Why Petal?FAQAbout Us
This Privacy Policy is effective immediately for new users, and from 9/17/2018 for existing users.
Petal Card, Inc. General Privacy Policy
This General Privacy Policy describes the ways Petal Card, Inc. and its affiliates (“Petal,” “we,” “our” or “us”) may collect, use, and disclose your personal information in connection with Petal’s products and services (collectively, the “Petal Services”). You accept this policy by using Petal Services on our website or by any other means.

If you have any financial product or service with us, including a Petal Card (defined below), we will use and share any Non-Public Information (“NPI”) as defined by the Gramm-Leach-Bliley Act (“GLBA”) that we collect from or about you related to your use of that product or service in accordance with our GLBA Privacy Notice.

Furthermore, you acknowledge that the use of any credit card offered by WebBank, Member FDIC (“WebBank”), through Petal (a “Petal Card”) is governed by the Cardholder Agreement that is provided to you. View the WebBank GLBA Privacy Notice.

If you have any questions about our General Privacy Policy or how it applies to specific data, please contact us at support@petalcard.com.  We will make every effort to resolve your concerns.
What Does This General Privacy Policy Cover?
This General Privacy Policy covers the treatment of personally identifiable information (“Personal Information”) we gather when you use or access the Petal Services, and any Personal Information shared between us and any third party, including WebBank or service providers (collectively, “Third Parties”) for use in connection with Petal Services.  By using Petal Services, you hereby authorize us to review and share your information (including Personal Information) with Third Parties.

When Petal shares your personal information with vendors and other third party service providers (“Third Party Service Providers”) who perform functions on our behalf, we require the security and confidentiality of your information, as well as limiting their use of the information to what is reasonable and necessary to carry out their work with us and comply with applicable laws and regulations.

This General Privacy Policy does not apply to Third Party Service Providers that you elect to access through the Petal Services or that you share information with directly. While we attempt to facilitate access only to those Third Party Service Providers that share our respect for your privacy, we cannot take responsibility for the content or privacy policies of those Third Party Service Providers. We encourage you to carefully review the privacy policies of any Third Party Service Providers you access.
What Information Do We Collect and How Do We Use the Information?
The information we gather enables us to personalize, improve and continue to operate the Petal Services. Below we describe in more detail the type of information we collect and how we use it.
Bank Account Information:
Registered users of Petal Services may provide us with access credentials (for example, username and password) that allow us to gain online access to one or more accounts that you maintain with a third-party financial institution and that you choose to designate for use in connection with Petal Services (each, an “Authorized Bank Account”).  We work with one or more Third Party Service Providers that will securely store pursuant to industry standards any Authorized Bank Account access credentials that you provide on Petal Services and will access your Authorized Bank Accounts for the purposes of providing and improving Petal Services. You may only provide account access credentials for and authorize us to access valid accounts that you hold in your own name. You may not provide access credentials for an account that is held by a third person. You must update your Petal account information to reflect any change to the username or password that is associated with any Authorized Bank Account.

If you choose to provide your Authorized Bank Account credentials to us, you authorize us to use this information to provide you with Petal Services. This authorization will remain in effect until you notify us that you wish to revoke this authorization, which may affect your ability to receive the Petal Services. The Third Party Service Providers that we work with include Quovo, Inc. (“Quovo”) and Plaid, Inc. (“Plaid”). Quovo’s services and use of your information, including on or through the Petal Services, are governed by its Terms of Use located at https://www.quovo.com/legal/terms/ and its Privacy Policy located at https://www.quovo.com/legal/privacy-policy/ and Plaid’s services and use of your information, including on or through the Petal Services, are governed by its policy available at https://plaid.com/legal/.
Account and Contact Information:
If you create an Account, sign up to receive our newsletter, apply for a Petal Card or otherwise provide your contact information to us, you will provide us with Personal Information that may include your name, username, password, email address, home address and phone number. By providing us with your phone number, you authorize us to contact you via text message (SMS) at that phone number, and you thereby consent to the receipt of such messages.  You may opt-out of receiving most of these messages at any time by sending us a request at support@petalcard.com or by responding “STOP” to any text message. You acknowledge that opting out of receiving text messages may impact your use of the Petal Services. More generally, we may use your contact information to send you messages about the Petal Services. You may unsubscribe from some of these messages through your Account settings, although we reserve the right to contact you when we believe it is necessary, such as for account recovery purposes.  In addition, as part of the Petal Card application process, you may be asked to provide additional information such as your social security number, date of birth and employment, address and income history.
Payment Information:
When you make payments through the Petal Services, we or i2c, our third party payment processor, may collect information related to your payments, such as your payment method, account number, type, or expiration date. The use and storage of such information is governed by this General Privacy Policy and i2c’s privacy policy, available at http://www.i2cinc.com/privacy-policy.
Web Browser Information:
We automatically receive and record information from your web browser when you go on our website, including your IP address and cookie information. We use this information to fight fraud (including spam or malware) and also to analyze your interaction with the Petal Services (e.g., what links you click on).

