Download App

Download App

Download App

Download App

Legal:
Privacy policyTerms of serviceElectronic communications agreement

Privacy policy

Effective Date: October 1, 2023

1. Purpose

This Privacy Policy (“Policy”) outlines the compliance requirements associated with Grow Today’s product offering to customers. Grow Today partners with Solid Financial Technologies, Inc. (“Solid”) as a BaaS provider and bank partners to enable them to offer financial products and services to their end customers. 

The Policy sets out how Grow Today will comply with privacy laws and regulations, such as Gramm-Leach Bliley Act and its implementing regulation, Regulation P, and the FTC Safeguards Rule, the Right to Financial Privacy Act (“RFPA”), and other privacy and other applicable federal and state consumer financial privacy statutes, laws, and regulations (collectively, the Regulations) associated with its product offering. 

The Policy covers how and when Grow Today will collect, retain, process, share, protect and transfer customers’ personal data, including non-public personal information (NPPI). The Policy is to be used internally by Grow Today and its employees but also requires Grow Today to separately maintain a publicly available external Privacy Policy Statement on Grow Today’s website, as well as a consumer privacy notice to be shared directly with consumers, as applicable.

2. Scope

This Policy governs Grow Today business activities and applies to all Grow Today employees, regardless of tenure, position, or employment status and applies to all Grow Today’s products and services. When Grow Today engages an affiliated or non-affiliated vendor or third-party service provider to perform services on behalf of Grow Today, Grow Today is responsible for ensuring that the Servicers have adequate and effective controls in place to substantially meet the requirements of this Policy.

3. Solid’s Program Management Oversight

Grow Today agrees to adhere to Solid's policies, procedures, and requirements as detailed in the Master Services Agreement (MSA) and onboarding documentation, including all program management requirements.

Solid is required to comply with its bank partner(s) requirements which may be subject to change. As such, the contents of this Policy may change and Grow Today is responsible for staying updated and adapting to these changes in a reasonable timeframe, as notified by Solid.

This document does not supersede the MSA or any other agreement between Grow Today and Solid. Grow Today should refer to these agreements for a complete understanding of its responsibilities.

4. Grow Today Procedures

Consumer Products

  • Provide consumer Privacy notices (Reg P Model Form) at such time that the customer relationship is entered.
  • Provide Opt-Out Notice, as applicable, based on information sharing and the ability for the consumer to limit sharing.
  • Ensure consumer privacy notice is publicly available on Grow Today’s website.
  • Provide an Annual Privacy Notice to customers that accurately reflects Grow Today’s privacy policies and practices during the continuation of the customer relationship, unless Grow Today’s privacy practices have not changed since the last customer disclosure.
  • If It is Grow Today’s policy to market products or services to children under 13 in accordance with COPPA requirements, Grow Today will follow the requirements as noted below in this Policy.
  • If Grow Today is covered under the California Consumer Privacy Act (CCPA/CPRA), Grow Today shall comply with the provisions of the Acts which, in part, require notices explaining privacy practices in conjunction with the requirements.

Commercial Products

  • Provide Grow Today’s Privacy notices at account opening or with terms and conditions.
  • Ensure Grow Today privacy notice is publicly available on Grow Today’s website.

