(Updated March 15, 2022)
What Data Does Tern Collect, How Do We Collect It, and Why?
Cookies and Caching. Whenever you visit the Tern website (www.ternitup.com/ or subdomains), we utilize “cookies” and caching to distinguish you from other users and collect browser type, operating system, device information, IP address, geographic location, language preference, referring site, click-activity, and the time of each visit. “Cookies” are text files placed on your computer to collect standard internet log information and visitor behavior information. We allow a third-party, Google Analytics, to analyze this data and provide feedback to us about our website visitors. We have a legitimate interest in using cookies, caching, and Google Analytics to make our website and Services operate efficiently and safely and to market certain products and services to you. You can set your browser not to accept cookies or to clear caching. However, if you delete cookies or clear caching, some of our website features may not function properly.
Google Analytics and Other Third-Party Tracking. We participate in behavior-based advertising. This means that a third-party uses technology (e.g. cookies) to collect information about your use of our website so that Tern can improve website performance (e.g. screen loading, market reach, operating system and device compatibility and optimization, product content relevance). Third-party cookies collect your email address, IP address, country code, technical data, website errors, and your actions on our site. Every webpage includes a notice soliciting consent upon your first visit to the site. If you wish to revoke your consent, you can delete the cookies.
Account Creation. When you create an account, we collect your name, email address, social security number (or other government identification number, as applicable), date of birth, phone number, residential and mailing address, Internet Protocol (“IP”) address (a number that is assigned to a computer when the Internet is used), device information, and your desired security settings. If you are creating an account as a business, we will also collect your business name, address, and phone number; Employer Identification Number; state and date of registration or incorporation; business website; type of business; company bank and other financial and corporate information; as applicable. Administrative Accounts can be used to load and withdraw funds, make and collect payments, add/delete approved users, set velocity limits and other preferences, and review transactions, depending on various Program limits set by our partner Bank(s). User Accounts can be used to load and withdraw funds, transfer funds to other account holders, spend funds loaded to the account with approved merchants, request additional users, and review transactions, depending on various Program limits set by our partner Bank(s). We have a legitimate interest in providing account related functions to our users and to ensure our programs comply with anti-money laundering, know-your-customer, and other regulatory requirements.
Transaction Data, Monitoring, and Processing. We securely encrypt, collect, and transmit personal and transactional data in accordance with Payment Card Industry Data Security Standards. When you initiate or perform a transaction, we collect data such as amount, date, merchant, and payment method information to confirm, process, and record the transaction. This may also include information about financial accounts held with third parties, if applicable. This information may be shared with other third parties to facilitate the transaction. We also collect information relating to the actions that you perform while logged into your account. We have a legitimate interest in the prevention, detection, and investigation of fraud, money laundering, criminal activity, and other misuse of our services. We may also have a legal obligation to collect this information or validate your identity for compliance with Anti-Money Laundering and other financial regulations in the jurisdictions where we operate. We have a legitimate interest in confirming that you are an active account holder and that you have initiated any transfer using your account. We also have a legitimate interest in creating a trustworthy, safe, and reliable platform that complies with our contractual, regulatory, bank, processor, and network requirements and obligations.
Email Interconnectivity. If you receive an email from us, we use certain tools to capture data related to when you open our message and click on any links or banners it contains. We have a legitimate interest in understanding how you interact with our communications to you.
Feedback and Support. If you provide us feedback or contact us for support, we will collect your name, email address, phone number, and any other content that you provide in order for us to reply. If you contact us about your account, we may collect additional information to verify your identity and connection to the account. We have a legitimate interest in receiving, and acting upon, your feedback or issues.
Marketing and Customer Communication. When you sign up for one of our marketing or customer lists, we collect your name, email address, phone number, and/or postal address. We share information about our products and services with individuals that consent to receive such information. We also send emails, text (short message service), and in-app messages regarding updates to our Services, your account behavior, and requests for support, and other engagement with our services. We also have a legitimate interest in sharing information about our products or services.
In addition to the purposes and uses described above, we also use information…
To enforce our agreements with third parties, to resolve disputes, collect fees, and troubleshoot problems.
For quality control and staff training.
For internal administrative purposes, as well as to manage our relationships.
To comply with our legal obligations.
Although the sections above describe primary purposes in collecting your information, in many situations we have more than one purpose. For example, if you complete a transaction, we will collect your information to perform our contract with you, but we also collect your information as we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about your transaction. As a result, our collection and processing of your information is based in different contexts upon your consent, our need to perform a contract, our obligations under law, and/or our legitimate business interests.
