Privacy Policy

Branch Messenger, Inc., a Delaware corporation ("Branch", "our", "us", or "we") respects your privacy. In that regard, we have created this Privacy Policy (or “Policy”) to describe our practices regarding our collection and use of the personal information of individuals who interact with our mobile apps or our website at www.branchapp.com (the “Website”), and to inform you of your rights with respect to our data collection practices. This Policy applies to the collection, use, and processing of the personal information of individuals, in connection with transactions (including job applications) conducted through the Website, our mobile app, or our service, and which use, store, or process personal information. “Personal information” in this Privacy Policy means information about you, including your identity, finances, and online behavior. It does not apply to information collected in connection with non-personal transactions or visits to the Website or our mobile app for non-personal purposes.

Our Service and Your Consent to this Privacy Policy

Branch operates the Website and the associated mobile app (and any other connected devices related to the services) for offering banking services and other products (the “Branch Service” or “Service”). The MasterCard debit cards and related banking services are offered by Evolve Bank & Trust, member FDIC (“Evolve”), as card issuer and depository, which we market and assist you to obtain as part of our Service offering.  Our Terms of Service (available at www.branchapp.com/terms), contain more detail about the Branch Service that are available to you.

By using the Branch Service, or by continuing to browse our Website or use the mobile app, you agree to this Privacy Policy and consent to the collection and use of your personal information in accordance with this Privacy Policy. If you do not consent to these terms, do not use the Website, mobile app, or the Branch Service. This is our entire and exclusive Privacy Policy and it supersedes any earlier version. To withdraw consent (which can happen at any time) and have data deleted or corrected, please see the section below for “Opt-out – Your Choices,” “How long we keep your information, your right to delete it and correct it,” and “Questions and contact information”.

In this Policy, we will outline and describe the following with respect to the personal information that we collect:

• Categories of information we collect and its sources
• How we use your information – our purpose for collection
• With whom we share your information
• Opt-out – Your Choices
• Cross-border transfers of information
• How long we keep your information, your right to delete it and correct it
• Automated processing of information
• Security of your information
• Liability limits
• Questions and contact information
• Children
• Notice to California residents – your California privacy rights
• Nevada privacy rights
• Effective date of this Privacy Policy and changes
• GRAMM LEACH BLILEY PRIVACY POLICY
  ‍

I. Categories of Information we collect and its sources

We obtain personal information about you in various ways, such as when you visit our Website or use the mobile app, or when you use the Branch Service. We also may obtain personal information about you in other ways, such as when you call, mail, or email us. In addition, we may obtain information about you when you transact with your debit card or conduct other business with us in connection with the Service.

The types of personal information we may obtain includes:

• Contact information, such as name, telephone number, and postal and email address;
• Login credentials, such as password and security questions and answers;
• Account information, financial history and transaction information, such as account number, routing number and other unique customer identification numbers, debit card information, deposit account balances, transaction history, and income information;
• Demographic information, such as age, date of birth, employment information, marital status, sex, gender, and military or veteran status;
• Government-issued identification information, such as Social Security number or tax identification number, passport or driver’s license data, and other information related to government-issued identification;
• Information provided by vendors and other entities that perform services on our behalf;
• Geographic location information based on services you request (e.g., helping you locate the nearest ATM);
• Telephone carrier information, such as network status, customer type, billing type, mobile device identifiers (IMSI and IMEI), and other subscriber status details;
• Other information you choose to provide, such as through our “Contact Us” feature, job application, emails or other communications, social media pages, surveys, registrations and sign-up forms;
• Publicly-available information, such as from social media services.

‍

When you use our mobile app, we also may collect certain information by automated means, such as through device logs, server logs, and other technologies. The information we collect in this manner may include the device type used, the mobile operating system, device identifiers and similar unique identifiers, device settings and configurations, IP addresses, battery and signal strength, usage statistics, referring emails and web addresses, dates and times of usage, actions taken on the app, and other information regarding use of the app. In addition, as indicated above, we may collect your device’s geolocation information. Your device’s operating platform may provide you with a notification when the app attempts to collect your precise geolocation. Please note that if you decline to allow the app to collect your precise geolocation, you may not be able to use all of the app’s features (like ATM locations near you).

