Cledara's Privacy Policy

1. Introduction‍

This Privacy Policy provides a comprehensive description of how Cledara collects, uses, and shares information about you as well as your rights and choices regarding such information. For purposes of this Privacy Policy, "Cledara", "we", "our", and "us" refers to Cledara Limited and its subsidiaries and "you" or "your" refers to the natural person interacting with us.

This Privacy Policy applies to residents of the United States of America that access our website available at www.cledara.com ("Website"), use our web application available at https://app.cledara.com (“Web Application”), use our Chrome Extension, our emails and advertisements, and any other location, online or offline, operated by us that makes this Privacy Policy available to you (collectively, the "Service").

As further described in the "Information Collected through the Product" section, when you apply for an account with Cledara as a business customer or create an account as an authorized user of a business customer ("Cledara Account"), access or interact with our online platform available at https://app.cledara.com through your Cledara Account ("Platform"), or use a virtual payment card issued by a bank issuer managed through your Cledara Account ("Card") (collectively, the "Product"), our processing of information through the Product is governed by the terms of our agreements with the issuing bank and the applicable business customer, including our Platform Agreement. In the event we are permitted to process the information for our own purposes, we will process the information in accordance with the practices described in this Privacy Policy.

Your use of the Service or Product constitutes your agreement to our data practices, and any other policies made available by us to you. If you do not agree, please notify us in writing, close your Cledara Account, delete any cookies you may have on your devices, and cease all use of the Service and Product. In certain circumstances, the business customer on whose behalf we provide services will need to confirm your choice before we can fully process your request.

If you have any questions or wish to exercise your rights and choices, please contact us at dpo@cledara.com or as further set out in the "Contact Us" section. If you are a Nevada resident, or a California resident, please see the additional disclosures at the end of this Privacy Policy.

2. Information That Cledara Collects

A. Information Collected through the Service

We collect information when you use or interact with our Service. For example, we collect information when you browse our Website, use our Web Application or Chome Extension, read our emails, view our advertisements, engage in our affiliate referral program, apply for a job, contact us, or ask us a question. We collect information that you actively provide to us, and information that is automatically collected through tracking technologies (described below).

The categories of information you provide to us through our Service include:

• Contact Data, including your first name, last name, email address, phone number, Social Security Number and date of birth..
• Company Data, including your company name, size, and postal address, bank details, bank transaction information, and your job title .
• Content, including content within any messages you send to us (such as when contacting sales or asking a question).
• Job Applicant Data, including your employment and education history, transcripts, writing samples, and references as necessary to consider your job application for open positions.
• Referral Data, including information you provide about any potential referrals as part of our affiliate referral program, such as their name, email address, and phone number. Where you provide information about potential referrals, you agree that you have all rights and permissions necessary to provide such information to us.

You may choose to voluntarily provide other information to us that we do not request, and, in such instances, you are solely responsible for such information.

The categories of information we automatically collect through our Service include:

• Service Use Data, including information about how much time you spend on particular pages you visit, the features you use, your preferences or selections, the services you view, the SaaS products you use, the time of day your browse, and your referring and exiting pages
• Device Data, including information about the type of device or browser you use, your device's operating software, your internet service provider, your device's regional and language settings, and device identifiers such as IP address and Ad Id.
• Location Data, including imprecise location information (such as location derived from an IP address or information that indicates a city or postal code level).

The types of tracking technologies we use to automatically collect information include:

• Log Files, which are files that record events that occur in connection with your use of the Service.
• Cookies, which are small data files stored on your device that act as a unique tag to identify your browser. We use two types of cookies: session cookies and persistent cookies. Session cookies make it easier for you to navigate websites and expire when you close your browser. Persistent cookies help with personalizing your experience, remembering your preferences, and supporting security features. Additionally, persistent cookies allow us to bring you advertising. Persistent cookies may remain on your device for extended periods of time, and generally may be controlled through your browser settings.
• Pixels (also known as web beacons), which is code embedded in a website, email, or advertisement that sends information about your use to a server. There are various types of pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contains JavaScript code). When you access a website, email, or advertisement that contains a pixel, the pixel may permit us or a separate entity to drop or read cookies on your browser. Pixels are used in combination with cookies to track activity by a particular browser on a particular device. We may incorporate pixels from separate entities that allow us to track our conversions, bring you advertising, and provide you with additional functionality.
• Device Fingerprinting, which is the process of analyzing and combining sets of data elements from your device's browser, such as JavaScript objects and installed fonts, to create a "fingerprint" of your device and uniquely identify your browser and device.

