1. Information We Collect
1.1. Information you share
When you connect your bank accounts with an application or otherwise connect your bank accounts through Stitch, where applicable, we collect security credentials required by the provider of your account, such as your username, password, pin, etc.
We do not currently, but may in future collect your phone number, email address, security questions and answers, and Multi Factor Authentication (MFA) such as One Time Pins (OTPs) to help verify your identity before connecting your bank accounts. This would be done to ensure security on your accounts.
When providing this information, you give the Developers and Stitch the authority to act on your behalf to access and transmit your End User Information from the relevant bank or other entity that provides your bank accounts (collectively known as “Bank Providers”).
1.2. Information we collect from your bank accounts:
The information we receive from the Bank Providers varies depending on the specific Stitch services Developers use to enable their applications, as well as the information made available by those Bank Providers.
All information comes in the form of permissioned access granted by you, simply, you need to explicitly grant access to share this information.
Neither Stitch, nor the Developer is able to access information that you have not explicitly shared.
In general, we collect the following types of identifiers, commercial information, and other personal information from your Bank Provider:
- Account information, including bank name, account name, account type, account holder, branch number;
- Information about an account balance, including current and available balance;
- Information about investment accounts, including transaction information, type of asset, identifying details about the asset, quantity, price, fees, and cost basis;
- Identifiers and information about the account holder(s), including name, email address, phone number, date of birth, gender, and address information;
- Information about account transactions, including amount, date, type, price, and a description of the transaction;
1.3. Information we receive from your devices:
We do not currently, but may in future receive information about the devices used to connect using Stitch. We may receive identifiers and network activity information about that device, including IP address, hardware model, operating system, which features within our services you access, and other technical information about the device.
This would be done to ensure security around your bank accounts and prevent fraudulent access.
2. How We Use Your Information
We use your End User Information for a number of purposes, including to operate, improve, and protect the services we provide, and to develop new services. More specifically, we use your End User Information:
- To operate, provide, and maintain our services;
- To improve, enhance, modify, add to, and further develop our services;
- To protect you, Developers, our partners, Stitch, and others from fraud, malicious activity, and other privacy and security-related concerns;
- To develop new services;
- To provide customer support to you or to Developers, including to help respond to your inquiries related to our service or Developers’ applications;
- To investigate any misuse of our service or Developers’ applications, including criminal activity, or other unauthorized access to our services; and
- For other notified purposes with your consent.
- We use your security credentials (such as your username, password, pin, etc) to provide access to your data, with your permission, to the Developer. We securely store this information only if you have granted the Developer recurring access to your account.
- If you have not, that information is securely transmitted for a single request, but never stored.
The Developer never has access to your security credentials.
We share your End User Information for a number of purposes:
- With the Developer of the application you are using and as directed by that Developer (such as with another third party if permissioned by you);
- If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order);
- In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
- Between and among Stitch and our current and future parents, affiliates, subsidiaries and other companies under common control or ownership;
- As we believe reasonably appropriate to protect the rights, privacy, safety, or property of you, Developers, our partners, Stitch, and others; or
- For any other notified purpose with your consent.
4. Our Retention Practices
We retain End User Information for no longer than necessary to fulfil the purposes for which it was collected and used, as described in the Terms, unless a longer retention period is required or permitted under applicable law. This includes adherence to the POPI Act in South Africa (Protection of Personal Information Act 4 of 2013).
As permitted under applicable law, even after you stop using an application or terminate your account with one or more Developer, we may still retain your information (for example, if you still have an account with another Developer).
However, your information will only be processed as required by law or in accordance with the Terms.