Updated: August 4, 2021

Ellis Technologies, Inc. (“Ellis”) respects your privacy. This section of this Agreement describes our privacy practices regarding Personal Information we collect from individuals for all the products and services offered by Ellis (including on our website (“Site”) and mobile application (“App”) (collectively, the “Services”)).

If you do not agree with all of the terms of this Agreement (including this Privacy Policy), you should not use, browse, or otherwise access any of the Services.  By browsing or using any of the Sites, you signify your agreement to this Agreement (including this Privacy Policy).

When you sign up for an account with Ellis, Ellis may collect and use your personal information on behalf of Blue Ridge Bank N.A. (Ellis’ “Bank Partner”) to facilitate the provision of banking services pursuant to The Blue Ridge Consumer Privacy Notice as applicable. Federal law requires our Bank Partner to provide notice to certain consumers to explain what personal information they collect, how they share it, and how consumers may limit our Bank Partner’s sharing of the information. The privacy practices of our Bank Partner are subject to their privacy notices and terms of service, which we strongly suggest you review.  Ellis is not responsible for our Bank Partner’s information practices or privacy notices.

I. Personal Information We May Collect About You

We obtain personal information about you in various ways, such as when you use our Services, communicate with us, or interact with our customer support representatives.

The types of personal information we may obtain about you include:

  • Identifiers such as name, Social Security number, date of birth, postal and email address, and phone number;
  • Government-issued photo ID, such as a driver’s license or passport, photograph, proof of address documentation (such as a I-20 form) and proof of identity documentation;
  • Login credentials for your Ellis account;
  • Financial information, including your account number from our Bank Partner, Ellis account transaction history, account information about your linked non-Ellis bank accounts (such as transaction information and balances), and payment card information;
  • Direct deposit status (whether you electronically deposit a portion of your regular paycheck or benefit payment above a minimum threshold);
  • Physical characteristics, demographic information and similar details (such as sex, gender, race, color, marital or family status, citizenship status, military or veteran status, signature, language preference and national origin) present in documents (e.g., IDs, tax returns) you provide;
  • Commercial information, including interest in a product or service, purchasing or consuming tendencies, and receipts or records of purchase or enrollment in products or services;
  • Voice recordings (such as when you call Ellis’s customer support);
  • Biometric information (such as a facial image collected for identity verification, if you use certain features of our App);
  • Social media handles;
  • Information you provide through customer support interactions and that you provide about your experience with Ellis, including via questionnaires, surveys, participation in user research or other feedback;
  • Geolocation data;
  • Information provided by marketers and other websites on which Ellis advertises;
  • Information you provide through contacts integration, including a list of contacts from your phone’s operating system; and
  • Other information you choose to provide, such as through our “Contact Us” feature, emails or other communications (such as with customer support), referrals, on social media pages, or in registrations and sign-up forms.

When you visit our Site, we may obtain certain information by automated means, such as cookies, web beacons, web server logs and other technologies. A “cookie” is a text file that websites send to a visitor’s computer or other internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an internet tag, pixel tag or clear GIF, links web pages to web servers and cookies and may be used to transmit information collected through cookies back to a web server. The information we collect in this manner may include your device IP address, unique device identifier, web browser characteristics, device characteristics, operating system, language preferences, referring URLs, clickstream data, and dates and times of website visits.

When you use our App, we also may collect certain information by automated means, such as through device logs, server logs and other technologies. The information we collect in this manner may include the device type used, the mobile operating system, device identifiers and similar unique identifiers, device settings and configurations, IP addresses, battery and signal strength, usage statistics, referring emails and web addresses, dates and times of usage, actions taken on the App, and other information regarding use of the App. In addition, as indicated above, we may collect your device’s geolocation information. Your device’s operating platform may provide you with a notification when the App attempts to collect your precise geolocation. Please note that if you decline to allow the App to collect your precise geolocation, you may not be able to use all of the App’s features or the offers available through the App.