5. Key Terms

Term
Difinition
Consumer
An individual who seeks to obtain a financial product or service from Grow Today and has provided Non-public Personal Information (NPPI) to Grow Today in seeking to obtain an account or other access to Grow Today’s products and services. 
Customer
A consumer who has a continuing relationship with Grow Today that involves Grow Today providing one or more financial products.
Non-public Personal Information (“NPPI”)
Any information that a consumer provides to Grow Today to obtain a financial product or service from Grow Today; information about a customer resulting from a transaction involving Grow Today and the customer; and other information obtained about a customer in connection with Grow Today providing financial products and services to the customer.
Personal data
Any data or information considered to be personal in nature and not subject to public availability. Personal information includes, but is not limited to:
  • Individual names
  • Social Security numbers
  • Credit or debit card numbers
  • State identification card numbers
  • Driver's license numbers
  • Dates of birth
  • Income
Term
Difinition
Consumer
An individual who seeks to obtain a financial product or service from Grow Today and has provided Non-public Personal Information (NPPI) to Grow Today in seeking to obtain an account or other access to Grow Today’s products and services. 
Customer
A consumer who has a continuing relationship with Grow Today that involves Grow Today providing one or more financial products.
Non-public Personal Information (“NPPI”)
Any information that a consumer provides to Grow Today to obtain a financial product or service from Grow Today; information about a customer resulting from a transaction involving Grow Today and the customer; and other information obtained about a customer in connection with Grow Today providing financial products and services to the customer.
Personal data
Any data or information considered to be personal in nature and not subject to public availability. Personal information includes, but is not limited to:
  • Individual names
  • Social Security numbers
  • Credit or debit card numbers
  • State identification card numbers
  • Driver's license numbers
  • Dates of birth
  • Income

6. Gramm-Leach-Bliley Act

Title V of Gramm-Leach-Bliley Act (“GLBA”) generally prohibits any financial institution, directly or through its affiliates, from sharing non-public personal information about its customers with a non-affiliated third party. Grow Today values its customers and is committed to protecting the privacy of personal information in compliance with GLBA. Grow Today is committed to ensuring the continued protection and safeguarding of our customers’ NPPI.

The GLBA also implements the FTC’s Safeguards Rule that requires companies to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information. See Grow Today’s Information Security Policy for more information on its data security controls.

Privacy Notices

Subject to certain exceptions, Grow Today is required to provide the following disclosures to customers, as defined in the Regulation, at such time that the customer relationship is entered or before a customer’s information is shared with any non-affiliated third party:

Initial Privacy Notice
  • How Grow Today obtains and gathers information.
  • The circumstances under which Grow Today may share information; and
  • Instructions on how to limit the information sharing.
Opt-Out Notice
  • Initial Notice: at the time, initial disclosures are provided.
  • Annual Notice: at least annually, until the relationship is terminated; and
  • Change in Policy Notice: within 30 days of a material change in Grow Today’s policy regarding information collection, use or disclosure.

Additionally, the Regulation requires that Grow Today provide an Annual Privacy Notice to customers that accurately reflects Grow Today’s privacy policies and practices not less than annually during the continuation of the customer relationship, unless Grow Today’s privacy practices have not changed since the last customer disclosure.

Grow Today will implement procedures to provide the applicable disclosures in a manner consistent with the regulation, and to record a customer or consumer’s election to opt out of information sharing.

Limits on Disclosures

Subject to exceptions provided in the Regulation, Grow Today may not, directly or through any affiliate, disclose any non-public personal information about a consumer to a non-affiliated third-party unless:

  • Grow Today has provided to the consumer an initial privacy notice;
  • Grow Today has provided to the consumer an opt-out notice;
  • Grow Today has given the consumer a reasonable opportunity before it discloses the information to the non-affiliated third-party to opt-out of the disclosure; and
  • The consumer does not opt-out.

7. Right to Financial Privacy Act

The Right to Financial Privacy Act (12 USC 3401, 12 CFR 219, 29 CFR 19, 31 CFR 14)

establishes specific procedures for federal government authorities to follow when seeking member records. Grow Today will ensure that it has procedures implemented to adequately respond to a federal agency’s request for a customer’s financial information. 

To gain access to a member’s records, the RFPA requires, with certain exceptions, that the federal government agency obtain one of the following:

  • An authorization signed and dated by the member, which identifies the records being sought, the reasons the records are being requested, and the member’s rights under the Right to Financial Privacy Act (The agency’s request should be on an official form and contain the required member authorization.);
  • An administrative subpoena or summons;
  • A search warrant;
  • A judicial subpoena;
  • A formal written request by a government agency (to be used only if no administrative summons or subpoena authority is available).

Notwithstanding any of the exemptions provided in the RFPA, if Grow Today receives a request for information from a federal agency, it may not release the financial records of a member until the federal government authority seeking the records certifies in writing that it has complied with the applicable provision of the Right to Financial Privacy Act.