We may also collect information about you from any social network or other platform.  Further, we may associate this personal information obtained from these sources with the other personal information we have collected about you from other sources as described in this Policy. We do not control or supervise how these third-party sources process your personal information, and any request that you have regarding the disclosure of your personal information from them to us should be made directly to those third parties (such as Facebook or LinkedIn).

In addition to the information that we collect as described above, we also collect information about you from our third-party integrators and vendors, such as Google Analytics and similar services. Personal information that we collect through these channels includes, for example, IP address, access times, browser type and language, device type, and device identifiers.

Cookies. When you visit our Website, we may obtain certain information by automated means, such as cookies, web beacons, web server logs, and other technologies. A “cookie” is a text file that websites send to a visitor’s computer or other internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an internet tag, pixel tag or clear GIF, links web pages to web servers and cookies and may be used to transmit information collected through cookies back to a web server. The information we collect in this manner may include your device IP address, unique device identifier, web browser characteristics, device characteristics, operating system, language preferences, referring URLs, clickstream data, and dates and times of website visits. If you do not wish to have cookies placed on your device, you should set your browser or device to refuse cookies before using our Website. If you choose to disable cookies, some aspects of our Service may perform differently, for instance, you will need to re-enter your information each time you return to use the Branch Service.

II. How we use your information – our purpose for collection

For each of the categories of personal information set forth in Section I above, we use your personal information in order to provide you with the Branch Service. In addition, we may use your personal information for the following purposes:

• create, fund, maintain, customize, and secure your debit card account;
• process and analyze account transactions, notify you about them, and audit them if needed;
• if required by applicable law, perform identity verification on our own behalf and on behalf of Evolve;
• lock and unlock your debit card;
• market our products and services to you, including by presenting tailored content, and features notices through our Website, third-party sites, in-app notifications, emails, or text messages (with your consent, where required by law);
• to respond to any questions or comments that you submitted to us through our Website, mobile app, or otherwise;
• to carry out any obligations entered into between us, such as providing you with the Branch Service that you have requested and customer support;
• to notify you of changes to our Service;
• to measure the adequate performance of our interactions with you;
• understand and analyze the usage trends and preferences of our users, to improve the Service, to develop new products, services, features, and functionality, and to perform and participate in studies and develop marketing materials;
• to help us remember your information so you do not have to re-enter it;
• to provide products and services to our B2B clients and facilitate end-users’ use of our products and services on our or our client’s platform;
• to detect, investigate, and prevent potentially prohibited or illegal activities, such as fraud;
• to obtain or maintain insurance coverage, manage risks or obtain professional advice and defend our rights and establish, exercise and defend our legal claims; or
• to otherwise provide, create and maintain a trusted online environment and comply with our legal obligations.

In using your personal information, we may share some or all of it with authorized representatives of Evolve, your workplace or wherever you are providing services, and other entities that you may designate whose activities relate to the Branch Service. Please refer to Section III of this Policy below for a full description of our information sharing practices.

III. With whom we share your information

Except as set forth in this section, Branch does not share, sell, or rent personal information it collects about you to or with third parties.

A. Bank Partner:

As Evolve’s agent for purposes of facilitating the opening of a deposit account and obtaining a debit card, and for performing identity verification on primary accountholders and other operational services, Branch shares personal information it collects on behalf of Evolve with Evolve in order to enable it to issue a prepaid account to the primary accountholder.  As the card issuer and depository bank, Evolve has a direct contractual relationship with each primary accountholder through the cardholder agreement that accompanies the prepaid account and each debit card.  Evolve engages us as a service provider in the capacity as the program manager for the debit card program, and we are responsible for marketing, distribution, and operation of the debit card program.  In order to understand your rights in connection with information gathered by, processed, and shared by Evolve, see Evolve’s privacy policy available at www.getevolved.com/privacy-policy/.

