Privacy.com
Privacy.com is an online service for generating virtual cards to protect real payment details.
Score
Citation
We Limit Use of Your Personal Data:
To providing, maintaining and improving our Services;
To communicating with you about new and existing Services;
To protect the legal rights, property and safety of our Services and users.
....
California law allows California residents to request information about personal data we disclose to third parties for direct marketing purposes. However, Privacy.com does not disclose personal data to third parties for direct marketing purposes.
Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.
Score
Notes
There is no mention of users being able to delete their information from Privacy.com within their Privacy Policy. This could pose a privacy issue because users must give Privacy.com sensitive, hard-to-change bank information and control (checking account/routing numbers, ACH Authorization, etc.) to use the service.
This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).
Note that whether the policy allows sharing aggregated user data does not affect this question.
If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).
If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).
Score
Citation
We Share Personal Data Under Controlled Circumstances:
With third parties, within the United States and in other countries, who may access data about you to perform functions on our behalf;
With financial institutions, processors, payment card associations and other entities that are involved in the payment process;
With government and law enforcement where reasonably necessary to comply with applicable law, regulation, legal process, governmental request;
With others where reasonably necessary to protect the security or integrity of our Services or user safety;
In Connection with, or during the negotiation of, any merger, sale of company stock or assets, financing, acquisition, divestiture or dissolution of all or a portion of our business;
With your consent.
We may share data that is not personally identifiable with third parties.
Score
Citation
We Share Personal Data Under Controlled Circumstances:
...
- With government and law enforcement where reasonably necessary to comply with applicable law, regulation, legal process, governmental request;
Score
Citation
We take reasonable measures, including administrative, technical and physical safeguards to help protect your personal data from loss, theft, misuse, unauthorized access, disclosure, alteration and destruction.
We maintain strict security standards and procedures with a view to preventing unauthorized access to your data by anyone, including our staff. We use leading technologies such as (but not limited to) data encryption, firewalls and server authentication to protect the security of your data. Our staff and third parties whenever we hire them to provide support services, are required to observe our privacy standards and to allow us to audit them for compliance.
Score
Citation
Last updated: May 24, 2018
Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.
Score
Notes
The Privacy Policy has no mention of user notification in the event of a data breach.
Score
Notes
The Privacy Policy has no mention of notifying users if it is changed in the future.
This includes the use of data brokers and independent verification authorities (such as background check providers).
Score
Notes
There is no mention of third-party data collection within the privacy policy. All mentioned data is collected by Privacy.com themselves from users, their usage, or their devices.
Score
Citation
We Limit Use of Your Personal Data:
To providing, maintaining and improving our Services;
To communicating with you about new and existing Services;
To protect the legal rights, property and safety of our Services and users.
Notes
The Privacy Policy makes clear that the data collected is necessary to connect with users' bank account and facilitate payments, as well as prevent fraud and misuse. However, it does not outline why all data collected is important, such as Device Data (hardware model, device identifiers, etc.).
Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.
Score
Notes
As the use of Personal Data is limited to "providing, maintaining, and improving" the service, communicating with users, and keeping users and the company safe, there is no indication of the collection of non-critical data. No opt-out feature is available for any data collection by Privacy.com.
Score
Citation
We Collect and Use Data:
Data You Provide:
Your name, email address, phone number, birth date, last four digits of social security number, payment card and bank information as well as other information you may be asked to provide when signing-up for an account, providing identity verification or engaging in a transaction.
Other Data:
Transaction Data: when, where and how a transaction takes place including, but not limited to, the devices and payment methods used;
Device Data: hardware model, operating system, unique device identifiers, mobile network data as well as other data generated by a device's interaction with our Services;
Location Data: to prevent fraudulent use of our Services;
User Data: browser data, Internet Protocol ("IP") addresses and other data describing user engagement;
Cookies: small data files we may store on your computer or mobile device memory to help us manage your engagement with our Services, including gathering aggregated data about engagement;
Beacons: small electronic images we may use in our Services and emails to deliver cookies and measure user engagement.
Last Updated
June 24, 2020
Sources
Contributors