How Do We Protect Your Personal Information?
No method of transmission over the internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law. Some of our websites permit you to create an account. When you create an account, you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether or not such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account.
How Do We Store Your Data and For How Long?
All personally identifiable information collected and stored by Tern is always encrypted and is only accessed by those with a need-to-know. Tern contracts with reputable third-party companies who will securely store your data. Data collected and stored by Tern is reviewed annually to ensure it is stored in compliance with contractual and regulatory requirements. The retention period for data is determined by whether there is a continued regulatory requirement or legitimate usefulness to Tern. Generally, information related to a financial transaction or service must be securely retained for five years from the date of receipt. Once this time period has expired, and Tern no longer has any legitimate interest in retaining the data, we will delete your data and document the destruction.
What Information Do We Share?
We reserve the right to share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage. We may also share your information with service providers and partner banks, networks, and processors. Among other things, service providers may help us to administer our website, conduct surveys, provide technical support, process payments, and assist in the fulfillment of transactions. We may also disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the provision of services by a third-party intermediary.
What are your Data Protection Rights?
Every user is entitled to the following rights:
Access. You have the right to request copies of your personal data. We may charge you a small fee for this service.
Rectification. You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
Erasure. You have the right to request that we erase your personal data, under certain conditions.
Restrict or Object to Processing. You have the right to object to or request that Tern restrict the processing of your personal data under certain conditions, and opt-out of having your information sold to third parties.
Data Portability. You have the right to request that Tern transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you revoke your consent for the processing of personal information then we may no longer be able to provide you services. In some cases, we may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity. You may revoke consent to processing (where such processing is based upon consent) by contacting us at the address described in the “How to Contact Us” section below.
How to Access Your Personal Information
You may request access to your personal information by contacting us at the address described in the “How to Contact Us” section. If required by law, upon request, we will grant you reasonable access to the personal information that we have about you.
Changes to Your Personal Information
We rely on you to update and correct your personal information. Most of our websites allow you to modify or delete your account profile. Note that we may keep historical information in our backup files as permitted or required by law. If our website does not permit you to update or correct certain information contact us using the details described in the “How to Contact Us” section below.
Deletion of Your Personal Information
Typically, we retain your personal information for the period necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. You may, however, request information about how long we keep a specific type of information, or request that we delete your personal information by contacting us at the address described in section Contact Information. If required by law, we will grant a request to delete information, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.
We may use automated decision-making to decide whether we can provide services to you based on automated identity verification. If you wish to have a human review the decision or otherwise object, you may do so by contacting us at the address described in the “How to Contact Us” section below.
We do not currently recognize automated browser signals regarding tracking mechanisms, which may include “Do Not Track” instructions
Direct Marketing and Promotional Emails
Direct marketing is considered email, post mail, and telephone outreach to inform you of our offerings and promote our products. You may choose to provide us with your email address and phone number for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties. You can stop receiving promotional emails or SMS texts by following the unsubscribe instructions in e-mails that you receive. Your telephone and post mail opt-out choices will last for five years, subject to applicable law. If you decide to limit direct marketing and not to receive promotional emails, we may still send you service-related communications to service your account or as otherwise allowed by law.
How to Contact Us
If you have any questions, comments, or complaints concerning our privacy practices, the data we hold about you, or you would like to exercise one of your data protection rights, please contact our Chief Compliance Officer via email at [email protected] If you make a request, we have one month to respond to you. You may also contact us at the following email, telephone number, or mailing address:
How to Contact a Government Authority
Tern is not a bank, so we are not regulated as a bank. However, Tern partners with banks to provide software related to financial services. Our partner banks are regulated by state banking regulators as well as the following agencies:
Additional and Miscellaneous Information
Information for California Residents. California Civil Code 1798.115(c), 1798.130(a)(5)(c), 1798.130(c), and 1798.140 indicate that organizations should disclose whether certain categories of information are “sold” or transferred for an organization’s “business purpose” as those terms are defined under California law. If you would like more information concerning the categories of personal information (if any) we share with third parties or affiliates for those parties to use for direct marketing please submit a written request to us using the information in the “How to Contact Us” section above.
Information for Nevada Residents. We are providing you this notice under state law. Should we participate in direct marketing, you may be placed on our internal Do Not Contact List by following the directions to limit it. Nevada law requires we provide the following contact information: Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; Phone number: 702.486.3132; email: [email protected] You may submit a written request to us using the information in the How to “Contact Us” section above.