Icon for Privacy.com

Privacy.com

Privacy.com is an online service for generating virtual cards to protect real payment details.


Handling

Does the service allow third-party access to private personal data? Yes, not all parties specified (but only to critical service providers)

7/10

Decided Sept. 17, 2019 (revision history). This question accounts for 12% of the final score.

This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).

Note that whether the policy allows sharing aggregated user data does not affect this question.

If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).

If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).

Possible Options

Yes, not all parties specified0/10
Yes, all parties specified (including non-critical service providers such as advertisers)3/10
Yes, not all parties specified (but only to critical service providers)7/10
Yes, all parties specified (only to critical service providers)8/10
No10/10

Citation

We Share Personal Data Under Controlled Circumstances:

  • With third parties, within the United States and in other countries, who may access data about you to perform functions on our behalf;

  • With financial institutions, processors, payment card associations and other entities that are involved in the payment process;

  • With government and law enforcement where reasonably necessary to comply with applicable law, regulation, legal process, governmental request;

  • With others where reasonably necessary to protect the security or integrity of our Services or user safety;

  • In Connection with, or during the negotiation of, any merger, sale of company stock or assets, financing, acquisition, divestiture or dissolution of all or a portion of our business;

  • With your consent.

We may share data that is not personally identifiable with third parties.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy allow personally-targeted or behavioral marketing? No

10/10

Decided Sept. 17, 2019 (revision history). This question accounts for 12% of the final score.

Possible Options

Yes0/10
Yes, but you can opt-out3.5/10
Yes, but you must opt-in7/10
No10/10

Citation

We Limit Use of Your Personal Data:

  • To providing, maintaining and improving our Services;

  • To communicating with you about new and existing Services;

  • To protect the legal rights, property and safety of our Services and users.

....

California law allows California residents to request information about personal data we disclose to third parties for direct marketing purposes. However, Privacy.com does not disclose personal data to third parties for direct marketing purposes.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


When does the policy allow law enforcement access to personal data? When reasonably requested

3/5

Decided Sept. 17, 2019 (revision history). This question accounts for 6% of the final score.

Possible Options

Always0/5
Not specified0/5
When reasonably requested3/5
Only when required by a court order or subpoena4/5
N/A (no personal data to share)5/5
Never (special legal jurisdiction)5/5

Citation

We Share Personal Data Under Controlled Circumstances:

...

  • With government and law enforcement where reasonably necessary to comply with applicable law, regulation, legal process, governmental request;

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow you to permanently delete your personal data? No

0/5

Decided Sept. 17, 2019 (revision history). This question accounts for 6% of the final score.

Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.

Possible Options

No0/5
Yes, by contacting someone3/5
Yes, using an automated mechanism5/5
N/A (no personal information collected)5/5

Note

There is no mention of users being able to delete their information from Privacy.com within their Privacy Policy. This could pose a privacy issue because users must give Privacy.com sensitive, hard-to-change bank information and control (checking account/routing numbers, ACH Authorization, etc.) to use the service.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Collection

Does the service collect personal data from third parties? No

10/10

Decided Sept. 17, 2019 (revision history). This question accounts for 12% of the final score.

This includes the use of data brokers and independent verification authorities (such as background check providers).

Possible Options

Yes0/10
Only for critical data7/10
No10/10

Note

There is no mention of third-party data collection within the privacy policy. All mentioned data is collected by Privacy.com themselves from users, their usage, or their devices.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy list the personal data it collects? Yes, generally

7/10

Decided Sept. 17, 2019 (revision history). This question accounts for 12% of the final score.

All general categories of collected personal data are listed, though not all types of personal data are explicitly mentioned (for example, the list might use a phrase like 'such as' when listing types of personal data).

Possible Options

No0/10
Only summarily3/10
Yes, generally7/10
Yes, exhaustively10/10
N/A (no personal information is collected)10/10

Citation

We Collect and Use Data: Data You Provide: Your name, email address, phone number, birth date, last four digits of social security number, payment card and bank information as well as other information you may be asked to provide when signing-up for an account, providing identity verification or engaging in a transaction.