You may limit our collection of this information through tracking technologies by changing your browser or device settings. However, doing so may affect or limit the features available to you. For further information on how we use tracking technologies for analytics and advertising, and your rights and choices regarding them, see the "Analytics and Advertising" and "Your Rights and Choices" sections below.

B. Information Collected through the Product

Our Product is designed for use by business customers and their employees and authorized users. Our processing of information collected through the Product or otherwise provided to us by a business customer in connection with their use of the Product is governed by the terms of our agreements with the issuing bank and the applicable business customer, including our Platform Agreement. In the event of a conflict between this Privacy Policy and the terms of any agreements between a business customer and Cledara, the terms of those agreements will control. In the event we are permitted to process the information for our own purposes, we will process the information in accordance with the practices described in this Privacy Policy. We are not responsible for how our business customers treat information we collect on their behalf, and we recommend you review their own privacy policies.

We collect information through the Product when you:

• Start the process of creating a Cledara Account.
• Fill out an application or open a Cledara Account.
• Sign-in to or access your Cledara Account.
• Browse the Platform.
• Make a purchase on your Card.
• View your purchases or make changes to your Cledara Account.
• Change administrative or other settings within your Cledara Account.
• Use or redeem cash back rewards, such as cash back applied toward future statement balances.
• Use or redeem partner rewards, such as discounts on partner products and services.
• Use integrations to connect your Cledara Account to third party services.
• Install and log in to the Cledara Chrome extension.

The categories of information you provide to us through the Product include:

• Contact Data.
• Company Data, including the information listed in Section 2.A. as well as any information you submit to us about your company when you apply for a Cledara Account or otherwise, such as details about your company's leadership, ownership, Financial Data, and Billing Data.
• Financial Data, including your or your company's bank balance, routing and account numbers, transaction history, tax identification number, and related information.
• Billing Data, including information to process your payments to us, such as your payment card number, expiration date, and security code.
• Account Credentials, including your password and information for authentication and account access.
• Transaction Data, including information associated with use of your Card, whether online or in store, such as your Card number, transactions, and purchase details, amounts, and locations.
• Receipt Data, including information you submit to us to process your receipts, such as photos and messages if you opt-in to text messages.
• Authorized User Data, including information you provide about any users who will be issued a Card, such as their name, email address, and phone number. Where you provide information about other users, you agree that you have all rights and permissions necessary to provide such information to us.
• Cash Back Rewards Data, including funds and available points for cash back rewards.
• Content, including content within any messages you send to us (such as when contacting support or asking a question). We also collect content within any messages you exchange with other users through the Product (such as when you use the Slack integration to submit a request to the Cledara Account administrator to make a transaction or to increase a spending limit on a Card).
• SaaS Usage Data, including the SaaS products you use and how frequently you access them.

Where you do not provide information when required---or where it is inaccurate, out-of-date, or unable to be validated---we may prohibit your use of the Product.

In addition, when you access or interact with our Platform, we automatically collect Service Use Data, Device Data, and Location Data through the types of tracking technologies listed in Section 2.A. above.

C. Information Collected from Other Sources

We also collect information from other sources. The categories of sources from which we collect information include:

• Financial Partners, Card Network Partners, Merchants, Payment Processors and Card Issuing Partners in connection with your use of the Product.
• Identity Verification Services and Financial Information Providers.
• Third Party Integrations, such as with your designated bank, account services, transactional information providers, and other integrations that you connect to your Cledara Account.
• Social Networks and other locations that serve or assist in serving our advertisements.
• Joint Marketing, Referrals, and Rewards Partners that we engage for joint marketing activities and also our referrals and rewards programs.
• Publicly-available sources, including information in the public domain.

We treat the information collected from other sources subject to any laws or contractual obligations applicable to us. In the event we are permitted to process the information for our own purposes, we will process the information in accordance with the practices described in this Privacy Policy.

3. How We Use Information

We collect and use information for business and commercial purposes in accordance with the practices described in this Privacy Policy. Our business purposes for collecting and using information include:

