July 5, 2023
Please read this Policy carefully to understand what we do. This Policy also incorporates notices and disclosures as required under the California Consumer Privacy Act (“CCPA”). The CCPA addresses changes in technology, data practices, and privacy concerns by establishing rules and procedures to help empower consumers to control how businesses collect, use, and share personal information. The CCPA grants California consumers robust data privacy rights and controls over their personal information, including notice of this Policy and Aspiration’s data practices, the right to delete, the right to opt-in and opt-out of data selling practices, as well as additional protections for minors.
Aspiration collects your personal information in the following ways: (1) when you voluntarily provide it by using or visiting our Services; and, (2) with automated technologies connected to those Services, and (3) through third parties.
The CCPA broadly defines “Personal Information” as any information that directly or indirectly identifies, describes, relates to, is reasonably capable of being associated with, or, can reasonably link a particular consumer or household.
Over the past twelve (12) months, Aspiration’s direct and indirect collection of Personal Information has fallen into the following categories, although we may not gather, use, or share every specific piece of Personal Information from every consumer:
Information Aspiration collects from Third Parties about you
Consumer reports. Aspiration both receives and transmits data to consumer reporting agencies to assess your creditworthiness and to prevent fraud and identity theft. This is done as part of our regular underwriting, fraud prevention and loan servicing processes.The following information can be collected from third parties if you enroll in certain Services. This includes information regarding:
Information not falling into these categories include publicly available information, de-identified or aggregated consumer information, personal and financial information under the GLBA, medical and HIPAA protected information, and other information excluded from the CCPA’s scope.
When you choose to open an account with Aspiration, we are required under law and by regulation to collect and maintain certain types of Personal Information, including, but not limited to, your full legal name, email address, permanent address, date of birth, social security number and information about your finances. If you do not consent to providing this information, you cannot become an Aspiration customer.
If your browser is set to reject Cookies, you may continue to use our Services, but some aspects of the Service may not function as intended and other Services may be limited. Other third-party data sharing services will be described below.
If we combine any non-personally identifiable information with Personal Information, we will treat the combined information as Personal Information.
As part of our relationship, Aspiration may from time to time produce, compile, or aggregate some of your Personal Information in certain data analysis, reports, or other interpretations or inferences of user trends and patterns for both internal and external purposes. When including, compiling, or aggregating Personal Information for such purposes, we make sure that the information is anonymized such that it is not identifiable to any particular customer.
We will only share Personal Information with third parties as described in this Policy, for any purpose to which you consent or direct, or as required by law. In order for you to receive our Services, Aspiration shares your Personal Information with certain third-parties, affiliates, banking partners, service providers, data aggregators, consumer protection and fraud services providers, and data processors (“Affiliates”). Aspiration and Affiliates may collect, use, and share Personal Information for reasons that include but are not limited to:
Affiliate providers may include, but are not limited to, fund accountants and accounting firms, security custodians, asset transfer agents, business associates, subcontractors, commercial and transactional processors, merchants, and client selected charities.
In the preceding twelve months, Aspiration has not sold to a third party for monetary or other valuable consideration any Personal or Sensitive Personal Information.
Over the past twelve (12) months, Aspiration may have disclosed Personal Information in limited cases, such as with our Affiliates or network of banking partners, as appropriate, to conduct our operations and to maintain the relationships that allow us to provide you with our Services. The CCPA restricts Affiliates from reselling your Personal Information unless you’ve been provided notice and an opportunity to opt-out.
We may also share your Personal Information with relevant third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, stock, or assets (including in connection with any bankruptcy or similar proceedings).
While you are using or visiting our Services, we may use and share information collected to target-market interests within or outside the scope of our Services in order to better tailor your experience. This may include Affiliates in order to facilitate our relationships and advertise our Services.
When engaging in targeting marketing, Aspiration follows standard principles for online advertising as provided by the Digital Advertising Alliance (“DAA”). If you do not wish to receive such targeted advertising, please visit the Network Advertising Initiative Consumer Opt-Out Page at networkadvertising.org/choices, the DAA Consumer Choice page at aboutads.info/consumers, or visit the websites of our advertising affiliates to opt-out. To opt out in mobile apps, please download the DAA's AppChoices tool at aboutads.info/appchoices. (This will not prevent you from seeing ads; the ads simply will not be delivered through these targeting methods.)
Our Services do not necessarily respond to “do not track” applications.
Security is at the heart of everything we do. Aspiration works to provide a secure online environment, protect your personal information and empower you to safeguard your account. We have diligently implemented reasonable systems to protect your data and our assets. We store and maintain data with physical, administrative, and electronic safeguards that comply with federal and state laws and regulations.
We use our reasonable best efforts to protect Personal Information, however no method of transmission or method of data storage is 100% secure. Despite our reasonable best efforts, we cannot assure that Personal Information that we collect will never be disclosed in a manner inconsistent with this Policy. If you see any unrecognized or fraudulent activity in your account, please contact Aspiration Security immediately at email@example.com or 800-683-8529.
When you choose to open an account with Aspiration, we are required by law and regulation to retain certain Personal Information for specific amounts of time. Failure to preserve these records could result in fines and penalties, spoliation liability, contempt issues, or reputational harm. Aspiration also maintains Personal Information to provide you with our Services and for legitimate business needs.
Aspiration may delete Personal Information after its legitimate business need has passed, in accordance with law or regulation, or by your request (if your request to delete information conflicts with a legal or regulatory requirement to retain information, you may be notified).
Cyberattacks, hacks, breaches, and incidental losses of Personal Information, business assets, and computer systems are increasingly common. These attacks can be extremely damaging, particularly if Personal Information or business records have been compromised. Incidents cost companies and consumers time and money.
In the event of a Breach, Aspiration has implemented an incident response plan as required by law and regulation to document process, mitigate damage, and to notify consumers of remedial resources. Aspiration has implemented California Code requirements for data breach notifications.
The CCPA grants consumers enhanced data rights regarding their Personal Information. Aspiration has implemented CCPA requirements across our business and have extended protections to all of our US-based customers.
If you have questions about any of your data rights or Aspiration’s obligations, including accessing your Personal Information, opting-out of certain practices, and/or requesting Personal Information be deleted, please send us an email at firstname.lastname@example.org or give us a call at 800-683-8529. Aspiration endeavors to respond to requests within forty-five (45) days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Aspiration’s Services are not directed toward anyone under the age of 18. We will endeavor to delete personally identifiable information provided by minor children without their parent’s or guardian’s consent upon notification by said parent or guardian in a time and manner that is commercially reasonable. Any such notification should be sent to email@example.com.
Aspiration will not change our data collection, use, or sharing policies and practices for materially different, unrelated, or incompatible purposes without first providing notice.