Welcome to Scratch! We're excited to help you manage and pay off your loans. This Privacy Policy describes what Scratch Services, LLC and its affiliates ("Scratch," "we," "us" or "our") do with information we collect about you. We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your personal information, please contact us at legal@scratch.fi.
Protecting Your Information
Scratch takes privacy and security of your personal information seriously. We maintain administrative, technical and physical safeguards designed to protect your information's security, confidentiality and integrity.
Remember: information you submit to us by email is not secure, so please do not send sensitive information in any email to Scratch. We will never request that you send us sensitive or personal information over email; please report any such requests by emailing us at support@scratch.fi.
When you use our Website or our Services (which are both defined in our Terms of Service), you are agreeing to our Terms of Service and consenting to how we collect, share, use and store information about you as described in this Privacy Policy. Our goal is to explain to you in the clearest way possible what information we collect, how we use it, and what rights you have. We hope you take time to read through this policy carefully, as it is important. If there are any terms in this Privacy Policy that you do not agree with, please stop using our Website and our Services.
This Privacy Policy applies to all information collected through our Website or our Services.
Please read this Privacy Policy carefully as it will help you make informed decisions about sharing your personal information with us.
In addition to the information you give us, we automatically collect certain information about how you access and interact with our Website and our Services.
1. Information We Collect About You
Personal information you give to us
In short: We collect personal information that you provide to us such as name, address, contact information, passwords and security data, and payment information)
We collect personal information from you when you use our Website or our Services. The personal information that we collect depends on the context of your interactions with us and the Website or Services, the choices you make, and the products and features you use. By "personal information," we mean information that specifically identifies you, such as:
- Name and contact data. We collect your first and last name, contact information (address, telephone number and email address), and other similar contact data.
- Loan information. We collect information related to your loan, such as promissory note, payment history, loan agreement, disclosures, communications sent to and from you, and information related to the origination of your loan.
- Credentials. We collect account numbers, account credentials, passwords, security data, password hints, and similar security information used for authentication and account access. This may include both credentials for our own Website and Services as well as those of third parties.
- Payment Data. We collect data necessary to process your payment if you make purchases, such as your ACH information. All payment data is securely stored by our payment processor. Contact us for more information about our privacy processor to obtain its privacy policies.
- Demographic information. We collect information such as your date of birth, employment and income information, school or program information, credit score, and social security number.
All information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information. Information that has been made anonymous and/or does not identify a specific person is not considered personal information.
We collect personal information that you voluntarily provide to us when you use our Website or Services, express an interest in obtaining information about us or our products or services, use the Website or Services or otherwise contact us.
Information automatically collected
In short: Some information – such as IP address and/or device characteristics – is collected automatically when you visit our Website or use our Services.
We automatically collect certain information when you access, visit, use, or navigate our Website or Services. This information is primarily needed to maintain the security and operation of our Website and Services, and for our internal analytics and reporting purposes. Like many businesses, we also collect information through cookies and similar technologies. This information does not reveal your specific identity (like your name or contact information) but may include the following types of information:
- Access. We may collect data such as your browser type, device type, device and usage information, device ID, internet service provider, IP address of your computer or device, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, and other technical information.
- Interactions. We may collect information about how you interact with our Website and our Services, such as data about which pages you view, which features you visit or click on, which support channel you use, which emails you open, number of clicks, clickstream information, data and time stamps, referring/exit pages, how you interact with links on the Website, and other information about how and when you use our Website or Services. This information is primarily needed to maintain the security and operation of our Website and Services, and for our internal analytics and reporting purposes.
- Cookies and similar technologies. We may use cookies, web beacons and similar technologies to capture and retain certain information. We use these technologies to collect and store information when you use our Website and our Services—this may include sending one or more cookies or anonymous identifiers to your device. This information helps us improve your experience using our Website and our Services. Disabling cookies or similar technologies may affect the functionality of certain features of our Website and our Services. We do not process "do not track" signals.
Information collected through our apps
In short: We may collect information regarding your mobile device and we may use push notifications when you use our mobile apps.
If you use our apps, we may also collect the following information:
- Mobile device access. We may request access or permission to certain features from your mobile device, including your mobile device's calendar, reminders, SMS messages, and other features. If you wish to change our access or permissions, you may do so in your device's settings.
-
Mobile device data. Mobile device data. We may automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information, and IP address.
- Push notifications. We may request to send you push notifications regarding your account or the mobile application. If you wish to opt-out from receiving these types of communications, you may turn them off in your device's settings.