• Providing Services. We use the information we collect to operate and manage our Service and Product, including to provide the Website, determine eligibility for the Product, allow you to use the Card and access the Platform, and otherwise provide services requested by you and our business customers.
• Important Communications with You. We use the information we collect to send you technical notices, updates, security alerts, information regarding changes to our policies, and support administrative messages.
• Security and Fraud Detection. We use the information we collect to prevent and detect potentially fraudulent or unauthorized transactions, breach of policies or terms, and threats of harm.
• Cledara Rewards. If you choose to participate in our rewards program, we use the information we collect as necessary to determine your eligibility and to facilitate the rewards program effectively.
• Understanding Usage and Improving our Services and Products. We use the information we collect to understand how our business customers use the Service and Product, and improve our services and products. For example, we may use information to provide you with recommendations on how to lower your spending and inefficiency. We may also improve usability of the Service and Product by analyzing how you interact with our Service and Product (such as analyzing how you use tools made available to you or which links you click).
• Auditing and Research. We use the information we collect to conduct internal reporting, auditing, and research, including focus groups and surveys.
• Marketing and Advertising. We use the information we collect through the Service to develop and send advertising, direct marketing, and communications about our and other entities' products, offers, promotions, rewards, events, and services.
• At your Direction. We use the information we collect to fulfill any other purpose at your direction. For example, if you send us a photo of your receipt through text message, we will process that receipt to provide the Product to you. Also, if you direct us to connect your Cledara Account to a third party integration, such as Slack, we will process that request accordingly.
• With Notice to You and Your Consent. We may otherwise use the information we collect after providing notice to you and obtaining your consent.

Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by law or contractual obligation applicable to us. For information on your rights and choices regarding how we use information about you, please see the "Your Rights and Choices" section below.

4. Sharing Information

We share information we collect, including information that identifies you, in accordance with the practices described in this Privacy Policy. The categories of parties with whom we share information include:

• Service Providers. We share information with service providers that process information on our behalf. Service providers assist us with services such as payment processing, Card services, data analytics, website hosting, and technical support. We contractually prohibit our service providers from retaining, using, or disclosing information about you for any purpose other than performing the services for us, although we may permit them to use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law or contractual obligation.
• Affiliates. We share information with our affiliates and related entities, including where they act as our service providers or for their own internal purposes.
• Business Customers. We share information with our business customers to provide services on their behalf. For example, we share information with our business customers to facilitate your Cledara Account purchases, maintain and administer your Cards, respond to your and their questions, comply with your and their requests, and otherwise comply with the law. In addition, business customer administrators and managers will see certain information you submit through your Cledara Account, such as receipts uploaded, or requests submitted. Our business customers are independent entities and their processing of information is subject to their own privacy policies.
• Identity Verification Services. We share information as necessary to verify your identity.
• Card-issuing Partners. We share information with banks in connection with providing Card services to you.
• Credit Reporting Agencies and Other Financial Information Providers. We share information about you and your account with credit reporting agencies to verify information about your business, to report on your business's performance, and to report late payments, missed payments, or other defaults.
• Cledara Rewards. We share information about you and your Cledara Account as necessary to determine your eligibility and to facilitate the rewards program effectively.
• Marketing and Advertising. We share information collected through the Service with vendors or other parties for marketing and advertising related purposes. These parties may act as our service providers, or in certain contexts, independently decide how to process your information. For more information, see the "Analytics and Advertising" section below.
• Mergers and Acquisition. We share information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
• Security and Compelled Disclosure. We share information to comply with the law, regulations, payment network rules, or other legal process, and where required in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also share information with regulators, law enforcement, financial services providers, and other authorized third parties as required by law. We will also share information to protect the rights, property, life, health, security and safety of us, the Service, the Product, or anyone else.
• Referrals and Joint Marketing. We share information with our partners in connection with facilitating referral partnerships or engaging in joint marketing activities. For example, if you were referred to our Service or Product through a referral partner, we share information with our referral partner to calculate the referral fee.
• At your Request. We share information at your request or direction, such as if you direct us to connect your Cledara Account to a third party integration.
• With Notice to You and Your Consent. We may otherwise share information after providing notice to you and obtaining your consent.

Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by law or contractual obligation applicable to us. For information on your rights and choices regarding how we share information about you, please see the "Your Rights and Choices" section below.

5. Other Parties

The Service and Product may link to or integrate with websites, platforms, and services operated or controlled by other parties. Some examples include:

• Links. Our Service and Product may link to websites, platforms, and other services not operated or controlled by us.
• Log-In. We may embed a pixel on our Service that allows you to log-in to your Cledara Account through another service. For example, you may log-in to your Cledara Account through your account with Google. If you choose to engage with such integration, we may receive information from the other service that you have authorized to share with us. Please note that the other service may independently collect information about you through the integration.
• Social Media. We may offer our content through social media. Any information you provide to us when you engage with our content is treated in accordance with this Privacy Policy. Also, if you publicly reference our Service or Product on social media (e.g., by using a hashtag associated with Cledara in a tweet or post), we may use your reference on or in connection with our Service.
• Platform Linking. We may offer you the ability to link your Cledara Account to another service in order to retrieve certain information about your account on that service. For example, if you link your account to an accounting and bookkeeping platform, such as QuickBooks or NetSuite, or a business communication platform, such as Slack, the linking may allow us to obtain information such as your username, email address, photo, Transaction Data, and duplicate transactions. For more information about how these platforms handle information about you, please refer to their respective privacy policies and terms of use.