B.  Per your instruction or use of the Services/Consents:

The personal information that you provide will be kept confidential and used to support your relationship with Branch and our products and services. Among other things, we want to help you quickly find information through our Branch Service, leverage our tools in connection with your authorized use of our products and services, process transactions, facilitate interaction with third party services that you opt into via the Branch Service, and alert you to product upgrades, special offers, updated information, and other new products and services from Branch.  Branch cannot offer the Branch Service without using your personal information. We are using the Personal Information because you consented to it by using the Service, Website, and mobile app.

We may also share all categories of your personal information to selected outside companies, by transferring it to other business partners that assist us in providing you with the Branch Service. The sharing of your personal information with these parties is conducted in accordance with your choices when you open an account with us, or when you express an interest in any content displayed on our Website or app, or when you enter a response to any affirmative authorization that you provide by typing it in a space provided or clicking on an icon designed to show your interest in an item on the Website or in the app.

C. Third party processors:

We also share your personal information with third party processors who act on our behalf (including contractors and service providers) to provide our Website and app services and to help with our operations on our behalf (“Processors”). These Processors need access to and use of your personal information, and include third parties to provide us with technical support, to give us additional personal data about you, and to perform analytics and other work that we may need to outsource. These Processors are bound by law and/or contract to protect the confidentiality and security of your personal information.  They only process your personal information to provide requested services for us.  These third-party Processors include, but are not limited to, Google’s reCAPTCHA service, to validate login credentials of individuals and to frustrate bots; LexisNexis and Persona, to validate user information and detect fraud, and Marqeta to provide card processing and related services on our behalf.

We also share all categories of your personal information with other business partners that perform certain functions for us (“Business Partners”).  These Business Partners are responsible to determine the purposes and/or means of processing your personal information and for the lawfulness of that processing. For instance, when the primary accountholder elects funding by a bank account, we use the Plaid, Inc. (“Plaid”) open banking interface to complete your request by inputting your online banking credentials instead of full bank account and routing numbers:

By using the Branch Service, you grant us and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid Privacy Policy, found here https://plaid.com/legal. If you decide not to use the Plaid service to verify your bank account, you will have the option to perform a manual verification of your bank account using other processes that we provide for this purpose. In addition, our other Business Partners include, but are not limited to, Green Dot, Apple Store, and Google Play, as well as insurance companies and other professional advisors.

D. Third party websites:

We provide links to other websites, such as social networking sites (e.g., Facebook, Twitter, LinkedIn and Instagram), or our third-party partner websites (such as your workplace or wherever you are providing services, Business Partners and partners listed on our Website), and these other websites may provide links to our Website. Third party sites operate according to their own terms of use and privacy policies and Branch has no control over these third-party websites. If you wish to opt-out of any information sharing conducted by any third-party website that you link to from us, or to us from them, you must do so in accordance with their specific opt-out policies and procedures. By using our Website, mobile app and the Branch Service, you acknowledge and agree that we are not responsible for the availability of such third-party sites, and do not endorse and are not responsible or liable for any content, advertising, products or other materials on or available from such sites. You further acknowledge and agree that Branch will not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any content, advertising, products, or other materials on or available from such sites.

E. De-identified information about you:

We also share aggregated or de-identified information (i.e., information that does not personally identify you directly), or statistical information about you, including statistical data and historical use data, with others for a variety of purposes, including for their own uses, for example, for improving their services for you and others. We do not consider personal information to include information that has been aggregated and/or otherwise de-identified such that it does not identify a specific individual, household or device.

