Information”). Incode may use your Biometric Information as further described in Incode’s Privacy Policy. You should review Incode’s Privacy Policy at https://incode.com/incode-privacy-policy/.

Information We Automatically Collect When You Use Our Services

Some Personal Data is automatically collected when you use our Services, such as the following:

  • IP address,
  • Web browser information,
  • Operating system information,
  • Pages you visit and links you click on for the Services only (not for marketing purposes), and
  • Certain Cookies (see below for more information).

Please note that when you access or use the Services, we use information from your web browser, including your IP address, and your device's settings and unique identifiers in order to reliably and accurately provide you with Services and information that apply to you.

Our Services, including our website pages, our App, and emails may contain small transparent embedded images or objects known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count website page visitors, email readers, movement in the App, or to compile other similar statistics such as recording website content popularity or verifying system and server integrity.

For fraud protection purposes only, (1) we collect your Battery Usage, Device Identifier, Device Storage, MAC Address, and SIM information; (2) we also collect enough information to determine if you are trying to fake your current location by using a VPN, VPN apps with location spoofing, or other related tools.

Information We collect From Third Parties

We may obtain information about you from third parties, including: 

  • Referees and other third parties whom you authorize to provide us with information, and
  • Third party data providers to assist us in verifying your identity.

Any information we obtain from third parties will be treated in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the information provided to us by third parties and are not responsible for any third party’s policies or practices.

Additional Information About Cookies

The Services use “Cookies” as defined herein to enable our servers to recognize your web browser and tell us how and when you visit and use our Site and Services in order to operate our Services. Cookies are small files – usually consisting of letters and numbers – placed on your computer, tablet, phone, or similar device when you use that device to visit our Site.

Cookies can either be “session Cookies” or “persistent Cookies.” Session Cookies are temporary Cookies that are stored on your device while you are visiting our Site or using our Services, whereas “persistent Cookies” are stored on your device for a period of time after you leave our Site or Services. The length of time a persistent Cookie stays on your device varies from Cookie to Cookie. We use persistent Cookies to keep a more accurate account of how often you visit our Services, how often you return, how your use of the Services may vary over time. Your browser may offer you a “Do Not Track” or “DNT” option, which allows you to signal to operators of websites, and web applications, and services that you do not wish such operators to track certain of your online activities over time and across different websites.  Like many websites, our website is not designed to respond to such signals, and we do not use or disclose your information in any way that would legally require us to recognize opt-out preference signals. To learn more about “Do Not Track” signals, you can visit http://www.allaboutdnt.com/. 

We use the following types of Cookies:

  • Essential Cookies. Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into secure areas of our Site or Services, maintain your preferences over time and recognize you when you return to our Services. Disabling these Cookies may make certain features and services unavailable.
  • Analytics cookies. We use analytics cookies, including through third party tracking technology partners, such as Google Analytics, to help us to improve our website by collecting and reporting information on how you use it.

You can decide whether or not to accept Cookies. One way you can do this is through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your computer. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some Services and functionalities may not work. To opt out of tracking by Google Analytics, you can download and install a plug-in available here.

To explore what Cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu.

How Do We Use Your Personal Data?

We process Personal Data to operate, maintain and understand our Services. For example, we use Personal Data to:

  • Verify and establish your Account,
  • Verify, establish, and maintain your Fold Prepaid Debit Card Account with Sutton Bank, if applicable,
  • Coordinate with business partners to assist opening accounts with business partners or facilitate your use of Fold Services through business partners,
  • Process and fulfill your purchases of products,
  • Protect against or deter fraudulent, illegal or harmful actions,
  • Communicate with you about the Services, including sending you updates, offers, emails, newsletters and other information that we believe may be of interest to you,
  • Provide support and assistance for the Services,
  • Identify trends and other statistical information that may be useful to our business,
  • Comply with our legal or contractual obligations,
  • Respond to user inquiries, 
  • Fulfill user requests,
  • Resolve disputes, and
  • Enforce our Terms of Service (including, for clarity, this Privacy Policy).

How and With Whom Do We Share Your Data?

We share limited Personal Data with vendors, third-party service providers, and agents who work on our behalf and provide us with services related to the purposes described in this Privacy Policy or our Terms of Service. We limit this based on the minimum information required for such vendors, third-party service providers, and agents to perform the required services.

These parties include:

  • Business partners;
  • Hosting service providers; 
  • Email providers;
  • Payment processors;
  • Card manufacturing, personalization, and delivery providers; 
  • Banking and financial partners and payment networks;
  • Analytics providers and search information providers; 
  • Cloud communication service providers;
  • Delivery providers; and 
  • Other contractors as needed for business purposes.

We also share Personal Data when we believe it is necessary to:

  • When we believe it is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
  • When we believe it is necessary to protect us, our business or our users. For example, to enforce our Terms of Service, prevent spam or other unwanted communications and investigate or protect against fraud.
  • When you give us your express consent to do so.
  • In the event that we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, in which case Personal Data would be one of the assets that is transferred to or acquired by the third party that is acquiring our assets. 

How Do We Protect Your Personal Data?