Please note that when you interact with other parties, including when you leave our Service or Product, those parties may independently collect information about you and solicit information from you. The information collected and stored by those parties remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

6. Analytics and Advertising

We use analytics services, such as Google Analytics, to help us understand how users access and use the Service. In addition, we work with agencies, advertisers, ad networks, and other technology services to place advertisements on our behalf on other websites and services. For example, we may place ads through Google and Facebook that you may view on their platforms as well as on other websites and services.

As part of this process, we may incorporate tracking technologies into our own Service (including our Website and emails) as well as into our ads displayed on other websites and services. Some of these tracking technologies may track your activities across time and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you ("Interest-based Advertising").

As indicated above, vendors and other parties may act as our service providers, or in certain contexts, independently decide how to process your information. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

While you may disable some tracking technologies by blocking cookies in your browser, you may still see advertising as part of a broader marketing campaign. For further information on the types of tracking technologies we use on the Service and your rights and choices regarding analytics and Interest-based Advertising, please see the "Information Collected through the Service" and "Your Rights and Choices" sections.

7. Data Transfer

Our Service and Product are operated from and directed toward business customers with a presence in the United States, for exclusive use by their employees and authorized users. Any information we collect may be transferred to, processed, used, handled, and stored in the United States, the United Kingdom, European Union and other jurisdictions. Data protection laws in the United States and other jurisdictions may differ from those of your country of residence. The information we collect is governed according to United States law.

By using the Service or Product, you consent to the transfer, processing, use of, handling, and storage of information about you in the United States and other jurisdictions as described in this Privacy Policy. For personal data transferred from Europe or the United Kingdom, we will provide appropriate safeguards, such as through the use of standard contractual clauses. For further information, please refer to our UK & European Privacy Policy accessible at www.cledara.com.

8. Additional Important Information

Security. We use organizational, technical, and administrative measures designed to protect information about you from loss, theft, misuse, and unauthorized access, disclosure, alteration and destruction. However, no information security program or transfer via the internet is entirely secure and we cannot guarantee the security of information about you.

Use by Minors. We do not direct any of our services to children. We do not knowingly collect personal information (as defined by the U.S. Children's Privacy Protection Act, or "COPPA") from children under 13. We also do not knowingly "sell," as that term is defined under the CCPA, the personal information of minors under 16 who are California residents. If you are a parent or guardian and believe we have violated this provision, contact us at dpo@cledara.com.

Changes to this Privacy Policy. We reserve the right to change and reissue this Privacy Policy at any time by posting an updated version. Your continued use of our Service or Product indicates your consent to the Privacy Policy then posted. If we have an existing relationship with you, you represent a business customer, or if you are an employee or authorized user, we may provide you or the business customer notice through our Website or your Cledara Account; or provide notice directly to you using the Contact Data provided to us. If we do not have an existing relationship with you---for instance, if you only visit our Website---any notice we provide will be posted to our Website. Any privacy notice is effective upon posting or when it is provided to you.

9. Your Rights and Choices

Cledara Account. The information in your Cledara Account is governed by our agreements with the applicable business customer. You may access, update, or delete certain information within your Cledara Account through the Platform, provided that the business customer will make the ultimate decision around the processing. The business customer's administrator is responsible for your Cledara Account and Cards associated with the business customer. The business customer administrator has the ability to grant, restrict, suspend, or terminate your access to or use of the Product. The administrator can also access information about you on Product, access and retain information we have stored on its behalf, and limited your ability to edit, modify, delete, or use information associated with your use of the Product. Please note that if you delete information through your Cledar5a Account, we will retain and use information about you as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Tracking Technology Choices.

• Cookies and Pixels. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.
• Do Not Track. Your browser settings may allow you to automatically transmit a "Do Not Track" signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to "Do Not Track" signals. For more information on "Do Not Track," visit https://www.allaboutdnt.com.

Please be aware that if you disable or remove tracking technologies some parts of the Service and Product may not function correctly.

Analytics and Interest-Based Advertising. Google provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout and by Google Analytics for Display Advertising or the Google Display Network at https://www.google.com/settings/ads/onweb.