F. As required by law or legitimate business interest:

In addition, we may disclose any or all categories of your personal information where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. Likewise, we may disclose all such categories of your personal information to our professional advisers as is reasonably necessary for the purposes of managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. Further, we may share some or all of your personal information in connection with or during negotiation of any merger or similar transaction involving sale or transfer of some or all of our business or assets. If another company acquires our company or assets, that company will possess the personal information collected by us and will assume the rights and obligations regarding your personal information as described in this Privacy Policy.

IV. Opt-Out – Your Choices

Branch does not share your personal information with advertisers or similar parties for marketing purposes.

We may still sell de-identified information about you, but marketers and advertisers will not be able to trace this information back to you or use it to market their products and services specifically to you. Please note, you cannot opt out of our sharing of your personal information with Evolve, our Processors or Business Partners, or our sharing of deidentified information, or your personal information as required by law or legitimate business interests, as described in Sections III. A., C., E. and F. above. For mobile devices, you can manage how your device and browser share certain device data by adjusting the privacy and security settings on your mobile device. With respect to information captured and shared through cookies, pixel tags, and other tracking technologies, and your ability to limit the sharing of your information through those channels, please refer to the Cookie section above for your options. Also, if you opt out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt out.  

A special note about your telephone number – By providing your telephone number to us, you agree that this action constitutes an “inquiry” for purposes of telemarketing laws. Regardless of the fact that your telephone and/or mobile number may be listed with the Federal Do-Not-Call Registry or your State Do-Not-Call list, you are providing your express written consent to receive future information (including telemarketing) about products and services from us, and you hereby agree and consent to our contacting you using the information you have provided and will provide to us. This means we may contact you by e-mail, phone and/or mobile number (including use of automated dialing equipment and/or pre-recorded calls), text (SMS) message, or any other means of communication that your wireless or other telecommunications device may be capable of receiving (e.g., video, etc.). You are not required to agree to this consent in order to obtain Services through us. This consent may be revoked by you at any time and by any reasonable means, including by emailing us at support@branch.com and putting the words “remove my telephone number” in the subject line of your email, or by telephoning us at 1-866-547-2413.

V. Cross-border transfers of information

Our Website, mobile app and the Service we offer through these platforms are U.S. based and are controlled, operated, and administered by Branch and its Processors from servers within the United States. Our Service and this Privacy Policy are strictly intended for audiences located in the United States and are provided in accordance with and subject to applicable United States law. If you decide to continue to access our Website or app from a location outside the United States, you hereby agree that your use of the Website, mobile app or any Branch Services we may offer are subject to this Policy and your personal information will be transferred or processed in the United States, and you may have fewer privacy rights and protections than you have in your country of origin.

VI. How long we keep your personal information, your right to delete and correct it

We retain your personal information as reasonably necessary to fulfill the purposes for which we collected it and you provided it, and to comply with our legal obligations. In no event will we keep your personal information for longer than is reasonably necessary for the purposes defined in this Policy. You also have the right to request that we delete your personal information, subject to certain exceptions, such as our need to prevent and protect against fraud or other illegal activity, to complete business transactions with you, and for such other purposes as allowed by law. Further, due to regulatory recordkeeping obligations, we may be unable to delete all information associated with a closed account and may be required to retain information related to each accountholder and their debit card account in order to comply with applicable law. You can correct or update your personal information by updating your profile or by contacting us. For more information on where and how long your personal information is stored, your requests to delete it or correct it, please contact us at the address set forth below in Section X.

VII. Automated processing of information

We do not currently use your personal information in such a way that automated decisions are made about you without any human input. In the future, we may use automated processes to help us determine your eligibility for new services or other business-related opportunities. In such cases, if and as applicable, and to the extent required by applicable law, we will endeavor to implement suitable safeguards, including, for example, an opportunity for you to request human intervention, express your point of view, contest any decisions made, and request that we restrict the use of your personal information for the purposes of these automated decisions.