Generally, the Petal Services automatically collect usage information, such as the number and frequency of visits to the Petal Services. We may use this data in aggregate form, but not in a manner that would identify you personally. This type of aggregate data enables us and third parties authorized by us to determine how often individuals use parts of the Petal Services so that we can analyze and improve those services.
Card-Linked Offer Program; Transaction Data:
• Card-Linked Offer Program; Transaction Data:Notwithstanding anything to the contrary in Petal’s Terms of Service, Privacy Policy or any other relevant documentation, if you are enrolled in our rewards and offers program (“Card-Linked Offer Program”), Petal, and its payment card network Visa U.S.A. (“Visa”) and other Third Party Service Providers (including “CLO Provider”, the Third Party Service Provider supporting the Card-Linked Offer Program) may use and share information about the transactions you conduct using your Petal Card (“Transaction Data”) as follows:

• Use Transaction Data to confirm whether a purchase qualified for a credit or offer within the Card-Linked Offer Program or return to match transactions to confirm whether you qualify for a statement credit or a Petal Perk offer;

• Share Transaction Data with the participating merchant where a transaction occurred, such as to confirm a specific transaction occurred or discounts should be awarded; for example, the date and amount of your purchase and the last 4 digits of your card number so the merchant can verify your purchase with its records if there is a missing or disputed transaction;

• Provide participating merchants or Third Party Service Providers with aggregated and anonymized information relating specifically to registered card activity solely to allow participating merchants and Third Party service providers to assess the results of their campaign;

• Create a record of the Transaction Data and thereafter maintain and use data in connection with operating the Card-Linked Offer Program program;

• Conduct analysis for the improvement and optimization of the Card-Linked Offer Program program; and

• Provide information in order to respond to a request from government authority or a payment organization involved in a transaction with you or a merchant.

By enrolling in the Card-Linked Offer Program program, you authorize the sharing, exchange and use of Transaction Data described above and herein by and among Petal, Third Party Service Providers, payment card networks and merchants. If you wish to opt out of the Card-Linked Offer Program, you can do so by emailing us at support@petalcard.com.
Email, SMS, and Push Notification Communications:
We may communicate with you about our products and services using email, SMS or other text messages (collectively, “Text Messages”) or push notifications. When we communicate with you via email, Text Message or push notifications, we may collect information regarding such communications, such as confirmation when you open an email, read a text message or receive a push notification. We use this information to operate and improve our customer service and other Petal Services. Some of the Petal Services, such as the Card-Linked Offer Program, require notifications to be enabled. If at any time you do not wish to receive the benefit of such Petal Services, you can turn off notifications using the functionality made available in the browser, application or device settings. Please note that turning off notifications may impact your use of those Petal Services.
Information We Receive from Third Parties:
We may collect information about you from third parties that perform services and analytics for us. Such companies may include credit bureaus, data providers, fraud detection services and data analytics providers., as well as certain of our Third Party Service Providers and their partners. For example, as part of its management of our Card-Linked Offer Program program, our service provider CLO Provider provides us with data elements for each transaction that is a redemption of a Card-Linked Offer Program offer, such as: (i) token to identify you, (ii) the transaction amount, and (iii) the transaction date.
Information Collected Using Cookies:
Cookies are pieces of text that are stored on your computer or device when you access a website. Your browser stores cookies in a manner associated with each website you visit. We use cookies to enable our servers to recognize your web browser and tell us how and when you visit and use the Petal Services.

