Belvo
Last updated: 09 October 2019

1. The Basics

Why is this important?

Privacy and security are very important to us at Belvo. This Policy is meant to help you understand how we at Belvo collect, use, and share End-User information in our possession to operate, improve, develop, and protect our services, and as otherwise outlined in this Policy. Please take some time to read this Policy carefully.

Some background

Our mission at Belvo is to power the next generation of financial services in Latin America through Open Banking. Our technology provides an easy way for you (the “End-User”) to connect your bank account and other financial accounts to software applications that can help you do things like simplify your accounting, manage your spending or streamline credit applications. These software applications are built and provided by our business clients (we’ll call them “developers”) and powered by Belvo. By delivering access to high-quality, usable financial account data that we’ve translated and standardized, we enable our developers to focus on building experiences that benefit you.

About this Policy

Our goal with this Policy is to provide a simple and straightforward explanation of what information Belvo collects from and about End-Users, and how we use and share that information. While we generally rely upon our developers to inform you about the services we provide to the developer, and also to provide notice and obtain any necessary consent for us to process your information, we value transparency and want to provide you with a clear and concise description of how we treat your information. Please note that this Policy only covers the information that Belvo collects, uses, and shares and it does not explain what our developers do with any End-User information we provide to them (or any other information they collect about you, their End-User). This Policy also does not cover any websites, products, or services provided by others. We encourage you to review the privacy policies or notices of our developers or those third parties for information about their practices.

2. Information We Collect

  • Information you provide: When you connect your financial accounts with a developer application or otherwise connect your financial accounts through Belvo, we collect login information required by the provider of your account, such as your username and password, answers to challenge questions, or a security token. In some cases, we also collect your phone number to help verify your identity before connecting your financial accounts. When providing this information, you give the developer and Belvo the authority to act on your behalf to access and transmit your information from the relevant financial institution and other financial service provider.
  • Information collected from your financial institutions: The information we receive from the financial institutions and other financial service providers that maintain your financial accounts varies depending on the specific Belvo services our developers use to power their applications and websites, as well as the information made available by those institutions and providers. But, in general, we collect the following types of information from your financial institutions and other financial service providers:
    • Personal information: name, date of birth, full address(es), email address, phone number, gender;
    • Bank account information:
      • Account type (E.g. Current, Saving, Investment, Credit Card);
      • Account name;
      • Account number (both local and international);
      • Currency;
    • Account balance information:
      • Current balance;
      • Available balance (credit cards);
      • Interest rate;
      • Payment due date (credit cards);
      • Next closing date (credit cards);
      • Minimum payment due (credit cards);
    • Transactions:
      • Time;
      • Description;
      • Amount;
      • Meta data (arbitrary data that banks associate with a transaction); and/or
    • Additional data which Belvo may collect in the future:
      • Loans data;
      • Insurance data; and/or
      • Investments data
      • Fiscal and third-party provider (E.g. Utilities) information
  • Information received from your devices: Our technology is generally embedded in our developers’ applications. When you use your device to connect to our services through a developer application, we receive information about that device, including IP address, hardware model, operating system, and other technical information about the device. We also use cookies or similar tracking technologies to collect usage statistics and to help us provide and improve our services; you can find more information about how we use cookies and your related choices in our Cookies Policy.
  • Information we receive about you from other sources: We also receive information about you directly from the relevant developer or other third parties, including service providers and identity verification services. For example, our developers may provide information to us about you, such as your full name, email address, phone number, or information about your account transactions.

3. How We Use Your Information

We use the information we collect to operate, improve, and protect the services we provide, and to develop new services. More specifically, we use your information:

  • To operate, provide, and maintain our services;
  • To improve, enhance, modify, add to, and further develop our services;
  • To protect you, our developers, our partners, or Belvo from fraud, malicious activity, and other privacy and security-related concerns;
  • To develop new services;
  • To provide customer support to you or to our developers, including to help respond to your inquiries related to our service or our developers’ applications;
  • To investigate any misuse of our service or our developers’ applications, including violations of our Client Terms of Service, criminal activity, or other unauthorized access to our services; and
  • For any other purpose with your consent

4. How We Store Your Information

We take deliberate steps designed to protect End-User information in our possession. These steps include maintaining information security controls such as data encryption, firewalls, logical and physical access controls, and continuous monitoring. These controls are regularly evaluated for effectiveness against industry standards internally and by independent security auditors.

We do not sell or rent End-User information to marketers or other third parties. But we do share End-User information with third parties as described in this Policy. For example, we share your information with the developer of the application you are using and as directed by that developer (such as with another third party if so directed by you). We also share your information:

  • With your consent;
  • With our service providers, partners, or contractors in connection with the services they perform for us or our developers;
  • If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena);
  • In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
  • Between and among Belvo and our current and future parents, affiliates, subsidiaries and other companies under common control or ownership; or
  • As we believe reasonably appropriate to protect the rights, privacy, safety, or property of you, our developers, our partners, or Belvo.

We may collect, use, and share information in an aggregated or anonymized manner (that does not identify you personally) for any purpose permitted under applicable law. This includes creating or using aggregated or anonymized data based on the collected information to develop new services and to facilitate research.

We retain information we collect about you for as long as necessary to fulfill the purposes for which we collected it, unless a longer retention period is required or permitted under applicable law. As permitted under applicable law, even after you stop using an application or terminate your account with one of our developers, we may still retain your information (for example, if you still have an account with another developer). However, your information will only be processed as required by law or in accordance with this Policy.

5. International Data Transfers

We operate internationally, and as a result the information we collect about you may be transferred, used, or stored in any country where we have operations or where we engage service providers. That means that your information may be transferred to a different country than where it was collected and which may not provide equivalent levels of data protection as your home jurisdiction.