Privacy Policy

Last Updated and Effective As Of: April 24, 2019

The Privacy Policy (“Policy”) explains how we collect, use, disclose, and secure information we obtain when you use any website, mobile application, app or application programming interface (“API”), or Internet service under the control of Ocrolus Inc., whether partial or otherwise, in connection with providing an online platform for Ocrolus’ products or services (collectively, the “Site”) or when you otherwise interact with us, including through e-mail, text and other electronic messages. The terms “Ocrolus,” “we,” and “us” include Ocrolus, Inc. and our affiliates and subsidiaries. This Policy is incorporated by reference into our Terms of Use located at https://www.ocrolus.com/terms-of-use/. Any capitalized terms used and not defined in this Policy have the meaning given to them in the Terms of Use.

This Policy applies to any use of the Site. It does not apply to information collected by (i) us offline or through any other means not described herein, or (ii) any third party, including through any application or content (including advertising) that may link to or be accessible from our Site.

“Personal Information” means information that alone or when in combination with other information may be used to readily identify, contact, or locate you, such as: name, address, email address, financial account number, social security number, or phone number. Personal Information does not include information that has been anonymized so that it does not identify a specific user, which we may use for any legal purpose.

1. THE SITE AND SERVICES

Ocrolus operates a website and series of web-based applications that provide tools for aggregating, parsing, and displaying data, including personal or financial data users collect from third parties in an efficient and easily reviewable format for users to validate (the “Services”). The purpose of the Services is to review financial account data (including, but not limited to, account numbers and account holder information, account transactions, account statements, account position and balance information) (together, “Records”) from a variety of users, groups, advisors, clients, and other parties, retrieved from third party financial institutions, such as brokerages and banks, and parsed and summarized in a way that is searchable, verifiable and provides benefits to users. Records may include Personal Information from your customers, employees, or other individuals, and you will be responsible for obtaining the necessary permissions and authorizations for and maintaining the privacy and security of Records you share with Ocrolus. Our products and services may require registering as a user on our system; and other products and services may involve certain fees or require separate agreements between you and Ocrolus. Please reference our Terms of Use for more information on your rights as a user.

2. INFORMATION WE COLLECT

You must register to use the Site. To register, you may need to provide information about yourself, such as your contact information and a password. You may also provide other optional information, including Records, and Ocrolus may ask for other Personal Information in order to provide additional services and products to you. Some of the Services may require entering into additional agreements or contracts. We may also collect information Records from third parties at your request as part of those agreements or contracts, including but not limited to third-party verification sites, credit bureaus, mailing list providers, and publicly available sources. This information may include additional Personal Information, including but not limited to Social Security numbers.

Your Records will not be disclosed, except as required and permitted by law or under a separate agreement between you and Ocrolus. We restrict access to Personal Information to certain employees who require that information in order to maintain and operate Ocrolus’ systems and to provide the Services.

When you visit our Site or open our emails, we and our third-party partners, such as advertising networks, social media widgets, and analytics providers, collect certain information by automated means, such as cookies, web beacons and web server logs. By using the Site, you consent to the placement of cookies, beacons, and other similar technology in your browser and on emails in accordance with this Policy. The information collected in this manner includes IP address, browser characteristics, device IDs and characteristics, operating system version, language preferences, referring URLs, and information about the usage of our Site. We may use this information, for example, to determine how many users have visited certain pages or opened messages or newsletters, or to prevent fraud. We may link this data to your profile. Our partners also may collect and combine information collected on our Site and emails with other information about your online activities over time, on other devices, and on other websites or apps, if those websites and apps also use the same partners. We may collect your usage information about how you use the Site, including your access times, location, browser types and language, and Internet Protocol addresses. We may collect device-specific information when you access our Site, including your hardware model, operating system and version, unique device identifiers, mobile network information, and information about the device’s interaction with our Site. You may be able to change browser settings to block and delete cookies when you access the Site through a web browser. However, if you do that, the Site may not work properly. The Site does not respond to browser do-not-track signals.

3. HOW OCROLUS USES INFORMATION

Ocrolus uses and maintains user information for internal and Services-related purposes, and to help improve our products and services in the future. Ocrolus processes information you provide us for various purposes, including displaying the information to you, delivering related content, performing analysis on Records (including financial accounts) and other purposes relating to Ocrolus’ products and services or under the terms of a separate agreement between you and Ocrolus.

We may send you information related to your account or our products and services. We may send emails to the email address you provide to us, push notifications to your mobile device if you have downloaded our app and enabled notifications, and text messages to any cellphone number you provided to us, to verify your account and for informational and operational purposes, such as account management, customer service, system maintenance, and other Site-related purposes. If you decide at any time that you no longer wish to receive such communications from us, please follow the “unsubscribe” instructions provided in the communications.

We may also use information about you (i) to track and analyze trends and usage in connection with our Site; (ii) to process and deliver contest and promotion entries and rewards; (iii) to protect our rights or property; (iv) to compare information for accuracy; (v) to verify your identity as noted above; (vi) to investigate and prevent fraud or other illegal activities; and (vii) for any other purpose disclosed to you in connection with our Site.

Additionally, we use information that we collect about you or that you provide to us, including any Personal Information:

• To provide you with information, products or services that you request from us.
• To fulfill any other purpose for which you provide it.
• To provide you with notices about your account/subscription, including expiration and renewal notices.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• To notify you about changes to our Site.
• In any other way we may describe when you provide the information.
• For any other purpose with your consent.