VIII. Security of your information

To help protect the privacy of your personal information collected by us, we maintain reasonable physical, technical, and administrative safeguards. We update and test our security technology on an ongoing basis. For security of data, we use the Secure Sockets Layer (SSL) protocol for data in transit, which encrypts all information you send to us electronically. The encryption process protects your information, by scrambling it before it is sent to us from your computer or mobile device. Once we receive your transmission, we make commercially reasonable efforts to ensure its security on our system by using industry grade 256-bit encryption algorithms. We also restrict access to your personal information to those employees who need to know that information in order to provide the Branch Service to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. Despite the actions and precautions we take, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of your personal information and you transmit it to us at your own risk.

IX. Limitation of liability

YOU UNDERSTAND AND AGREE THAT ANY DISPUTE OVER THE PRIVACY OF YOUR INFORMATION IS SUBJECT TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY AND THE BRANCH TERMS OF SERVICE (INCLUDING ANY INDEMNIFICATION AND LIMITATIONS ON DAMAGES CONTAINED IN THAT AGREEMENT).

X. Questions, concerns or complaints – Contact Details

If you have questions about our privacy practices and this Privacy Policy, or if you wish to correct any of your information or exercise your rights under the law or this Policy, you can contact us as follows:

By mail at:
Branch Messenger, Inc.
8014 Olson Memorial Hwy 55, #471
Golden Valley, MN 55427

You may send an email to: support@branchapp.com

‍Please be specific when telling us what your request is.

XI. A note about Children

Children under the age of 13 are not permitted to use the Branch Service, the Website, or our mobile app, and we do not intentionally collect or maintain personal information from those who are under 13 years old. Protecting the privacy of children is very important to us. Thus, if we obtain actual knowledge that a user is under 13, we will take steps to remove that user’s personal information from our databases. We recommend that children between the ages of 13 and 18 obtain their parent’s permission before submitting information over the Internet. By using the Website, mobile app or Service, you are representing that you are at least 18 years old, or that you are at least 13 years old and have your parents’ permission to use the Website, mobile app and any Services offered by us.

XII. NOTICE TO CALIFORNIA RESIDENTS – YOUR CALIFORNIA PRIVACY RIGHTS

If you are a California resident (“you” or a “California Customer”), California law may apply to how we collect and use your personal information, and what rights you have in some circumstances. The following terms supplement our Privacy Policy and explain the rights of California Customers under the California Consumer Privacy Act (“CCPA”).  Under the CCPA, “personal information” is information that identifies, relates to, or could reasonably be linked directly or indirectly with a particular California resident.  The CCPA, however, does not apply to certain information, such as information subject to the Gramm-Leach-Bliley Act (“GLBA”).

The following sets forth the categories of information we collect and purposes for which we may use a California Consumers’ personal information collected by us:

Categories of Personal Information We Collect About You:

The categories of personal information we may have collected about you or your use of our Service are:

• Identifiers, such as your name, alias, postal address, phone number, email address, log-in information, or unique personal identifiers (such as device ID, cookies, and IP address);
• Commercial information (such as Website or app engagement data, products obtained or considered, or other purchasing or consuming histories);
• Protected classification characteristics under California or federal law (such as age, citizenship, and sex);
• Internet or other network or device activity (such as browsing or search history or app usage, and advertisement interactions);
• Geo-location information relating to your computer or device when you interact with the Site, including physical location or movements;
• Employment related information that you supply;
• Profile data about you and any inferences drawn from the profile data (such as characteristics, behaviors, attitudes);
• Information that identifies or can be reasonably associated with you.

In the past 12 months we have not sold the information listed in the above categories to third parties - we do not sell the personal information of our Customers (including the personal information of those under 16 year of age).  We have during this time period disclosed all or substantially all of this personal information to our Processors and Business Partners for permissible business reasons. More details on the personal information we may collect are set forth in the “Categories of Information We Collect and its Sources” section above. More details on the personal information we have disclosed are set forth in the “With Whom We Share Your Information” section above.