We seek to protect Personal Data using appropriate technical and organizational measures based on the type of Personal Data and applicable processing activity, including by: 

  • Limiting Personal Data tracking, and only storing that which we need to in order to deliver the Services.
  • Employing ‘least privilege principles’ when it comes to giving employees access to Personal Data – employees should only be able to access data if it is necessary for them to carry out the duties of their role. 
  • Minimizing the use of Third-Party Services to only those required to deliver the Services.

We understand the importance of the security of the information we collect, but we cannot promise that our security measures will eliminate all security risks or avoid all security breaches. Despite our reasonable efforts, no security measures are impenetrable, and we cannot guarantee “perfect security” of any personal information.

Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. Please also note that any information you send to us electronically, while using the Services or otherwise interacting with us, may not be secure while in transit. We recommend that you do not use unsecure channels to send us sensitive or confidential information.

Data Retention

We retain your information for as long as is reasonably necessary for the purposes specified in this Privacy Policy. When determining the length of time to retain information, we consider various criteria, including whether we need the information to continue to administer your account, provide the Services, resolve a dispute, enforce our contractual agreements, prevent harm, promote safety, security and integrity, or protect ourselves, including our rights, property or product. 

Do We Collect and Store the Personal Data of Children?

As noted in the Terms of Service, we do not knowingly collect or solicit Personal Data from anyone under the age of 18. If you are under 18, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us Personal Data, please contact us at support@foldapp.com.

California Residents

This section applies solely to all visitors, users, and others who reside in the State of California (“consumer” or “you”). We adopt this notice to comply with the California Consumer Privacy Act (the “CCPA”), and any terms defined in the CCPA have the same meaning when used in this section.

Information We Collect and Disclose

We may collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California-resident consumer or household (“personal information”). In particular, we have collected and disclosed (if applicable) the following categories of Personal Data (including “sensitive personal information” as defined under the CCPA, denoted by *) from consumers within the last twelve (12) months:

Category

Examples

Recipients

A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name and password*, Social Security number*, driver's license number*, passport number*, or other similar identifiers*. Service providers
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number*, physical characteristics or description, address, telephone number, passport number*, driver’s license or state identification card number*, insurance policy number, education, employment, employment history, account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. Service providers
C. Protected classification characteristics under California or federal law. Age (40 years or older)* Service Providers
D. Commercial information. Transaction information and information about products and services purchased. Service Providers
E. Biometric information. Faceprints Service Providers
F. Internet or other similar network activity. Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. Service Providers
G. Geolocation data. Approximate location inferred from IP address Service Providers

We do not use or disclose sensitive personal information as defined under Cal. Civ. Code § 1798.140(ae) in any way that is not permitted under Cal. Civ. Code § 1798.121.

For purposes of this Section, Personal information does not include:

  • Publicly available information from government records. 
  • Deidentified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from you. For example, from forms you complete, communications you send to us, or documents you provide to us, or when you interact with our Services.
  • Third parties. For example, from parties you direct to share your personal information with us.

Use of Personal Information

We use or disclose the personal information we collect in conformity with the How Do We Use Your Personal Data? section above. We may do so for one or more of the following business purposes:

  • To fulfill or meet the reason you provided the information. For example, to provide you with goods or services you request from us.
  • To provide information to respond to your specific request.
  • To provide you with support, including technical support and address your concerns, and monitor and improve our goods and services.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • When collecting your personal information or as otherwise set forth in the CCPA.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without obtaining your consent.

Disclosing Personal Information

We may disclose your personal information to service providers and contractors for business purposes, as described in the Information We Collect and Disclose section above. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both retain that personal information as confidential and not use it for any purpose except performing the contract.

Selling or Sharing of Personal Information

We do not “sell” or “share” (as those terms are defined under the CCPA) personal information, nor have we done so in the preceding 12 months. Further, we do not have actual knowledge that we sell or share personal information of residents under 16 years of age.

Your Rights and Choices 

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, Deletion, and Correction Rights), we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  •  The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data

portability request).

  • If we disclosed your personal information for a business purpose, a list identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights 

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, Deletion, and Correction Rights below), we will delete (and direct our service providers/contractors to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  1. Complete the transaction for which we collected the personal information, provide goods or services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform services for you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  6. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  7. Comply with a legal obligation.
  8. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Correction Requests

If you think some of the personal information we have about you is incorrect, you have the right to request that we correct the personal information in compliance with applicable data protection law. To exercise this right, please see Exercising Access, Data Portability, Deletion, and Correction Rights below.

Exercising Access, Data Portability, Deletion, and Correction Rights

To exercise the access, data portability, deletion, and correction rights described above, please submit a verifiable consumer request to us by:

  • Emailing us at: support@foldapp.com
  • Calling us at 1-866-365-3277
  • Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
  • You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Further information may be needed to verify your identity before exercising these rights, such as your email address or government issued ID. You may designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. Making a verifiable consumer request does not require you to create a business relationship with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you with a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Changes to This Privacy Policy

Fold may amend this Privacy Policy from time to time. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make changes in the way we use Personal Data, we will notify you by posting an announcement on our Site or Services or sending you an email. Users are bound by any changes to the Privacy Policy when he or she uses the Services after such changes have been first posted.

What If You Have Questions?

If you have any questions about this Privacy Policy or our data practices generally, please contact us using the following information:

Fold, Inc.

support@foldapp.com

1-866-FOLDAPP (1-866-365-3277)

11201 N Tatum Blvd, Ste 300 #42035 Phoenix AZ 85028