Most browsers have an option for turning off the cookie feature, which, depending on your browser, may prevent your browser from accepting new cookies or allow you to choose whether to accept each new cookie.  We recommend that you leave cookies active, because they enable you to take full advantage of the Petal Services’ features.
Information Related to Advertising and the Use of Web Beacons; Interest-Based Advertisements:
We may serve advertisements, and also allow third party digital marketing partners, including third party advertising servers, advertising agencies, advertising networks, advertising exchanges, advertising vendors and research firms, to serve advertisements through the Petal Services. These advertisements, which may be both for our own products and services and for third party products and services that we think might be of interest to you, may be targeted to users who fit certain general profile categories or display certain preferences or behaviors (“Interest-Based Ads”).  Information for Internet-Based Ads (including Personal Information) may be provided to us by a user, or derived from the usage patterns of particular users on the Petal Services and/or services of Third Party Service Providers.  Such information may be gathered through tracking users’ activities across time and unaffiliated properties. To accomplish this, we or our service providers may deliver a pixel (known as a “web beacon”) from a digital marketing partner to you through the Petal Services. Web beacons allow our digital marketing partners to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Web beacons also enable our digital marketing partners to serve targeted advertisements to you when you visit other websites, and to view, edit or set their own cookies on your browser, just as if you had requested a web page from their site.

We do not provide Personal Information to any digital marketing partners for use outside of the Petal Services.   We may use analytics service providers to analyze how you interact and engage with the Petal Services and our advertisements, so we can learn and make enhancements to offer you a better experience. Some of these entities may use cookies, web beacons and other technologies to collect information about your use of the Petal Services and other websites, which may include tracking activity across time and unaffiliated properties, including your IP address, web browser, pages viewed, time spent on pages, links clicked and conversion information. Information from analytics service providers may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests in the Petal Services and other websites and better understand your online activity.  For example, Google, Inc. (“Google”) uses cookies in connection with its Google Analytics services.  Google’s ability to use and share information collected by Google Analytics about your visits to the Petal Services is subject to the Google Analytics Terms of Use and the Google Privacy Policy. You have the option to opt out of Google's use of cookies by visiting the Google advertising opt-out page at www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/.

To the extent that Petal engages in any Interest-Based Advertising, more information can be found here petalcard.com/privacy-policy/interest-based-advertising.

Through the Digital Advertising Alliance (“DAA”) and Network Advertising Initiative (“NAI”), several media and marketing associations have developed an industry self-regulatory program to give consumers a better understanding of and greater control over ads that are customized based on their online behavior across different websites. To make choices about Interest-Based Ads from participating third parties, including to opt out of receiving behaviorally targeted advertisements from participating organizations, please visit the DAA’s or NAI’s consumer opt out pages, which are located at http://www.networkadvertising.org/choices/ and www.aboutads.info/choices, respectively.
Aggregate and De-identified Information:
We collect statistical information about both unregistered and registered users that is not Personal Information and cannot be tied back to you, your Account or your web browser (“Aggregate and De-identified Information”). Some of this information is derived from Personal Information.

We may use Aggregate and De-identified Information for various business purposes where permissible under applicable laws and regulations, including for analytics or to develop or improve our services and marketing.  We may share this Aggregate and De-identified Information with Third Party Service Providers for their business purposes. Third Party Service Providers may also share with us non-private, aggregated or otherwise non-Personal Information about you that they have independently developed or acquired.

We may also use and share Aggregate and De-identified Information for research, including research conducted by government entities, non-profit entities, and academic institutions. This may involve publishing findings or combining Aggregate and De-identified Information with other data sets, but such information will not be shared in a way that allows you or any other person to be personally identified.
How, and With Whom, Is My Information Shared?
Information Disclosed for Our Everyday Business Purposes
We share information about you for our everyday business purposes, such as to process your application, assist in underwriting, process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus.
Information Disclosed for the Card-Linked Offer Program
If you are enrolled in our Card-Linked Offer Program, we may provide Transaction Data and other information to CLO Provider, the payment card networks, merchants and other partners for use in connection with the Card-Linked Offer Program. This information may be Personal Information and NPI, such as your primary account number.
Information Disclosed for Our Marketing Purposes
We share information about you for our marketing purposes to offer products and services to you.
Information Disclosed Pursuant to Business Transfers
If we decide to buy or sell assets, user information is typically one of the transferred business assets. Moreover, if we (or substantially all of our assets) were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that may be transferred or acquired by a third party. Any acquirer of us or our assets may continue to use your Personal Information as set forth in and in accordance with this policy.
Information Disclosed for Our Protection and the Protection of Others
We reserve the right to access, read, preserve and disclose any information as we reasonably believe is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) enforce this General Privacy Policy and our Terms of Use, including investigation of potential violations hereof, (iii) detect, prevent or otherwise address fraud, security or technical issues, (iv) respond to user support requests, or (v) protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.
Information We Share With Your Consent:
In addition to the disclosures described in this General Privacy Policy, we may also share your information, which may include your Personal Information, in additional ways, if you consent.