Information collected from third parties
In short: We may collect data from public records, consumer reporting agencies, financial institutions, marketing partners, and other outside sources
We may obtain information about you from third parties, such as public records or databases, joint marketing partners, consumer reporting agencies (such as TransUnion, Equifax and Experian), financial institutions, information service providers, as well as from other third parties. We may work with third party data partners to supplement information we collect directly from you for account management, fraud, or identity verification purposes. Examples of the information we may receive from other sources include: marketing leads and search results and links, including paid listings (such as sponsored links); bankruptcy, SCRA, FCRA, and Office of Financial Assets Control (OFAC) monitoring, and other third party data sources. We may obtain your credit report information from one or more consumer reporting agencies in connection with servicing your loan.
We use Plaid Technologies, Inc. ("Plaid") to gather your data from financial institutions. By using our Services, you grant us and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from your financial institution. You agree to your personal and financial information being transferred, stored and processed by Plaid in accordance with the Plaid Privacy Policy.
Information collected through monitoring
We may collect information about you indirectly through monitoring or other means (for example, recording telephone calls, monitoring emails and information collected through your use of our Website and our Services). By communicating with us, you acknowledge that your communications may be overheard, monitored or recorded without further notice or warning.
2. How We Use Your Information
In short: We process your information for purposes based on legitimate business interest, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent.
We use personal information to provide, maintain, develop and improve our Website and our Services, to authenticate your identity, to communicate with you, to respond to your requests, to administer, operate and manage your account with us, to provide you with personalized content and customize our Website and/or our Services, to conduct research and analysis, to optimize our business processes, to mitigate fraud and manage risk, to fulfill our contractual, legal and regulatory requirements, to support our internal business operations (including to perform accounting, auditing and other internal functions), for compliance with our legal obligations, and to provide investor reporting.
We may also use personal information to deliver targeted communications and notices to you.
We may combine information that we collect offline or that we receive from third party sources (such as your credit report information) with your personal information in order to provide, improve and personalize our Website and our Services for you.
Here are specific examples of how we use the information we collect or receive:
- To facilitate account creation and the login process. If you choose to link your account with us to a third party account (such as your bank account), we use the information you allowed us to collect from those third parties to facilitate account creation and the login process.
- To send administrative information to you. We may use your personal information to send you product, service, and new feature information and/or information about changes to our terms, conditions, and policies.
- Request feedback. We may use your information to request feedback and to contact you about your use of our Services.
- To protect our Services. We may use your information as part of our efforts to keep our Services safe and secure (for example, for fraud monitoring and prevention).
- To enforce our terms, conditions, and policies.
- To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond. We may also be required to use data to respond to a subpoena or other request from a law enforcement agency or governmental agency.
- For other business purposes. We may use your information for other business purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Services and your experience.
Aggregate information
We may also aggregate information in a non-personally identifiable form to use in our business and to share with business partners. We may produce data analytics and reports containing anonymized summaries of personal information and other information and provide such information to third parties—this information may include personal information that has been aggregated and anonymized, and will not identify you.
3. When We Share Your Personal Information
In short: We only share information with your consent, to comply with legal requirements, to protect your rights, or to fulfill business obligations.
We share your personal information with third parties only in the ways described in this Privacy Policy and as required by law, as well as to cooperate with law enforcement and government agencies. We do not sell or rent your personal information to third parties for marketing purposes.
We may process or share data based on the following legal bases:
- Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
- Legitimate interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
- Performance of a contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.
- Legal obligations: We may disclose your information when we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or subpoena (including in response to public authorities to meet national security or law enforcement requirements).
- Vital interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving threats to the safety of any person or illegal activities, or as evidence in litigation in which we are involved.
We share your personal information with employees, affiliates, and third party service providers as necessary to operate our business and to provide, maintain, develop and improve the Website and the Services.
Some of the ways in which we may share your personal information include, but are not limited to:
- to process transactions, maintain records, provide customer service, communicate with you, resolve disputes, conduct research and store data
- to conduct servicing and collections activities, to prevent fraud or illegal activity, to recover debts and to protect our or others' rights, property or safety
- with consumer reporting agencies, as permitted by law
- to respond to court orders, subpoenas and other legal processes, to comply with external audits or other investigations and to respond to law enforcement, regulators or governmental requests
- in connection with a change of control, merger, acquisition, consolidation, sale or transfer of our assets, financing, acquisition or servicing transfer
We share your personal information, information about your loan performance, your payment history and your account activity with the owner(s) of your loan as part of our investor reporting.