We may use information about you for marketing purposes, such as providing online advertising on the Site and sending you information we think may be useful or relevant to you.

We may use third-party service providers to process and store Personal Information in the United States and other countries.

4. INFORMATION SHARING AND ONWARD TRANSFER

We do not rent, sell, or share Personal Information (as defined by California Civil Code §1798.83) that we collect on the Site with other people or unaffiliated companies for their direct marketing purposes, or otherwise share Personal Information with any third parties except as permitted or required by law. If Personal Information is submitted to Ocrolus within Records, you are responsible for ensuring it is shared in accordance with applicable law. Ocrolus does not have control over, and shall not be responsible for, how Personal Information contained in Records is used or shared prior to it being provided to Ocrolus for the Services or by you after the Services are delivered.

Additionally, we may share Personal Information in Records and otherwise as follows:

• To our subsidiaries and affiliates in order to provide the Services.
• To contractors, service providers and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them.
• To comply with any court order, law or legal process, including to respond to any government or regulatory request.
• To enforce or apply our Terms of Use, and other agreements, including for billing and collection purposes.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Ocrolus, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Ocrolus’ assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Information held by Ocrolus about our users is among the assets transferred.
• To fulfill the purpose for which you provide it.
• With your consent or direction.

We also anonymize or aggregate data collected through the Site, and may share non-personally identifiable information (aggregated or otherwise) with third parties for any reason.

5. INFORMATION SECURITY

We take reasonable measures to safeguard the security of Personal Information with industry-standard physical, electronic, and managerial procedures. The safety and security of Personal Information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Where you have given Personal Information in Records to us, you are responsible for ensuring the privacy and security of that Personal Information and obtaining the necessary authorizations and consent for it to be shared with us for the Services.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect Personal Information, we cannot guarantee the security of Personal Information transmitted to or through our Site. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on or within the Site.

6. DATA RETENTION

We store the information we collect about you for as long as is necessary for the purpose(s) for which we originally collected it. We may retain certain information for legitimate business purposes or as required by law.

7. TRANSFER OF INFORMATION TO THE U.S. AND OTHER COUNTRIES

Ocrolus is based in the United States and we process and store information in the U.S. and other countries. As such, we and our service providers may transfer your information to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it. If you are using the Site or Services, you agree to the transfer of your information to the United States and processing globally. By providing your information you consent to any transfer and processing in accordance with this Policy.

8. RESIDENTS OF THE EUROPEAN ECONOMIC AREA

If you are a resident of the European Economic Area (“EEA”), you have certain rights and protections under the law regarding the processing of your personal data.

Legal Basis for Processing

If you are a resident of the EEA, when we process your personal data we will only do so in the following situations:

We need to use your personal data to perform our responsibilities under our contract with you (e.g., providing the services you have requested).
We have a legitimate interest in processing your personal data. For example, we may process your personal data to send you marketing communications, to communicate with you about changes to our services, and to provide, secure, and improve our services.
You have given your consent to the processing of your personal data for one or more specific purposes.
Data Subject Requests

If you are a resident of the EEA, you have the right to access personal data we hold about you and to ask that your personal data be corrected, erased, or transferred. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may contact us at info@Ocrolus.com.

Questions or Complaints

If you are a resident of the EEA and have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your local Data Protection Authority, please see: https://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

9. YOUR CHOICES AS A USER

You may delete your Ocrolus account under the terms of an applicable agreement between you and Ocrolus. We will endeavor to act on deletion requests as soon as reasonably practicable. Deletions take effect when we act on them. Residual information related to your account may remain for some time on our servers. Some areas of Ocrolus’s website and some of Ocrolus’s services will not be available to you unless you choose to share certain Personal Information and Records.

You may be able to delete or change the Personal Information that you have previously provided by contacting us (please provide information to identify that you have the necessary authorization to submit the request). As described above, we will endeavor to act on these requests as soon as reasonably practicable, and residual information may remain on our servers. However, we may retain such information, in accordance with applicable laws.

10. THIRD PARTY LINKS

Ocrolus web sites may contain links to other sites, some of which are not owned by Ocrolus. Ocrolus is not responsible for the security or privacy practices of non-Ocrolus sites, the products or services offered by such sites, or the content appearing at such sites. Likewise, Ocrolus does not endorse any of the products or services marketed at non-Ocrolus sites. Ocrolus prohibits the framing of any materials available through the Ocrolus web sites and unauthorized hypertext links to Ocrolus’s web sites. Ocrolus reserves the right to disconnect or otherwise disable any unauthorized frames or hypertext links.

11. CHILDREN’S PRIVACY

Users under the age of 18 are not permitted to use the Services. In any event, we do not knowingly collect, maintain, or use Personal Information from children under 13 years of age, and no part of the Site is directed to children under the age of 13. If you learn that your child has provided us with Personal Information without your consent, you may alert us. If we learn that we have collected any Personal Information from children under 13, we will promptly take steps to delete such information.

12. CHANGES TO THIS POLICY

We may make changes to this Policy from time to time, and the revised version will be effective when it is posted. If we make any material changes, we will let you know through the Site or other communication. We encourage you to read this Policy periodically to stay up-to-date about our privacy practices. As long as you use the Site or Services, you are agreeing to this Policy and any updates we make to it.

13. CONTACT INFORMATION

If you have questions or comments about this Policy, please contact us at:Ocrolus Inc.
40 Exchange Place
Suite 1110
New York, NY
10005
Tel: (646) 850-9090
Email: info@ocrolus.com