We do not sell or share your Personal Information with third parties for their own commercial uses without your consent, except as set forth in the “Information Disclosed Pursuant to Business Transfers” section above.
Is Information About Me Secure?
We protect your personal information from unauthorized access and use by maintaining physical, electronic and procedural safeguards in compliance with applicable law.  These measures include computer safeguards and secured files and buildings. We authorize our employees to access your information only when they need it to do their work, and we require companies that work for us to protect your information. However, we cannot guarantee the security of any information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
What Information of Mine Can I Access?
If you are a registered user, you can view information associated with your Account by logging into your Account or by contacting us at support@petalcard.com. In addition, you can access and delete cookies through your web browser settings, as detailed above.
California Privacy Rights:
Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: Petal Card, Inc., 116 W Houston, Second Floor, New York, NY, 10012.
How Can I Delete My Account?
If you decide to delete your Account, you can do so by emailing support@petalcard.com. If you terminate your Account, any association between your Account and information we store will no longer be accessible through your Account.  We will continue to store, access, and use information about you and your Account in compliance with this General Privacy Policy and as required by any applicable legal or regulatory obligations.
What Choices Do I Have Regarding My Information?
• You can always choose not to disclose certain information to us, but please note that certain information is required for use of Petal Services.
• You may request that we remove your bank and financial information, although this may negatively impact your ability to use Petal Services.
• You can delete your Account. Please note that we will need to verify that you have the authority to delete the Account, and we will continue to store and use information we collected in connection with your past Account activity.
• You can opt out of certain cookies and tracking technologies.  You can learn more about this in the “Information Collected Using Cookies” and “Information Related to Advertising and the Use of Web Beacons; Interest-Based Advertisements” sections above.
• Your browser may offer you a “Do Not Track” or “DNT” option,  which allows you to  opt out of certain of your online activities over time and across different websites.  Petal does not support Do Not Track requests at this time, which means that we may collect information about your online activity both while you are using the Petal Services and after you leave our properties, as we describe above.
Children’s Privacy
The Petal Services are not intended for use by children. We do not knowingly collect personal information from children under the age of 13 years. If we become aware that a child under 13 has opened an account or otherwise provided us with Personal Information, we take steps to terminate the child’s account and delete such information.
What Happens When There Are Changes to this General Privacy Policy?
We may amend this General Privacy Policy from time to time. If we make changes in the way we collect or use information, we will attempt to notify you by posting an announcement on the Petal Services or sending you an email; however, any changes to the General Privacy Policy are effective as soon as we post them here.
Petal Gramm-Leach-Bliley Act Privacy Notice, rev. 3/28
Facts
WHAT DOES PETAL DO WITH YOUR PERSONAL INFORMATION IN CONNECTION WITH YOUR PETAL CARD CREDIT ACCOUNT?
Why?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What?
The types of personal information we collect and share depend on the product or service you have through us. This information can include:

• Social Security number and transaction history
• Account balances and payment history
• Credit history and credit scores

When you are no longer our customer, we continue to share your information as described in this notice.
How?
All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Petal chooses to share; and whether you can limit this sharing.
Reasons we can share your personal information
Does Petal share?
Can you limit this sharing?
For our everyday business purposes: such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
Does Petal share?
Yes
Can you limit this sharing?
No
For our marketing purposes: to offer our products and services to you
Does Petal share?
Yes
Can you limit this sharing?
No
For joint marketing with other financial companies
Does Petal share?
Yes
Can you limit this sharing?
No
For our affiliates’ everyday business purposes: information about your transactions and experiences
Does Petal share?
No
Can you limit this sharing?
We don't share
For our affiliates’ everyday business purposes: information about your creditworthiness
Does Petal share?
No
Can you limit this sharing?
We don't share
For our affiliates to market to you
Does Petal share?
No
Can you limit this sharing?
We don't share
For non-affiliates to market to you
Does Petal share?
No
Can you limit this sharing?
We don't share
Questions?
Visit us online: www.petalcard.com/
Or, email your inquiry to: support@petalcard.com
Who are we
Who is providing this notice?
Petal Card, Inc. (“Petal”)
What we do
How does Petal protect my personal information?
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does Petal collect my personal information?
We collect your personal information, for example, when you