We may need to need to process your data or share your personal information in the following situations:
- Vendors, consultants, and other third party service providers. We may share your data with third party vendors, service providers, contractors, or agents who perform services for us on our behalf and request access to such information to do that work. Examples include: payment processing, data analysis, email delivery, hosting services, customer service, and marketing efforts. We may allow selected third parties to use tracking technology on our Services, which will enable them to collect data about how you interact with our Services over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. We do not share, sell, rent, or trade any of your information with third parties for their promotional purposes.
- Business transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this privacy policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
- Business partners. We may share your information with our business partners to offer you certain products, services, or promotions.
4. Use of Cookies and Other Tracking Technologies
In short: We may use cookies and other tracking technologies to collect and store your information.
We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can assert your right to opt out of certain cookies is available by contacting us at support@scratch.fi.
5. How Long We Keep Your Information
In short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
6. How We Keep Your Information Safe
In short: We aim to protect your information through a system of organizational and technical security measures.
We have implemented reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is secure. Although we will do our best to protect your personal information, personal information sent through the internet comes with some amount of inherent risk, of which you should be aware.
7. Whether We Collect Information from Minors
In short: We do not knowingly solicit or collect data from or market to children under 18 years of age.
We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 years of age or that you are the parent or guardian of such a minor and consent to such minor's use of the Services. The content of our Website and our Services is not directed at children under the age of 18. If we learn or are notified that we have collected personal information from a child under the age of 18, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you believe that we might have any information from a child under 18, please let us know by contacting us at support@scratch.fi.
8. Your Privacy Rights
In short: You may review, change, or terminate your account any time.
Account information. If you would at any time like to review or change the information in your account or terminate your account, you can:
- Log into your account settings and update your user account
- Contact us using the contact information provided or at support@scratch.fi
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, service your loan, assist with investigations, enforce our Terms of Service and/or comply with legal requirements.
Cookies and similar technologies. Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.
9. Controls for Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (DNT) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.
10. Specific Privacy Rights for California Residents
In Short: If you are a resident of California, you have specific rights regarding access to your personal information.
California Shine the Light: Users who are California residents may request and obtain from us, once a year and free of charge, information about the categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided in this privacy policy.
If you are under 18 years of age, reside in California, and have a registered account with our Services, you have the right to request removal of unwanted data that you publicly post on our Services. This right is in addition to your right specified in Section 8 to terminate your account. To request removal of such public data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on our Services, but please be aware that the data may not be completely or comprehensively removed from our systems.
California Consumer Privacy Act (“CCPA”): California residents also have certain rights regarding their “Personal Information” as described by the CCPA. Under the CCPA, Personal Information is defined as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Some information that we collect from California residents may be exempt from the requirements of the CCPA because it is covered by a specific federal privacy law such as the Gramm-Leach-Bliley Act (“GLBA”), the Fair Credit Reporting Act (“FCRA”), or the Health Insurance Portability and Accountability Act (“HIPAA”). To the extent we collect Personal Information that is subject to the CCPA, the information, your rights, and our practices are described in this Privacy Policy.
Your right to notice regarding collection and categories of personal information collected.
Under the CCPA, you have the right to be notified of the categories of Personal Information we collect and the purposes for which those pieces of Personal Information will be used at or before the time of collection. The Categories we use to describe Personal Information are those described in the CCPA.
- Personal Identifiers
- We collect your name, phone number, and email address and contact address when you create an account or complete a transaction. We use this information to provide the Services, respond to your requests, and send information and advertisements to you.
- We collect payment information when you provide it to us, which may be your bank account or debit card information, when you complete a transaction, and you may store this information in your account to use for future payments, or to set up recurring transactions.
- We may collect your Social Security number or Driver’s License number. We use this information to identify you, authenticate and collate information about you, prevent fraud, and conduct background checks or other screening activities.
- We collect your IP address automatically when you use our Services. We use this information to identify you, gauge online activity on our website, measure the effectiveness of online services, applications, and tools.
- We collect your Device ID automatically when you use our Services. We use this information to monitor your use, and the effectiveness of, our Services, and to identify you.
- Protected classifications: We collect your age in order to comply with laws that restrict collection and disclosure of personal information belonging to minors.
- Biometric information: We collect information about your physiological, biological, and behavioral characteristics. We use this information to verify your identity.
- Internet or other electronic network activity information: We collect information about your browsing history, search history, interaction with websites, and applications or advertisements automatically when you utilize our Services. We use this information to gauge online activity on our website, measure the effectiveness of online services, applications, and tools.