The companies we work with to provide you with targeted ads in connection with the Service are required by us to give you the choice to opt out of receiving targeted ads. Most of these companies are participants of the Digital Advertising Alliance ("DAA") and/or the Network Advertising Initiative ("NAI"). To learn more about the targeted ads provided by these companies, and how to opt out of receiving certain targeted ads from them, please visit: (i) for website targeted ads from DAA participants, https://www.aboutads.info/choices; and (ii) for targeted ads from NAI participants, https://www.networkadvertising.org/choices. Opting out only means that the selected participants should no longer deliver certain targeted ads to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., in connection with the participants' other customers or from other technology services).

Please note that if you opt out using any of these methods, the opt out will only apply to the specific browser or device from which you opt out. We are not responsible for the effectiveness of, or compliance with, any opt out options or programs, or the accuracy of any other entities' statements regarding their opt out options or programs.

Communications.

• E-mails. You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link or changing your email preferences in the Cledara Web Application. Please note that you cannot opt-out of non-promotional emails, such as those about your Cledara Account, transactions, servicing, or our ongoing business relations.

Please note that your opt out is limited to the email address used and will not affect subsequent subscriptions.

Unlinking Platforms. If you have linked your Cledara Account with certain other services, such as Slack or QuickBooks, you may unlink your accounts at any time by visiting your Cledara Account settings. Please note that unlinking your accounts will not affect any information previously shared through the linking. Cledara is not responsible for the data practices of any other entities, and we recommend that you carefully review their privacy policies and terms of use.

10. Contact Us

If you have any questions about this Privacy Policy, our data practices, or our compliance with applicable law, please contact us:

By email: dpo@cledara.com.

If you experience any difficulties accessing the information in this Privacy Policy, please contact us at dpo@cledara.com. 

11. Additional Disclosures for Nevada Residents

Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us at dpo@cledara.com.

12. Additional Disclosures for California Residents

These additional disclosures apply only to California residents and only to the extent applicable.

Our Service and Product are primarily intended to provide information and services to job applicants and business customers. You understand and agree that personal information collected about you is solely within the context of (i) your role as an employee, authorized user, job applicant, owner, director, officer, or contractor or (ii) Cledara conducting due diligence regarding, or providing or receiving a product or service to or from your employer.

We acknowledge that you may have rights under the CCPA in connection with the personal information we process on behalf of our business customers. If personal information about you has been processed by us as a service provider on behalf of a business customer and you wish to exercise any rights you have with such personal information, please inquire with our business customer directly. If you wish to make your request directly to us, please provide the name of our business customer on whose behalf we processed your personal information. We will refer your request to that business customer, and will support them to the extent required by applicable law in responding to your request.

Notice of Collection

The California Consumer Privacy Act of 2018 ("CCPA") provides additional rights and requires businesses collecting or disclosing personal information to provide notices and means to exercise rights. In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA:

• Identifiers, including name, postal address, email address, and online identifiers (such as IP address).
• Customer records, including phone number, billing address, bank account and credit or debit card information.
• Characteristics of protected classifications under California or federal law, including gender.
• Commercial or transactions information, including records of products or services purchased, obtained, or considered.
• Internet activity, including browsing history, search history, and interactions with a website, email, application, or advertisement.
• Geolocation data.
• SaaS Usage Data, including the SaaS products you use and how frequently you access them.
• Employment and education information.
• Inferences drawn from the above information about your predicted characteristics and preferences.

For further details on information we collect, including the sources from which we receive information, review the "Information that Cledara Collects" section above. We collect and use these categories of personal information for the business purposes described in the "How We Use Information" section above.

Right to Know and Delete

You have the right to know certain details about our data practices in the past 12 months. In particular, you may request the following from us:

• The categories of personal information we have collected about you;
• The categories of sources from which the personal information was collected;
• The categories of personal information about you we disclosed for a business purpose or sold;
• The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
• The business or commercial purpose for collecting or selling the personal information; and
• The specific pieces of personal information we have collected about you.

In addition, you have the right to delete the personal information we have collected from you.

To exercise any of these rights, please submit a request by sending an email to dpo@cledara.comm with "CCPA Request" in the subject line and specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. If personal information about you has been processed by us as a service provider on behalf of a business customer, we will follow the procedure set out above. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.

Authorized Agent.

You can designate an authorized agent to submit requests on your behalf. However, we will require signed proof of the agent's permission to do so and verify your identity directly.

Right to Non-Discrimination.

You have the right not to receive discriminatory treatment by us for the exercise of any your rights.

Shine the Light.

Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties' own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at dpo@cledara.com or the postal address set out in "Contact Us" above and specify that you are making a "California Shine the Light Request." We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.