• Open an account or use your credit card
• Pay your bills or give us your contact information
• Provide account information

We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing?
Federal law gives you the right to limit only:

• Sharing for affiliates’ everyday business purposes—information about your creditworthiness
• Affiliates from using your information to market to you
• Sharing for non-affiliates’ companies to market to you

See below for more on your rights under state law.
Definitions
Affiliates
Companies related by common ownership or control. They can be financial and non-financial companies.

• Petal does not share with our affiliates
Non-affiliates
Companies not related by common ownership or control. They can be financial and non-financial companies.

• Petal does not share with non-affiliates so they can market to you
Joint Marketing
A formal agreement between non-affiliated financial companies that together market financial products or services to you.

• Petal does not jointly market
Other Information
Special Notice For State Residents: We will also comply with more restrictive state laws to the extent that they apply.
WebBank Gramm-Leach-Bliley Act Privacy Notice, rev. 3/28
Facts
WHAT DOES WEBBANK DO WITH YOUR PERSONAL INFORMATION IN CONNECTION WITH YOUR PETAL CREDIT ACCOUNT?
Why?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What?
The types of personal information we collect and share depend on the product or service you have through us. This information can include:

• Social Security number and transaction history
• Account balances and payment history
• Credit history and credit scores

When you are no longer our customer, we continue to share your information as described in this notice.
How?
All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons WebBank chooses to share; and whether you can limit this sharing.
Reasons we can share your personal information
Does WebBank share?
Can you limit this sharing?
For our everyday business purposes: such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
Does Petal share?
Yes
Can you limit this sharing?
No
For our marketing purposes: to offer our products and services to you
Does Petal share?
Yes
Can you limit this sharing?
No
For joint marketing with other financial companies
Does Petal share?
Yes
Can you limit this sharing?
No
For our affiliates’ everyday business purposes: information about your transactions and experiences
Does Petal share?
No
Can you limit this sharing?
We don't share
For our affiliates’ everyday business purposes: information about your creditworthiness
Does Petal share?
No
Can you limit this sharing?
We don't share
For our affiliates to market to you
Does Petal share?
No
Can you limit this sharing?
We don't share
For non-affiliates to market to you
Does Petal share?
No
Can you limit this sharing?
We don't share
Questions?
Visit us online: www.petalcard.com/
Or, email your inquiry to: support@petalcard.com
Who are we
Who is providing this notice?
WebBank
What we do
How does Petal protect my personal information?
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does WebBank collect my personal information?
We collect your personal information, for example, when you

• Open an account or use your credit card
• Pay your bills or give us your contact information
• Provide account information

We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing?
Federal law gives you the right to limit only:

• Sharing for affiliates’ everyday business purposes—information about your creditworthiness
• Affiliates from using your information to market to you
• Sharing for non-affiliates’ companies to market to you

See below for more on your rights under state law.
What happens when I limit sharing for an account I hold jointly with someone else?
WebBank does not offer joint Petal Credit accounts.
Definitions
Affiliates
Companies related by common ownership or control. They can be financial and non-financial companies.

• WebBank does not share with our affiliates
Non-affiliates
Companies not related by common ownership or control. They can be financial and non-financial companies.

• WebBank does not share with non-affiliates so they can market to you
Joint Marketing
A formal agreement between non-affiliated financial companies that together market financial products or services to you.

• WebBank doesn’t jointly market
Other Important Information
If you live in Vermont, we will not share information about your creditworthiness with our affiliates for their everyday business purposes unless you consent to that sharing. If you live in California, we will not share information about you (1) with our affiliates for their own purposes or (2) for joint marketing with other financial companies.
Effective Date: April 17, 2018