We may use these automated technologies on our Services to collect information about your equipment, browsing actions and usage patterns. These technologies help us (1) remember your information so you do not have to re-enter it; (2) track and understand how you use and interact with our Services, including our online forms, tools or content; (3) tailor the Services around your preferences; (4) measure the usability of our Services and the effectiveness of our communications; and (5) otherwise manage and enhance our products and services, and help ensure they are working properly.

Your browser may tell you how to be notified about certain types of automated collection technologies and how to restrict or disable them. Please note, however, that without these technologies, you may not be able to use all of the features of our Services. For mobile devices, you can manage how your device and browser share certain device data by adjusting the privacy and security settings on your mobile device.

II. How We Use Personal Information We Collect

We use personal information for the purposes for which it was collected, or as provided in this Privacy Policy or in any agreement you have with us. This includes creating your account and providing you with access to the Services, confirming your identity and eligibility for our Services, investigating or settling disputes, or to protect our rights or those of others. We also use personal information to investigate breaches, fraud, or cooperate with authorities, and to manage, protect and improve our business, such as by providing customer service, developing new products and services, marketing, conducting analytics, and for legal compliance.

III. How We Share Personal Information

We may disclose personal information that we collect in the following circumstances:

  • With our subsidiaries and affiliates;
  • With our contractors and vendors who support the following aspects of the Service and our business: payment processing and bill collection, bank account identity and authentication, email and text message marketing, helpdesk and support, user identity verification, and fraud prevention;
  • With our banking partners who enable the processing of transactions via the Service;
  • With a buyer or other successor in the event of a merger, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users is among the assets transferred;
  • When we believe, in good faith, that disclosure is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our Terms of Service or any other applicable policies; and
  • With your express consent.

Additionally, we may share your personal information as required to comply with any subpoena, court order, similar legal process, including to respond to any government or regulatory request. To the extent permitted by law, we will notify you if we receive government requests about your data.

Finally, we may disclose anonymized, non-personal information about the Service and our users without restriction.

IV. We Do Not Sell Your Personal Information

We do not and will not sell Personal Information.

V. How We Protect Personal Information

We maintain administrative, technical, and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized access, destruction, loss, alteration, disclosure or use.

VI. California Data Privacy Rights

If you are a California resident, you may have certain rights with respect to Personal Information as set forth under California law and explained below.

A. Shine the Light

California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about the Personal Information (if any) disclosed to third parties for direct marketing purposes in the preceding calendar year.  We do not share Personal Information with third parties for their own marketing purposes.

B. CCPA Rights of Individuals

You can request the following information from us, with respect to the Personal Information that we have collected about you in the 12 months prior to our receipt of your request:

  • The categories of Personal Information we have collected about you
  • The categories of sources from which we collected your Personal Information
  • The business or commercial purposes for which we collected the Personal Information
  • The categories of third parties with which we shared your Personal Information
  • The categories of Personal Information we have disclosed or shared for a business purpose
  • The specific pieces of Personal Information we collected
D. Your Right To Request Deletion of Personal Information We Have Collected From You

Upon request, we will delete the Personal Information we have collected about you that is covered by the CCPA, situations where the CCPA authorizes us to retain specific information, including when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law.  The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us.

E. We Are Service Providers to Our Clients

When we collect and process Personal Information on our clients, we act as their “service provider,” as that term is defined in the CCPA.  We do not disclose, use, or retain any of the Personal Information we collect when collecting or processing Personal Information on behalf of our clients for any purpose other than the specific purpose of performing the services specified in our contracts with our clients. This means that the Company does not own the Personal Information we collect on behalf of our clients.

F. Exercising Your Rights and How We Will Respond

To exercise any of the rights above, or to ask a question, you may contact us using the contact information provided on our Sites. 

