Data Practices

October 8, 2024

1. Information We Collect

1.1. Information you share

When you connect your bank accounts with an application or otherwise connect your bank accounts through Stitch, where applicable, we collect security credentials required by the provider of your account, such as your username, password, pin, etc.

We do not currently, but may in future collect your phone number, email address, security questions and answers, and Multi Factor Authentication (MFA) such as One Time Pins (OTPs) to help verify your identity before connecting your bank accounts. This would be done to ensure security on your accounts.

When providing this information, you give the Developers and Stitch the authority to act on your behalf to access and transmit your End User Information from the relevant bank or other entity that provides your bank accounts (collectively known as “Bank Providers”).

1.2. Information we collect from your bank accounts:

The information we receive from the Bank Providers varies depending on the specific Stitch services Developers use to enable their applications, as well as the information made available by those Bank Providers.

All information comes in the form of permissioned access granted by you, simply, you need to explicitly grant access to share this information.

Neither Stitch, nor the Developer is able to access information that you have not explicitly shared.

In general, we collect the following types of identifiers, commercial information, and other personal information from your Bank Provider:

Account information, including bank name, account name, account type, account holder, branch number;
Information about an account balance, including current and available balance;
Information about investment accounts, including transaction information, type of asset, identifying details about the asset, quantity, price, fees, and cost basis;
Identifiers and information about the account holder(s), including name, email address, phone number, date of birth, gender, and address information;
Information about account transactions, including amount, date, type, price, and a description of the transaction;

The data collected from your bank accounts includes information from all your accounts (e.g., checking, savings, and credit card) accessible through a single set of account credentials.

1.3. Information we receive from your devices:

We may receive information about the devices you use to interact with Stitch. This includes identifiers and network activity information, IP address, hardware model, operating system and other technical information about the device, along with which features within our services you access.

This information is used to improve security and detect fraudulent access, as well as improve the quality of our products.

2. How We Use Your Information

We use your End User Information for a number of purposes, including to operate, improve, and protect the services we provide, and to develop new services. More specifically, we use your End User Information:

To operate, provide, and maintain our services;
To improve, enhance, modify, add to, and further develop our services;
To protect you, Developers, our partners, Stitch, and others from fraud, malicious activity, and other privacy and security-related concerns;
To develop new services;
To provide customer support to you or to Developers, including to help respond to your inquiries related to our service or Developers’ applications;
To investigate any misuse of our service or Developers’ applications, including criminal activity, or other unauthorized access to our services; and
For other notified purposes with your consent.
We use your security credentials (such as your username, password, pin, etc) to provide access to your data, with your permission, to the Developer. We securely store this information only if you have granted the Developer recurring access to your account.
If you have not, that information is securely transmitted for a single request, but never stored.

Besides for security credentials (in the instance of recurring access), we do not store any information or data related to you. We simply pass this data on to the Developer.

The Developer never has access to your security credentials.

3. How We Share Your Information

We share your End User Information for a number of purposes:

With the Developer of the application you are using and as directed by that Developer (such as with another third party if permissioned by you);
If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order);
In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
Between and among Stitch and our current and future parents, affiliates, subsidiaries and other companies under common control or ownership;
As we believe reasonably appropriate to protect the rights, privacy, safety, or property of you, Developers, our partners, Stitch, and others; or
For any other notified purpose with your consent.

We do not sell or rent personal information that we collect.

4. Our Retention Practices

We retain End User Information for no longer than necessary to fulfil the purposes for which it was collected and used, as described in the Terms, unless a longer retention period is required or permitted under applicable law. This includes adherence to the POPI Act in South Africa (Protection of Personal Information Act 4 of 2013).

As permitted under applicable law, even after you stop using an application or terminate your account with one or more Developer, we may still retain your information (for example, if you still have an account with another Developer).

However, your information will only be processed as required by law or in accordance with the Terms.

5. Contacting Stitch

If you have any questions or complaints about the Terms or our privacy practices generally, you can contact us at privacy@stitch.money.

Please reach out if you have any query at all.