Fern Privacy Policy
Effective date: March 19, 2025
1. Introduction
This Privacy Policy (the “Policy”) explains how Fern Money, LLC (“Fern”, “we”, “us”, “our”) collects, uses, and discloses personal information through its website and the Fern financial management platform (the “Platform”, and collectively with the website, the “Services”). By using or accessing the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Policy, and you hereby consent that we will collect, use, and share your personal information in the following ways. Any capitalized terms that are not defined in this Policy are defined in our Terms of Service.
2. Information Collected and How We Use It
As explained further in this section, you will have the opportunity to provide us with certain personal information. In addition, we may collect certain of your personal information from third parties or automatically through your use of the Services. The rest of this section provides a more detailed explanation of the personal information we collect, how we use that personal information, and our lawful bases for processing that personal information.
2.1 Disclosed Information
The following table identifies the specific purposes for which you or a third party may voluntarily disclose personal information to us, along with our lawful bases for processing that personal information.
Purpose for Collection
Type of Personal Information
How we Collect the Information
Lawful Basis for Processing
Account creation
Name, email address
Directly from you or from a Developer Customer
Performance of a contract with you
“Know your customer” diligence and other regulatory compliance checks if you are an Individual Customer or a controller, beneficial owner, or owner of a Business Customer
Controller name, role for the Business Customer, date of birth, street address, social security number (or other national identification number), identification documentation such as driver’s license or passport country and number, and country of origin.
Beneficial owner name, percentage ownership of the Business Customer, date of birth, street address, social security number (or other national identification number), identification documentation such as driver’s license or passport country and number, and country of origin.
Owner name, email address, date of birth, social security number (or other national identification number), identification documentation such as driver’s license or passport country and number, and country of origin.
Individual Customer name, email address, date of birth, street address, social security number (or other national identification number), identification documentation such as driver’s license or passport country and number, and country of origin.
Directly from you, an Authorized User of the Business Customer, or from a Developer Customer
Performance of a contract with you; Legal compliance
Account creation
Photo
Directly from you, an Authorized User of the Business Customer, or a Developer Customer
Performance of a contract with you
Account management
Bank account information (if you are linking a personal bank account)
Collected either via Plaid (see Section 2.2 of this Policy), directly from you, or from Customers
Performance of a contract with you
Completion of payment transactions with Customers (if you are a Fulfiller or Receiver)
Name, address, payment account information, tax identification number
Directly from you, or from Customers
Performance of a contract with you; Legitimate interest of fulfilling your transaction with a Customer; Legal compliance
Completion of payment transactions with Customers (if you are a Fulfiller or Receiver)
Payment account information
Collected either via Plaid (see Section 2.2 of this Policy), directly from you, or from Customers
Performance of a contract with you; Legitimate interest of fulfilling your transaction with a Customer
Operational communications about your use of the Platform
Name, email address
Directly from you, an Authorized User of the Business Customer, or a Developer Customer
Performance of a contract with you
Marketing communications
Name, email address
Directly from you or a Developer Customer
Your consent
2.2 Plaid
Depending on where you reside, we may use Plaid in order to collect payment account information from financial institutions to enable Linked Accounts on the Platform and process transactions requested by Customers. The information that Plaid will collect is identified in the table above. If you are interested in learning more about Plaid’s privacy practices, you can read Plaid’s End User Privacy Policy. If the applicable information is not collected by Plaid, it is collected directly by Fern.
2.3 Marketing Communications
You hereby consent to us contacting you for marketing purposes with information about our Platform, promotions, and special offers. If you no longer wish to receive such marketing information, you can withdraw your consent at any time by contacting us as indicated in Section 11 below or unsubscribing from the communications.
2.4 Automatically Collected Information
Whenever you interact with the Services, we automatically receive and record information on our server logs from your browser or device, which may include your IP address, geolocation data, device identification, the type of device you’re using to access the Services, the amount of time spent on the Services, and the page or feature you requested. We use Google Analytics and PostHog to analyze our web traffic and improve user experience. Both of these services use analytical cookies to generate statistical information about how our Services are being used. We use the data we automatically collect from you to customize content for you that we think you might like, based on your usage patterns. We may also use it to improve the Services – for example, this data can tell us how often users use a particular feature of the Services, and we can use that knowledge to make the Services more helpful to as many users as possible. We collect this information with your consent, to perform our contract with you, and for our legitimate interest of providing a smooth user experience on the Services.
3. Disclosure of Personal Information
We may disclose your personal information as detailed in this section.
3.1 Personnel and Third Party Service Providers
We employ personnel and engage other companies and people to perform tasks on our behalf and need to share your personal information with them to provide products or services to you. For example, we use Facilitators to carry out payment transactions. You can learn more about the Facilitators in our Terms of Service.
3.2 Analytics Services
We use Google Analytics and PostHog to understand how visitors engage with our Services. You can learn more about the information that Google has access to at this website.
3.3 Business Transfers
If we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal information could be one of the assets transferred to or acquired by a third party.
3.4 Legal Compliance
We reserve the right to access, read, preserve, and disclose any information that we believe is necessary to comply with governmental requests, law enforcement or court orders, or enforce or apply our Terms of Service and other agreements.
4. International Transfers
We may transfer the personal information of users from the European Economic Area or United Kingdom to the United States. When doing so, we rely on adequacy decisions, data transfer agreements, or other legally compliant mechanisms for such transfers, including standard contractual clauses. You can ask for a copy of these standard contractual clauses by contacting us as set out below.
