Privacy and security are very important to us at Belvo. This Policy is meant to help you understand how we at Belvo collect, use, and share End-User information in our possession to operate, improve, develop, and protect our services, and as otherwise outlined in this Policy. Please take some time to read this Policy carefully.
Our mission at Belvo is to power the next generation of financial services in Latin America through Open Banking. Our technology provides an easy way for you (the “End-User”) to connect your bank account and other financial accounts to software applications that can help you do things like simplify your accounting, manage your spending or streamline credit applications. These software applications are built and provided by our business clients (we’ll call them “developers”) and powered by Belvo. By delivering access to high-quality, usable financial account data that we’ve translated and standardized, we enable our developers to focus on building experiences that benefit you.
Our goal with this Policy is to provide a simple and straightforward explanation of what information Belvo collects from and about End-Users, and how we use and share that information. While we generally rely upon our developers to inform you about the services we provide to the developer, and also to provide notice and obtain any necessary consent for us to process your information, we value transparency and want to provide you with a clear and concise description of how we treat your information. Please note that this Policy only covers the information that Belvo collects, uses, and shares and it does not explain what our developers do with any End-User information we provide to them (or any other information they collect about you, their End-User). This Policy also does not cover any websites, products, or services provided by others. We encourage you to review the privacy policies or notices of our developers or those third parties for information about their practices.
We use the information we collect to operate, improve, and protect the services we provide, and to develop new services. More specifically, we use your information:
We take deliberate steps designed to protect End-User information in our possession. These steps include maintaining information security controls such as data encryption, firewalls, logical and physical access controls, and continuous monitoring. These controls are regularly evaluated for effectiveness against industry standards internally and by independent security auditors.
We do not sell or rent End-User information to marketers or other third parties. But we do share End-User information with third parties as described in this Policy. For example, we share your information with the developer of the application you are using and as directed by that developer (such as with another third party if so directed by you). We also share your information:
We may collect, use, and share information in an aggregated or anonymized manner (that does not identify you personally) for any purpose permitted under applicable law. This includes creating or using aggregated or anonymized data based on the collected information to develop new services and to facilitate research.
We retain information we collect about you for as long as necessary to fulfill the purposes for which we collected it, unless a longer retention period is required or permitted under applicable law. As permitted under applicable law, even after you stop using an application or terminate your account with one of our developers, we may still retain your information (for example, if you still have an account with another developer). However, your information will only be processed as required by law or in accordance with this Policy.
We operate internationally, and as a result the information we collect about you may be transferred, used, or stored in any country where we have operations or where we engage service providers. That means that your information may be transferred to a different country than where it was collected and which may not provide equivalent levels of data protection as your home jurisdiction.