8. Children’s Online Privacy Protection Act

The Children’s Online Privacy Protection Act (COPPA) applies to operators of commercial websites and online services (including mobile apps and IoT devices) directed to children under 13 that collect, use, or disclose personal information from children. It is Grow Today’s policy to ensure that it markets products or services to children under 13 in accordance with COPPA requirements. Grow Today will maintain the following for its products or services that are offered to children under 13: 

  • Maintain a website privacy policy that aligns with COPPA requirements. 
  • Maintain a website privacy policy that provides notice of what data is collected, how it is used, and when and how it is disclosed to others. 
  • Provide parents with a direct notice of information practices prior to collecting any information on a child under 13. 
  • Obtain verifiable consent from a parent prior to collecting data from children.
  • Provide parents with a way to review the information collected from their children, and to demand that it be deleted. 
  • Provide parents with an opportunity to prevent further use or online collection of a child's personal information;
  • Establish procedures to protect the security and privacy of data collected from children.
  • Securely dispose of personal information of children under 13 once the information is no longer needed for a legitimate purpose. 
  • Not condition a child’s participation in an online activity on the child providing more information than is reasonably necessary to participate in that activity. 

9. California Consumer Privacy Act

In addition to Regulation P as stated in this policy, Grow Today shall comply with the provisions of California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). Grow Today shall provide to California residents notices explaining privacy practices in conjunction with the requirements of CCPA/CPRA along with Grow Today’s obligations as described in this policy under Regulation P in an integrated privacy policy. Grow Today shall disclose to California residents, as applicable:

  • The right to know about the personal information a business collects about them and how it is used and shared.
  • The right to delete personal information collected from them (with some exceptions).
  • The right to opt-out of the sale of their personal information; and
  • The right to non-discrimination for exercising their CCPA/CPRA rights. 

10. Relation to Other Laws

Fair Credit Reporting Act and FACTA

The Fair and Accurate Credit Transaction Act (“FACTA”), which amends the Fair Credit Reporting Act (FCRA), establishes numerous requirements that provide protection for the victims of identity theft, provide more information to customers about credit reports and credit scoring, limits sharing of information with affiliates, and protects customer medical and other information. See Grow Today’s Marketing Policy which outlines FCRA in further detail and for additional details on affiliate sharing. 

USA Patriot Act

To help the United States government prevent fraud and fight the funding of terrorism, money laundering and related activities, Section 326 of the U.S.A. Patriot Act requires that Grow Today obtain, verify, and record information that identifies each person or entity that applies for a product through Grow Today. Grow Today will obtain the required information for both consumer and commercial customers as required by the USA Patriot Act. If the customer fails or refuses to provide such information, Grow Today may decline to open an account or continue a customer relationship with said customer. See Grow Today BSA/AML Policy for additional details. 

11. Training

Training employees to adhere to the requirements of this policy is a crucial element in building a strong Compliance Program and a lasting culture of compliance. Grow Today requires all employees, affiliates, and service providers to receive training as is appropriate for their roles and/or responsibilities. Reporting of completion of training is required to be made to Solid and/or its bank partners, as appropriate. For more information on training schedules and requirements, see the Compliance Training Policy.

12. Record Retention

Grow Today will maintain documents accessible to all persons who are legally entitled to access them for the period required by law, or as required by Solid’s Document Retention Policy, whichever is longer, in a form capable of being accurately reproduced for later reference.

13. Exceptions

Generally, there are no exceptions to this policy. However, in certain circumstances, Solid’s Head of Compliance (or designee) may reasonably determine that a Policy exception is warranted based on specific request from Grow Today. If an exception is granted, Grow Today will keep a log of any exceptions approved.

Notwithstanding the foregoing, under no circumstances does Grow Today allow Policy exceptions that would result in a violation of law.

14. Responsibility

The CEO is responsible for ensuring this policy is followed. Any questions related to this policy must be directed to Solid’s Compliance team.

Experience the next gen money app. Free for 6 months:

Get in on
App Store
Get in on
Google Play

Remodal

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.