Categories of Sources from Which We Collected Personal Information

The sources from which we may have collected personal information about you or your use of the Service are:

• Directly from you, such as when you sign up for an account or contact member services;
• From other sources (such as from third parties and/or business partners);
• Your devices, when you use our Website or mobile app;
• Our Business Partners;
• External banks (i.e., banks other than our bank Business Partners) if you link a non-Branch bank account;
• Processors who provide services on our behalf;
• Through your use of the Branch Service;

‍

and as described in more detail in the “Categories of Information We Collect and its Sources” section above.

Your California Privacy Rights

Right to Request Information. A California Customer may request information about what personal information we have collected, used, sold or disclosed to any third parties for the third parties’ direct marketing purposes or for our business purposes. In general, if we in the future make such a sale or disclosure of your personal information, upon receipt of a verified request from you, we will be required to provide a list of all third parties to whom your personal information was either sold or disclosed for business purposes in the preceding 12 months following your request, as well as a list of the categories of personal information that were sold or disclosed, the sources of it, and what it was used for. You may also request a copy of the personal information about you that we have collected and used  in the last 12 months.

Right to Request Deletion. You may have certain additional rights under the CCPA. You may request that we delete certain information we have about you. You can submit your request by phone, email, or mail as detailed in the “How to Request Information” section, below. There may be exceptions or exemptions from such requests under applicable law. For example, we need certain types of information so that we can provide the Branch Service to you. We also may be required to retain certain of your personal information under applicable law. You may also have the right to receive information about the financial incentives that we offer to you (if any). You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights under the CCPA. This means that we will not penalize you for exercising your rights by taking actions such as denying you the Branch Service; decreasing Service quality; or suggesting that we may penalize you for exercising your rights. As provided in Section III, above, we do not share, sell or rent your personal information collected by us with third parties for their direct advertising or marketing purposes.

How to Request Information. If you are a California resident, you may request information about our compliance with California law by calling us toll free at 1-(866)-547-2413, emailing us at support@branchapp.com, or by writing to us at Branch Messenger, Inc. 8014 Olson Memorial Hwy 55, #471, Golden Valley, MN 55427 c/o “CA Privacy”, addressed to “Attention: California Privacy Matters.”  Any such request must include “California Privacy Rights Request” in the subject line and include your name, street address, city, state and ZIP code.  Please note that we are only required to respond to up to two requests per visitor each year, and we are not required to respond to requests made by means other than through this designated email address, mailing address or toll-free number.

Identity Verification and Additional Information Needed to Process a Request.  

We reserve the right to confirm your California residence to process your requests and will need to confirm your identity to process your requests to exercise your information, access or deletion rights.  As part of this process, government identification may be required.   California Customers can empower an “authorized agent” to submit requests on their behalf.  We will require the authorized agent to have a written authorization recognized by law confirming that authority.  We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it or to verify your or your agent’s identity.

Do Not Track Disclosure. California Business & Professions Code Section 22575(b) provides that California residents are entitled to know how Branch responds to “Do Not Track” browser settings. We currently do not respond to “Do Not Track” signals because a uniform technological standard has not yet been developed.

XIII. Nevada Privacy Rights

FOR RESIDENTS OF NEVADA ONLY. In accordance with SB 220, Nevada consumers may opt-out of the sale of their personal information to third parties, as provided by law. As provided in Section III, above, we do not share, sell or rent your personal information collected by us with third parties so that they can license or sell it to additional parties for any reason, including advertising and marketing purposes.

XIV. Changes to this Privacy Policy and Effective Date

We may make changes to this Privacy Policy at any time and for any reason, including our business reasons or in order to comply with changing privacy laws. Unless otherwise provided by applicable law, any changes that we make to this Policy will be published on our Website and on our mobile app, and will become effective upon publication. Your continued use of the Branch Service or the Website and mobile app will constitute your acceptance of any such changes to the fullest extent permitted by law. You are encouraged to review this Policy from time to time, to make sure you are current with our privacy practices.

The Effective Date of this Privacy Policy is: July 15, 2022.

‍