For requests for access or deletion, we will first acknowledge receipt of your request within 10 days of receipt of your request.  We provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request in certain jurisdictions or under certain circumstances.  If we expect your request is going to take us longer than normal to fulfill, we will let you know.

G. Verification of Identity – Access or Deletion Requests

If we are unable to verify your identity with the degree of certainty required based on the type of information or action you are requesting, we will not be able to respond to the request.  We will notify you to explain the basis of the denial.

H. Authorized Agents

You may designate an agent to submit requests on your behalf.  The agent can be a natural person or a business entity that is registered with the California Secretary of State.

If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process.  You will be required to verify your identity by providing us with certain Personal Information as described above, depending on whether you hold an account with us or not and the nature of the information you require, which we will endeavor to match the information submitted to information we maintain about you.  Additionally, we will require that you provide us with written confirmation that you have authorized the agent to act on your behalf, and the scope of that authorization.  The agent will be required to provide us with proof of the agency relationship, which may be a declaration attesting to the agent’s identity and authorization by you to act on their behalf, signed under penalty of perjury.  If the agent is a business entity, it will also need to submit evidence that it is registered and in good standing with the California Secretary of State.  Information to identify and verify your agent can be submitted through the same mechanism and at the same time that you submit information to verify your identity.

Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney.  Any such requests will be processed in accordance with California law pertaining to powers of attorney.

I. Requests for Household Information

There may be some types of Personal Information that can be associated with a household (a group of people living together in a single dwelling).  Requests for access or deletion of household Personal Information must be made by each member of the household.  We will verify each member of the household using the verification criteria explained above.

If we are unable to verify the identity of each household member with the degree of certainty required, we will not be able to respond to the request.  We will notify you to explain the basis of our denial.

VII. Children’s Privacy

Our Services are designed for a general audience and are not directed to children. In connection with the Services, we do not knowingly solicit or collect personal information from children under the age of 13 without parental consent.

VIII. Third Party Sites

From time to time, we may advertise certain third party services through our Sites which we feel will be helpful or relevant to you (collectively, “Third Party Services”).

When you click on a link for a Third Party Service, your web browser will be redirected to the third party provider of the Third Party Service that you selected.  Third party providers may have privacy policies that are different from this Agreement, and you should read carefully the privacy policies of those vendors prior to releasing any of your information to them, financial or otherwise.

Third Party Services may also require you to agree to certain terms and conditions of use (collectively, “Third Party Conditions”) before using or accessing those services.  Often, Third Party Conditions describe and govern how third party providers use your Personal Information, so you should read carefully all Third Party Conditions prior to releasing any of your information to such third party sites.

We do not endorse, warrant, or guarantee the nature, scope, quantity, availability, or quality of any Third Party Services.  We make you aware of such services solely for your convenience.  If you have any questions, comments, or concerns about any Third Party Service, you are instructed to contact the vendor offering the service.

IX. Honoring do-not-track browser signals

“Do Not Track” (“DNT”) is a preference you can set in your web browser to let the websites you visit know that you do not want them collecting information about you. At this time, this Site does not respond to DNT or similar signals.

X. Changes to this Agreement

We reserve the right to amend, alter, or otherwise change this Agreement in our sole and absolute discretion. When we make changes to this Agreement, we will amend the “Updated” date at the top of this page, and such modified or amended version of this Privacy Statement shall be effective as to you and your information as of that revision date. We encourage you to review this Agreement periodically to be informed about how we are protecting your information.

XI. Contact Us

If you have any questions about this Agreement, or to request a copy of this Agreement in another format, you may email legal@joinellis.com or call us at +1 (347) 650-3162.

When contacting the Privacy Officer please be sure to provide your name, your physical address, your email address, your phone number (if you wish to be contacted by telephone), and a description of the question or issue that you wish to have resolved.

If you are located in the United Kingdom or European Economic Area (“EEA”) and believe we have not adequately resolved any issues, you may contact the Supervisory Authority concerned.