Other Data:

  • Transaction Data: when, where and how a transaction takes place including, but not limited to, the devices and payment methods used;

  • Device Data: hardware model, operating system, unique device identifiers, mobile network data as well as other data generated by a device's interaction with our Services;

  • Location Data: to prevent fraudulent use of our Services;

  • User Data: browser data, Internet Protocol ("IP") addresses and other data describing user engagement;

  • Cookies: small data files we may store on your computer or mobile device memory to help us manage your engagement with our Services, including gathering aggregated data about engagement;

  • Beacons: small electronic images we may use in our Services and emails to deliver cookies and measure user engagement.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Is it clear why the service collects the personal data that it does? Mostly

7/10

Decided Sept. 17, 2019 (revision history). This question accounts for 12% of the final score.

This question deals with transparency. Even if the service uses data for reasons that aren't ideal for privacy, provided they list all of those uses, the service can still receive full credit for this question. However, if they are not explicit about their uses (by employing language like "such as"), a lower score is assigned.

Possible Options

No0/10
Somewhat4/10
Mostly7/10
Yes10/10
No personal data is collected10/10

Citation

We Limit Use of Your Personal Data:

  • To providing, maintaining and improving our Services;

  • To communicating with you about new and existing Services;

  • To protect the legal rights, property and safety of our Services and users.

Note

The Privacy Policy makes clear that the data collected is necessary to connect with users' bank account and facilitate payments, as well as prevent fraud and misuse. However, it does not outline why all data collected is important, such as Device Data (hardware model, device identifiers, etc.).

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow the user to control whether personal data is used or collected for non-critical purposes? N/A (no data used for non-critical purposes)

5/5

Decided Sept. 17, 2019 (revision history). This question accounts for 6% of the final score.

Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.

Possible Options

No0/5
On an opt-out basis, but only for some non-critical data/uses1.5/5
On an opt-out basis, for all non-critical data/uses3/5
N/A (no data used for non-critical purposes)5/5
On an opt-in basis5/5

Note

As the use of Personal Data is limited to "providing, maintaining, and improving" the service, communicating with users, and keeping users and the company safe, there is no indication of the collection of non-critical data. No opt-out feature is available for any data collection by Privacy.com.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Transparency

Does the policy require users to be notified in case of a data breach? No

0/7

Decided Sept. 17, 2019 (revision history). This question accounts for 8% of the final score.

Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.

Possible Options

No0/7
Yes, eventually5/7
Yes, within 72 hours7/7
N/A (the service collects so little personal data that notification would not be possible)7/7

Note

The Privacy Policy has no mention of user notification in the event of a data breach.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Is the policy's history made available? Only the date it was last modified

3/5

Decided Sept. 17, 2019 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Only the date it was last modified3/5
Yes, with revisions or a change-log5/5

Citation

Last updated: May 24, 2018

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Will the affected users be notified when the policy is meaningfully changed? No

0/5

Decided Sept. 17, 2019 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Yes5/5
N/A (no personal data—or contact information—collected)5/5

Note

The Privacy Policy has no mention of notifying users if it is changed in the future.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy outline the service's general security practices? Yes

2/3

Decided Sept. 17, 2019 (revision history). This question accounts for 4% of the final score.

Possible Options

No0/3
Somewhat1/3
Yes2/3
Yes, including audits2.5/3
N/A (no personal data collected)3/3
Yes, including independent audits3/3

Citation

We take reasonable measures, including administrative, technical and physical safeguards to help protect your personal data from loss, theft, misuse, unauthorized access, disclosure, alteration and destruction.

We maintain strict security standards and procedures with a view to preventing unauthorized access to your data by anyone, including our staff. We use leading technologies such as (but not limited to) data encryption, firewalls and server authentication to protect the security of your data. Our staff and third parties whenever we hire them to provide support services, are required to observe our privacy standards and to allow us to audit them for compliance.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.



Warnings

Privacy.com has no warnings published on PrivacySpy. PrivacySpy publishes warnings when it learns a service has announced a data breach or is found misusing user data. If you believe a warning should be published for Privacy.com, submit one here.


Highlighted Policy Snapshot ALPHA

Highlighted policy snapshots are a highly experimental feature that provide an annotated version of the privacy policy (displayed in a simplified 'reader view') with automatically-generated highlights. This feature is still in its early stages, so apologies if things don't look right!

6.4/10

How we calculate ratings →


Version Added

Sept. 17, 2019

Ratings Updated

Sept. 19, 2019

Warnings

0

Maintained by

owlswipe

Original Location
Open in New Tab
Other Versions