Last Updated: July 1, 2023
If you are a Fold cardholder or have applied for a Fold card, the principal privacy policy governing your prepaid card program belongs to Sutton Bank, the bank issuing your card, and is available at https://www.suttonbank.com/_/kcms-doc/85/49033/WK-Privacy-Disclosure-1218.pdf.
You may link an external, U.S.-issued bank account (an “Eligible Bank Account”) to your Fold VISA Prepaid Debit Card to load the card. Fold reserves the right to limit which banks or what types of accounts constitute an Eligible Bank Account. If you choose to link your Eligible Bank Account by providing the username and password you use to access your bank information online, you acknowledge (i) your personal and financial information is being provided to Plaid Inc.;(ii) that your personal and financial information will be collected, processed, transferred, or stored in accordance with Plaid Inc.’s Privacy Policy; and (iii) that you acknowledge and agree to Plaid Inc.’s Privacy Policy, available at https://plaid.com/legal/#end-user-privacy-policy.
Please Note: Fold, Inc. does not take responsibility for the content, products, services or privacy policies of third-party services, including those referenced above. We encourage you to carefully review the privacy policies of any third-party services you access.
This Privacy Policy describes Fold, Inc.’s ("Fold", “we”, “our” or “us”) policies and procedures regarding our collection, use and disclosure of your information in connection with your access and use of our Fold mobile application (the “App”) and at Foldapp.com (the “Site”), and the other services, features, products, content or applications offered by Fold (together with the Site and the App, the “Services”). As used in this Privacy Policy, “Personal Data” means any information that can be used to individually identify a person. All defined terms not defined herein shall have the meaning ascribed to them in the Fold Terms of Service, of which this Privacy Policy is a part.
We urge you to read this Privacy Policy in full, but wanted to mention a few things upfront:
This Privacy Policy covers Fold’s processing of Personal Data that Fold gathers when you are accessing and using the Services. As used in this Privacy Policy, “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure.
This Privacy Policy also covers Fold’s treatment of any Personal Data that Fold’s business partners and service providers share with Fold, or that Fold shares with its business partners and service providers.
This Privacy Policy does not apply to the practices of third parties, and their sites, services or applications that Fold does not own or control, or to individuals that Fold does not employ or manage (“Third Parties”). While we attempt to provide access only to those Third Parties that share our respect for your privacy, we cannot take responsibility for the content, actions or data protection policies or practices of those Third Parties. We encourage you to carefully review the data protection policies and practices of any Third Parties you access, and to carefully consider what kind of Personal Data you choose to post or otherwise make available through the Services.
We collect Personal Data about you when (i) you provide such information directly to us, (ii) when third parties such as our business partners or service providers provide us with Personal Data about you, or (iii) when Personal Data about you is automatically collected in connection with your use of our Services.
By providing Personal Data of others to Fold, you represent that you have authority to do so. We disclaim responsibility for the information of others that you provide to us in the course of your use of the Services.
We receive Personal Data directly from you when you provide us with such Personal Data, including without limitation the following:
If applicable, in order to allow you to make payments, we, using Stripe as a third-party payment processor, may collect payment information from you. This information is used solely to collect and provide payments related to the Services, and is only stored by Stripe, not by us. You should review the terms of service and privacy policies of Stripe, available at https://stripe.com/us/privacy.
If applicable, in order to allow you to make complete instant funding and ACH transfers, we, using Astra, Inc. as a third-party payment processor, may collect payment information from you. This information is used solely to collect and provide payments related to the Services, and is only stored by Astra, not by us. You should review the terms of service and privacy policies of Astra, available at https://astra.finance/privacy/.
If applicable, in order to create and manage your Fold Prepaid Debit Card account with Sutton Bank, we, using Sutton Bank as an issuing bank, collect Personal Data from you and will access that information from time to time. This information is used solely to provide you with the Fold Prepaid Debit Card and related services by Sutton Bank, not by us. You should review the privacy policies of Sutton Bank, available at https://www.suttonbank.com/_/kcms-doc/85/49033/WK-Privacy-Disclosure-1218.pdf.
If applicable, in order to facilitate the verification of your identity, Fold will use a third-party technology from Incode Technology, Inc. (hereinafter “Incode”) to collect information from or about you, such as your biometric information, selfie, and government-issued identification (collectively, “Biometric Information”). Incode may use your Biometric Information as further described in Incode’s Privacy Policy. You should review Incode’s Privacy Policy at https://incode.com/incode-privacy-policy/.
Some Personal Data is automatically collected when you use our Services, such as the following:
Please note that when you access or use the Services, we use information from your web browser, including your IP address, and your device's settings and unique identifiers in order to reliably and accurately provide you with Services and information that apply to you.
Our Services, including our website pages, our App, and emails may contain small transparent embedded images or objects known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count website page visitors, email readers, movement in the App, or to compile other similar statistics such as recording website content popularity or verifying system and server integrity.
For fraud protection purposes only, (1) we collect your Battery Usage, Device Identifier, Device Storage, MAC Address, and SIM information; (2) we also collect enough information to determine if you are trying to fake your current location by using a VPN, VPN apps with location spoofing, or other related tools.
The Services use “Cookies” as defined herein to enable our servers to recognize your web browser and tell us how and when you visit and use our Site and Services in order to operate our Services. Cookies are small files – usually consisting of letters and numbers – placed on your computer, tablet, phone, or similar device when you use that device to visit our Site.
