Fern Privacy Policy
Effective date: May 22, 2024
1. Introduction
This Privacy Policy (the “Policy”) explains how Fern Money, LLC (“Fern”,“we”, “us”, “our”) collects, uses, and discloses personal information through its website and the Fern financial management platform (the “Platform”, and collectively with the website, the “Services”). By using or accessing the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Policy, and you hereby consent that we will collect, use, and share your personal information in the following ways. Any capitalized terms that are not defined in this Policy are defined in our Terms of Service.
2. Information Collected and How We Use It
As explained further in this section, you will have the opportunity to provide us with certain personal information. In addition, we may collect certain of your personal information from other users or automatically through your use of the Services. The rest of this section provides a more detailed explanation of the personal information we collect, how we use that personal information, and our lawful bases for processing that personal information.
2.1 Disclosed Information
The following table identifies the specific purposes for which you or a third party may voluntarily disclose personal information to us, along with our lawful bases for processing that personal information.
Purpose for Collection
Type of Personal Information
How we Collect the Information
Lawful Basis for Processing
Account creation
Name, email address
Directly from you
Your consent; Performance of a contract with you
“Know your customer” diligence and other regulatory compliance checks if you are an Individual Customer or a controller, beneficial owner, or owner of a Business Customer
Controller name, role for the Business Customer, date of birth, street address, social security number or passport country and number.
Beneficial owner name, percentage ownership of the Business Customer, date of birth, street address, social security number or passport country and number.
Owner name, email address, date of birth, social security number or passport country and number.
Individual Customer name, email address, date of birth, street address, social security number or passport country and number.
Directly from you or from an Authorized User of the Business Customer
Your consent; Performance of a contract with you; Legal complianc
Account creation
Photo
Directly from you or an Authorized User of the Business Customer
Your consent; Performance of a contract with you
Account management
Bank account information (if you are linking a personal bank account)
Collected via Plaid (see Section 2.2 of this Policy)
Your consent; Performance of a contract with you
Completion of payment transactions with Customers (if you are a Fulfiller or Receiver)
Name, address, payment account information
From Customers
Performance of a contract with you; Legitimate interest of fulfilling your transaction with a Customer; Legal compliance
Completion of payment transactions with Customers (if you are a Fulfiller or Receiver)
Payment account information
Collected via Plaid (see Section 2.2 of this Policy)
Performance of a contract with you; Legitimate interest of fulfilling your transaction with a Customer
Operational communications about your use of the Platform
Name, email address
Directly from you or an Authorized User of the Business Customer
Your consent; Performance of a contract with you
Marketing communications
Name, email address
Directly from you
Your consent
2.2 Plaid
We integrate Plaid into our Platform in order to collect payment account information from financial institutions to enable Linked Accounts on the Platform and process transactions requested by Customers. The information that Plaid will collect is identified in the table above. If you are interested in learning more about Plaid’s privacy practices, you can read Plaid’s End User Privacy Policy.
2.3 Marketing Communications
You hereby consent to us contacting you for marketing purposes with information about our Platform, promotions, and special offers. If you no longer wish to receive such marketing information, you can withdraw your consent at any time by contacting us as indicated in Section 10 below or unsubscribing from the communications.
2.4 Automatically Collected Information
Whenever you interact with the Services, we automatically receive and record information on our server logs from your browser or device, which may include your IP address, geolocation data, device identification, the type of device you’re using to access the Services, the amount of time spent on the Services, and the page or feature you requested. We use Google Analytics and PostHog to analyze our web traffic and improve user experience. Both of these services use analytical cookies to generate statistical information about how our Services are being used. We use the data we automatically collect from you to customize content for you that we think you might like, based on your usage patterns. We may also use it to improve the Services – for example, this data can tell us how often users use a particular feature of the Services, and we can use that knowledge to make the Services more helpful to as many users as possible. We collect this information with your consent, to perform our contract with you, and for our legitimate interest of providing a smooth user experience on the Services.
3. Disclosure of Personal Information
We may disclose your personal information as detailed in this section.
3.1 Personnel and Third Party Service Providers
We employ personnel and engage other companies and people to perform tasks on our behalf and need to share your personal information with them to provide products or services to you. For example, we use the Facilitator to carry out payment transactions. You can learn more about the Facilitator in our Terms of Service.
3.2 Analytics Services
We use Google Analytics and PostHog to understand how visitors engage with our Services. You can learn more about the information that Google has access to at this website.
3.3 Business Transfers
If we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal information could be one of the assets transferred to or acquired by a third party.
3.4 Legal Compliance
We reserve the right to access, read, preserve, and disclose any information that we believe is necessary to comply with governmental requests, law enforcement or court orders, or enforce or apply our Terms of Service and other agreements.
4. Security
We use commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your personal information. In addition, we rely on the technical safeguards provided by the third-party service providers we use to host, store, and process your personal information. We cannot, however, ensure or warrant that your personal information on the Services may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. Except as provided under applicable laws, we are not responsible to our users or to any third party due to any such loss, misuse, or alteration.
5. Your Rights
5.1 Who To Exercise Your Rights With
If we have collected your personal information directly from you as a result of our contractual relationship with you, we are a “controller” of that personal information and you can exercise your rights with respect to your personal information by following the instructions below. However, if we have collected your personal information from Customers or otherwise as a result of agreements we have in place with Customers, we are a “processor” of your personal information and those Customers control our use of your personal information and determine how and for what purpose we process your personal information.
If we are a processor of your personal information, and you have any questions or concerns about how your personal information is handled or would like to exercise your rights as a data subject, you should contact the Customer who has contracted with us to use the Platform to process your personal information. We will provide assistance to the Customer to address any concerns you may have, in accordance with the terms of our contract with them and applicable law.
5.2 If We Are the Controller of Your Data
If we are the controller of your personal information, through your account, you may access, edit, and delete your personal information. Please understand, however, that it may be impossible to delete this information completely, due to backups and records of deletions. In addition, we may deny a deletion request if (i) the denial is necessary for us to comply with applicable laws, or (ii) the request pertains to content that cannot be deleted without impacting the Platform experience for other users. You may not request the removal of de-identified, anonymous, or aggregate data from our databases. If you have any questions about accessing, modifying, or deleting your personal information, and we are the controller of your personal information, please contact us at support@fernhq.com. Please note that to protect your personal information and the integrity of our Services, we may need to collect additional information to verify your identity before processing your request.
6. Retention of Information
Subject to your requests to delete your personal information in accordance with Section 5.2, we will retain your personal information as long as needed for your use of the Services, your approved receipt of marketing communications from us, our compliance with legal obligations, and to protect our or other’s interests.
7. How We Respond to Do Not Track Signals
We do not track you or collect your personal information across third party websites or online services. Thus, we do not receive Do-Not-Track signals, or other similar signals. To the extent that we do receive any such signals, we will not comply with them as it is not an aspect of the functionality of the Services.
8. Age of Users
Children under the age of 13 are not permitted to use, access, or register for the Services in any way. We do not knowingly collect or solicit information from anyone under the age of 13. If we learn that we have collected personal information from a child under the age of 13, we will delete that information as quickly as possible.
9. Changes to Policy
We’re constantly trying to improve the Services, so we may need to change this Policy from time to time as well. The date of the last modification will be posted at the beginning of this Policy. It is your responsibility to check from time to time for updates. By continuing to access or use the Services, you are indicating that you agree to be bound by the modified Policy.
10. Contact Us
If you have any questions or concerns regarding this Policy, please send us a detailed message to support@fernhq.com, and we will try to resolve your concerns.