Privacy Policy
Effective Date: [INSERT DATE]
Last Updated: [INSERT DATE]
Introduction
Payhist, LLC ("Payhist," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our earned wage access services.
Please read this Privacy Policy carefully. By using Payhist, you consent to the practices described in this policy.
1. Information We Collect
1.1 Information You Provide
When you create an account and use our services, we collect:
- Personal Information: Name, date of birth, Social Security number (last 4 digits), phone number, email address, residential address
- Financial Information: Bank account number and routing number, employment information, income details, pay schedule
- Identity Verification: Government-issued ID, selfie for identity confirmation, biometric data (if used for verification)
- Employment Information: Employer name, job title, start date, pay rate, work schedule
1.2 Information We Collect Automatically
When you use our services, we automatically collect:
- Transaction Data: Advance requests, repayment history, transfer preferences
- Device Information: IP address, device type, operating system, browser type, mobile carrier
- Usage Data: Pages viewed, features used, time spent on app, click patterns
- Location Data: General location based on IP address (not precise GPS location)
- Cookies and Similar Technologies: Session cookies, persistent cookies, web beacons
1.3 Information from Third Parties
We receive information from:
- Bank Account Aggregators: Account balances, transaction history, deposit patterns (via Plaid or similar services)
- Payroll Providers: Pay history, upcoming paychecks, work hours (if you connect payroll)
- Identity Verification Services: Identity confirmation, fraud signals, address verification
- Credit Bureaus: We do NOT pull credit reports, but may receive fraud prevention data
2. How We Use Your Information
We use your information to:
2.1 Provide Services
- Process your wage advance requests
- Calculate your eligible advance amount
- Transfer funds to your bank account
- Process automatic repayments
- Manage your subscription
2.2 Risk Assessment and Fraud Prevention
- Verify your identity
- Assess eligibility for advances
- Detect and prevent fraud
- Monitor for suspicious activity
- Comply with anti-money laundering laws
2.3 Improve Our Services
- Analyze usage patterns
- Develop new features
- Improve user experience
- Conduct research and analytics
2.4 Communications
- Send transaction confirmations
- Provide customer support
- Send account notifications
- Deliver marketing communications (with your consent)
- Send required legal notices
2.5 Legal Compliance
- Comply with applicable laws and regulations
- Respond to legal requests and prevent harm
- Enforce our Terms of Service
- Protect our rights and property
3. How We Share Your Information
We do not sell your personal information. We share your information only as described below:
3.1 Service Providers
We share information with third-party service providers who perform services on our behalf:
| Service Provider Type | Purpose | Example Partners |
|---|---|---|
| Payment Processing | ACH transfers, instant payments | Unit.co, payment processors |
| Bank Connectivity | Link bank accounts, verify balances | Plaid, MX |
| Identity Verification | Verify identity, prevent fraud | Persona, Alloy, Socure |
| Payroll Integration | Access pay data, verify employment | Argyle, Pinwheel |
| Analytics | Understand usage, improve services | Google Analytics, Mixpanel |
| Customer Support | Provide help and support | Zendesk, Intercom |
| Cloud Hosting | Store data, run applications | AWS, Google Cloud |
All service providers are contractually obligated to protect your information and may only use it for the purposes we specify.
3.2 Legal Requirements
We may disclose your information if required by law or in response to:
- Court orders or subpoenas
- Law enforcement requests
- Regulatory inquiries
- Legal processes
3.3 Business Transfers
If Payhist is involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
3.4 With Your Consent
We may share your information with third parties if you give us explicit permission to do so.
4. Data Security
We implement industry-standard security measures to protect your information:
4.1 Technical Safeguards
- Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
- Secure Servers: SOC 2 compliant cloud infrastructure
- Access Controls: Role-based access, multi-factor authentication
- Monitoring: 24/7 security monitoring and logging
- Penetration Testing: Regular security audits
4.2 Organizational Safeguards
- Employee training on data protection
- Strict access policies
- Background checks for employees with data access
- Incident response procedures
4.3 Limitations
While we implement strong security measures, no system is 100% secure. You are responsible for maintaining the security of your account credentials.
5. Your Privacy Rights
5.1 Access and Portability
You have the right to:
- Request a copy of the personal information we hold about you
- Request your data in a portable format
5.2 Correction
You can update your personal information through your account settings or by contacting us.
5.3 Deletion
You can request deletion of your account and personal information. We will retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, regulatory compliance).
5.4 Marketing Opt-Out
You can opt out of marketing communications by:
- Clicking "unsubscribe" in marketing emails
- Adjusting your account settings
- Contacting privacy@payhist.com
Note: You cannot opt out of transactional or account-related communications.
5.5 Do Not Track
Our systems do not currently respond to "Do Not Track" browser signals, but you can control cookies through your browser settings.
6. State-Specific Privacy Rights
6.1 California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to Know: Request details about personal information collected and shared
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: We do not sell personal information (no opt-out needed)
- Non-Discrimination: We will not discriminate against you for exercising your rights
To exercise these rights, email privacy@payhist.com or call [INSERT TOLL-FREE NUMBER].
6.2 Other State Rights
Residents of other states may have additional privacy rights under state law. Please contact us to inquire about your rights.
7. Data Retention
We retain your information for as long as:
- Your account is active
- Needed to provide services
- Required by law (typically 5-7 years for financial records)
- Necessary for fraud prevention
- Needed to resolve disputes
After these periods, we securely delete or anonymize your information.
8. Children's Privacy
Payhist is not intended for individuals under 18 years of age. We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it immediately.
9. Third-Party Links
Our services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. Please review their privacy policies.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Email to your registered email address
- Notice in the app or website
- Updating the "Last Updated" date
Your continued use of Payhist after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
For questions or concerns about this Privacy Policy or our data practices:
Payhist, LLC
Privacy Officer
[INSERT ADDRESS]
Email: privacy@payhist.com
Phone: [INSERT PHONE NUMBER]
California Residents: Call [INSERT TOLL-FREE NUMBER] to exercise CCPA rights
13. Gramm-Leach-Bliley Act (GLBA) Notice
As a financial services provider, we are required to provide the following information:
What We Do
| How does Payhist protect my personal information? | We use encryption, secure servers, access controls, and other security measures to protect your information from unauthorized access. |
|---|---|
| How does Payhist collect my personal information? | We collect information when you create an account, link your bank, request advances, and use our services. We also get information from bank aggregators, payroll providers, and identity verification services. |
| Why can't I limit all sharing? | Federal law gives you the right to limit some sharing but not all. We are required to share certain information with service providers to deliver our services. |
- Have it reviewed by a privacy attorney
- Ensure compliance with CCPA, GLBA, and state privacy laws
- Customize for your actual data practices
- Insert all bracketed information ([INSERT...])
- Add any additional state-specific disclosures
- Update service provider list to match your actual vendors
- Implement a process for handling privacy rights requests