5. Security
We use commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your personal information. In addition, we rely on the technical safeguards provided by the third-party service providers we use to host, store, and process your personal information. We cannot, however, ensure or warrant that your personal information on the Services may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. Except as provided under applicable laws, we are not responsible to our users or to any third party due to any such loss, misuse, or alteration.
6. Your Rights
6.1 Who To Exercise Your Rights With
If we have collected your personal information directly from you as a result of our contractual relationship with you, we are a “controller” of that personal information and you can exercise your rights with respect to your personal information by following the instructions below. However, if we have collected your personal information from Customers or otherwise as a result of agreements we have in place with Customers, we are a “processor” of your personal information and those Customers control our use of your personal information and determine how and for what purpose we process your personal information.
If we are a processor of your personal information, and you have any questions or concerns about how your personal information is handled or would like to exercise your rights as a data subject, you should contact the Customer who has contracted with us to use the Platform to process your personal information. We will provide assistance to the Customer to address any concerns you may have, in accordance with the terms of our contract with them and applicable law.
6.2 If We Are the Controller of Your Data
If we are the controller of your personal information, through your account, you may access, edit, and delete your personal information. Please understand, however, that it may be impossible to delete this information completely, due to backups and records of deletions. In addition, we may deny a deletion request if (i) the denial is necessary for us to comply with applicable laws, or (ii) the request pertains to content that cannot be deleted without impacting the Platform experience for other users. You may not request the removal of de-identified, anonymous, or aggregate data from our databases.
If you reside in the EEA or the UK and we are a controller of your personal information, you have the following rights:
6.2.1 Request access to your personal information
You may request a copy of the personal information we hold about you and to check that we are lawfully processing it. Where we have good reason, and where applicable law permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reason(s) for doing so.
6.2.2 Request correction of your personal information
You may request that we correct any incomplete or inaccurate data we hold about you.
6.2.3 Request erasure of your personal information
You may request that we delete or remove personal information where there is no good reason for us continuing to process it. You may also ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your personal information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. You may not request the removal of de-identified, anonymous, or aggregate data from our databases.
6.2.4 Right to Object to or Restrict Processing
In certain circumstances, you have the right to object to our processing of your personal information (for example, if we are processing your personal information on the basis of our legitimate interests but there are no longer any compelling legitimate grounds to justify our processing overriding your rights and interests). You may also restrict our processing of your personal information, for example, during a period in which we are verifying the accuracy of your personal information in circumstances where you have challenged the accuracy of that personal information.
6.2.5 Request the transfer of your personal information to you or to a third party
In certain instances, you have a right to receive the personal information that we hold about you (or a portion thereof) in a structured, commonly used, and machine-readable format. In such circumstances, you can ask us to transmit your personal information to you or directly to a third-party organization on your behalf. While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third-party organization’s systems. We are also unable to comply with requests that relate to personal information of others without their consent.
6.2.6 Withdraw consent
You may withdraw your consent for our processing of your personal information where we are relying on consent to process that personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
6.3 How to Exercise Your Rights
If you wish to exercise any of the rights set out above and we are the controller of your personal information, please contact us at support@fernhq.com. If you have authorized an agent to exercise your rights on your behalf, the agent may contact us at support@fernhq.com. Please note that to protect your personal information and the integrity of our Services, we may need to collect additional information to verify your identity (and, if applicable, the authority of your agent) before processing your request. If you are not satisfied with any decision we make with respect to your request, you can let us know the reasons for your concern, and we will review your appeal. If we are the processor of your personal information, please contact the organization through which you have access to our Services in order to exercise rights you may have with respect to your information.
6.4 Supervisory Authorities
We welcome and appreciate the chance to address any concerns you may have about the Policy and our collection and use of your personal information. To the extent you feel like we have not addressed your concerns, and depending on your jurisdiction, you may have the right to make a complaint at any time to your data protection supervisory authority. For end users in the EEA, you can find contact information for each country’s supervisory authority here. For end users in the UK, you can find contact information for the Information Commissioner’s Office (ICO) on the ICO’s website here.
7. Retention of Information
Subject to your requests to delete your personal information in accordance with Section 6.2, we will retain your personal information as long as needed for your use of the Services, your approved receipt of marketing communications from us, our compliance with legal obligations, and to protect our or other’s interests.
8. How We Respond to Do Not Track Signals
We do not track you or collect your personal information across third party websites or online services. Thus, we do not receive Do-Not-Track signals, or other similar signals. To the extent that we do receive any such signals, we will not comply with them as it is not an aspect of the functionality of the Services.
9. Age of Users
Children under the age of 13 are not permitted to use, access, or register for the Services in any way. We do not knowingly collect or solicit information from anyone under the age of 13. If we learn that we have collected personal information from a child under the age of 13, we will delete that information as quickly as possible.
10. Changes to Policy
We’re constantly trying to improve the Services, so we may need to change this Policy from time to time as well. The date of the last modification will be posted at the beginning of this Policy. It is your responsibility to check from time to time for updates. By continuing to access or use the Services, you are indicating that you agree to be bound by the modified Policy.
11. Contact Us
If you have any questions or concerns regarding this Policy, please send us a detailed message to support@fernhq.com, and we will try to resolve your concerns.