- Audio, electronic, visual, or similar information: If you contact us by telephone, we may record the call. We will notify you if a call is being recorded at the beginning of the call. We may collect your photographic or video image, or similar information. We use this information to monitor our customer service, maintain the security of our systems and physical locations, and train employees.
- Professional or employment-related information: We may collect information about your current employer and your employment history. We use this information to conduct background and other screening activities, and to promote our services to others.
- Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences or characteristics: We may analyze your actual or likely preferences through a series of computer processes. On some occasions, we may add our observations to your internal profile. We use this information to measure the appeal and effectiveness of our Services, applications, and tools.
We may use any of these categories information listed above in this Privacy Policy for other business or operational purposes compatible with the context in which the Personal Information was collected.
We may share any information listed above with our Service Providers engaged to conduct activities on our behalf. Service Providers are prohibited from using Personal Information for any purpose not related to our engagement with them. The categories of Service Providers we engage with are described in Section 3 of this Privacy Policy.
Right to know about what personal information has been collected, disclosed, or sold.
You have the right to request that we disclose to you the Personal Information we collect, disclose, sell, or use. You also have the right to know the sources of the information, the purposes for which we collected it, and the third parties and service providers with whom we may share it. To process your request we may ask you to take additional steps to verify your identity or validate your request.
Verification and Validation Procedures
To process your request to know about or to delete personal information, we must verify your request. To do this we may require the following:
- Requesting you to provide personal identifiers we can match against our information we have previously collected from you, and
- Asking for you to confirm your request using the email address or telephone number stated in your request.
If you have authorized a third party to make requests on your behalf we may require that you provide a notarized statement confirming the identity and authority of that third party to request information on your behalf.
Right to request deletion of information
You have the right to request under certain circumstances that we delete any Personal Information that we collected directly from you. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you might have anticipated. If we do, we will explain that to you in our response to your request. To protect our consumers’ Personal Information we must verify your identity before we can act on your request.
Right to opt out of sale of personal information to third parties
Scratch does not sell Personal Information to third parties, however, California law requires that we maintain a separate webpage that allows you to opt out of the sale of your Personal Information in the future, which can be accessed by visiting our web page, or by calling us at (844) 727-2684.* Your request to opt out will not apply to our sharing of Personal Information with service providers we engage to perform a function on our behalf who are contractually obligated to use the Personal Information only for that function. We may also disclose information to other entities when required by law, or to protect Scratch or other persons as described in this Privacy Policy.
Right to non-discrimination for exercising your privacy rights
Scratch is prohibited from discriminating against you for exercising your privacy rights under the CCPA. This means that if you submit a valid request as described in this Privacy Policy that we may not provide any differing service to you than if you had not exercised your rights.
How to submit a request
You may submit a request to exercise your rights under California Law by contacting us through the following channels:
- Visiting our website at https://forms.gle/1FVEddSpnXmHzVqN9 where you can request or download specific pieces of information we have collected.
- Call us at (844) 727-2684.*
Authorized agent
You may authorize another individual or business registered with the California Secretary of State to make a request on your behalf. We will require that the individual authorizing another submit a notarized affidavit to verify the identity of the authorized agent and confirm you have authorized them to act on your behalf.
11. Specific Privacy Rights for Vermont Residents
If you reside in Vermont, we will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, financial information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures.
12. Other Required Notices
If you reside outside of the United States, your information may be transferred to, and processed and stored in, the United States or other jurisdictions in accordance with applicable law in that jurisdiction. We do not store data outside of the United States. Upon termination or deactivation of your Scratch Account (as defined in the Terms of Service), we may retain your information for backup, archival or audit purposes.
13. How to Update Your Info
It's important that you keep your contact information up to date. You can review and edit your contact information at any time by logging in to your account. If you need to change any other account information, please call us at (844) 727-2684.*
14. Notification Preferences
You can review and adjust your notification preferences by logging in to your account or by emailing support@scratch.fi.
15. Updates to this Privacy Policy
This Privacy Policy is effective as of the date above. We may update this Privacy Policy from time to time. We will post any changes to the Privacy Policy on our Website, and we will notify you of any material changes to the way we treat your personal information by providing prominent notice on our Website or by directly sending you a notification. Your use of our Website and/or our Services following any update to the Privacy Policy means that you accept the updated policy.
16. Contacting Us About This Policy
If you have any questions, comments or suggestions for us, please let us know. You can visit our Help Center at www.scratch.fi, contact us by email at support@scratch.fi, by phone at (844) 727-2684* or by snail mail at P.O. Box 411285, San Francisco, CA 94141-1285.