Cookies can either be “session Cookies” or “persistent Cookies”. Session Cookies are temporary Cookies that are stored on your device while you are visiting our Site or using our Services, whereas “persistent Cookies” are stored on your device for a period of time after you leave our Site or Services. The length of time a persistent Cookie stays on your device varies from Cookie to Cookie. We use persistent Cookies to keep a more accurate account of how often you visit our Services, how often you return, how your use of the Services may vary over time. Your browser may offer you a “Do Not Track” or “DNT” option, which allows you to signal to operators of websites, and web applications, and services that you do not wish such operators to track certain of your online activities over time and across different websites. Because we collect browsing and persistent identifier data, the Services do not support Do Not Track requests at this time, which means that we may collect information about your online activity while you are using the Services.
We do not control third-party Cookies and third parties may use Personal Data collected using cookies or other technologies to track online activities over time and across different websites when you visit the Site.
We use the following types of Cookies:
You can decide whether or not to accept Cookies. One way you can do this is through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your computer. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some Services and functionalities may not work.
To explore what Cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu.
We process Personal Data to operate, maintain and understand our Services. For example, we use Personal Data to:
We share limited Personal Data with vendors, third-party service providers, and agents who work on our behalf and provide us with services related to the purposes described in this Privacy Policy or our Terms of Service. We limit this based on the minimum information required for such vendors, third-party service providers, and agents to perform the required services. These parties include:
We also share Personal Data when we believe it is necessary to:
As part of the Services, you will receive from Fold email and other communications. You acknowledge and agree that by availing yourself of the Services, you allow Fold to send you email and other communication that it determines in its sole discretion relate to your use of the Services.
Last, we also share information with third parties when you give us your express consent to do so.
Furthermore, Fold will NOT sell Personal Data to a third party under any circumstances, except solely in the event that we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, in which case Personal Data would be one of the assets that is transferred to or acquired by the third party that is acquiring our assets. HOWEVER, you should know that:
You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Data only as set forth in this policy.
We seek to protect Personal Data using appropriate technical and organizational measures based on the type of Personal Data and applicable processing activity. As a security-first company, we go to extreme measures to protect the security and privacy of our customers and our employees.
We understand the importance of the security of the information we collect, but we cannot promise that our security measures will eliminate all security risks or avoid all security breaches. However, Fold cannot guarantee the security of any Account information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
As noted in the Terms of Service, we do not knowingly collect or solicit Personal Data from anyone under the age of 18. If you are under 18, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us Personal Data, please contact us at support@foldapp.com.
This privacy notice for California residents supplements the information contained in our Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California (“consumer” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 (collectively, the “CCPA”), and any terms defined in the CCPA have the same meaning when used in this notice.
Information We Collect
We may collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
Personal information does not include:
We obtain the categories of personal information listed above from the following categories of sources:
Use of Personal Information
We use or disclose the personal information we collect in conformity with the How Do We Use Your Personal Data? section above. We may do so for one or more of the following business purposes:
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Disclosing Personal Information
We may disclose your personal information to service providers and contractors for business purposes. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both retain that personal information as confidential and not use it for any purpose except performing the contract.
Disclosures of Personal Information for a Business Purpose
We have disclosed the following categories of personal information with our affiliated companies, service providers and public or government (including enforcement) authorities for our business purposes:
Selling or Sharing of Personal Information – Sensitive Personal Information
California law requires that we provide transparency about personal information we “sell” which, for the purposes of the CCPA, broadly means scenarios in which we have shared personal information with third parties in exchange for valuable consideration. California law also requires that we provide transparency about personal information we “share” which, for the purposes of the CCPA means scenarios in which we have disclosed personal information with third parties for the purpose of cross-contextual behavior advertising. While we do not provide personal information about you to other companies for money, we do allow our advertising and analytics partners to collect certain device identifiers, commercial information, and internet or other electronic network activity information via our Services to show ads that are targeted to your interests in ways that may be considered “selling” or “sharing” under the CCPA. We also might rent, exchange, share, and/or cross reference information, including contact information about you that enable other businesses to contact you regarding products and services that may be of interest to you. In the preceding 12 months, we have “sold” or “shared” the following categories of personal information to the following categories of third parties: NONE
You have the right to opt out of these sales at any time by visiting our ‘Do Not Sell/Share My Personal Information’ by contacting us here. We do not knowingly sell or share personal information of consumers under the age of 16.
You may also opt-out by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) on the browsers and/or browser extensions that support such a signal.
We do not have actual knowledge of our selling or sharing personal information belonging to consumers under 16 years of age.
We do not use or disclose sensitive personal information as defined under Cal. Civ. Code § 1798.140(ae) in any way that is not permitted under Cal. Civ. Code § 1798.121.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, Deletion, and Correction Rights), we will disclose to you:
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, Deletion, and Correction Rights below), we will delete (and direct our service providers/contractors to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
Correction Requests
If you think some of the personal information we have about you is incorrect, you have the right to request that we correct the personal information in compliance with applicable data protection law. To exercise this right, please see Exercising Access, Data Portability, Deletion, and Correction Rights below.
Exercising Access, Data Portability, Deletion, and Correction Rights
To exercise the access, data portability, deletion, and correction rights described above, please submit a verifiable consumer request to us by:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create a business relationship with us.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response to the email address from which you submit it.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
California’s “Shine the Light” (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information for marketing purposes so there is no need to make such a request.
Fold may amend this Privacy Policy from time to time. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make changes in the way we use Personal Data, we will notify you by posting an announcement on our Site or Services or sending you an email. Users are bound by any changes to the Privacy Policy when he or she uses the Services after such changes have been first posted.
If you have any questions about this Privacy Policy or our data practices generally, please contact us using the following information:
Fold, Inc.
1-866-FOLDAPP (1-866-365-3277)
11201 N Tatum Blvd, Ste 300 #42035 Phoenix AZ 85028
