Why Petal?FAQAbout Us
UPDATE (April 17, 2018): We have updated the general and GLBA privacy policies applicable to Petal’s products and services. Please take the time to read the full privacy policies below.
Petal Card, Inc. General Privacy Policy
This General Privacy Policy describes the ways Petal Card, Inc. and its affiliates (“Petal,” “we,” “our” or “us”) may collect, use, and disclose your personal information in connection with Petal’s products and services (collectively, the “Petal Services”). You accept this policy by using Petal Services on our website or by any other means.

If you have any financial product or service with us, including a Petal Card (defined below), we will use and share any Non-Public Information (“NPI”) as defined by the Gramm-Leach-Bliley Act (“GLBA”) that we collect from or about you related to your use of that product or service in accordance with our GLBA Privacy Notice.

Furthermore, you acknowledge that the use of any credit card offered by WebBank, Member FDIC (“WebBank”), through Petal (a “Petal Card”) is governed by the Cardholder Agreement that is provided to you. View the WebBank GLBA Privacy Notice.

If you have any questions about our General Privacy Policy or how it applies to specific data, please contact us at support@petalcard.com.  We will make every effort to resolve your concerns.
What Does This General Privacy Policy Cover?
This General Privacy Policy covers the treatment of personally identifiable information (“Personal Information”) we gather when you use or access the Petal Services, and any Personal Information shared between us and any third party, including WebBank or service providers (“Third Parties”) for use in connection with Petal Services.  By using Petal Services, you hereby authorize us to review and share your information (including Personal Information) with Third Parties.

When Petal shares your personal information with vendors and other third party service providers (“Third Party Service Providers”) who perform functions on our behalf, we require the security and confidentiality of your information, as well as limiting their use of the information to reasonably and necessarily to carry out their work with us and comply with applicable laws and regulations.

This General Privacy Policy does not apply to Third Party Service Providers that you elect to access through the Petal Services or that you share information with directly. While we attempt to facilitate access only to those Third Party Service Providers that share our respect for your privacy, we cannot take responsibility for the content or privacy policies of those Third Party Service Providers. We encourage you to carefully review the privacy policies of any Third Party Service Providers you access.
What Information Do We Collect and How Do We Use the Information?
The information we gather enables us to personalize, improve and continue to operate the Petal Services. Below we describe in more detail the type of information we collect and how we use it.
Account and Contact Information:
If you create an Account, sign up to receive our newsletter, apply for a Petal Card or otherwise provide your contact information to us, you will provide us with Personal Information that may include your name, username, password, email address, home address and phone number. By providing us with your phone number, you authorize us to contact you via text message (SMS) at that phone number, and you thereby consent to the receipt of such messages.  You may opt-out of receiving most of these messages at any time by sending us a request at support@petalcard.com or by responding “STOP” to any text message. You acknowledge that opting out of receiving text messages may impact your use of the Petal Services. More generally, we may use your contact information to send you messages about the Petal Services. You may unsubscribe from some of these messages through your Account settings, although we reserve the right to contact you when we believe it is necessary, such as for account recovery purposes.  In addition, as part of the Petal Card application process, you may be asked to provide additional information such as your social security number, date of birth and employment, address and income history.
Payment Information:
When you make payments through the Petal Services, we or i2c, our third party payment processor, may collect information related to your payments, such as your payment method, account number, type, or expiration date. The use and storage of such information is governed by this General Privacy Policy and i2c’s privacy policy, available at http://www.i2cinc.com/privacy-policy.
Web Browser Information:
We automatically receive and record information from your web browser when you go on our website, including your IP address and cookie information. We use this information to fight fraud (including spam or malware) and also to analyze your interaction with the Petal Services (e.g., what links you click on).

Generally, the Petal Services automatically collect usage information, such as the number and frequency of visits to the Petal Services. We may use this data in aggregate form, but not in a manner that would identify you personally. This type of aggregate data enables us and third parties authorized by us to determine how often individuals use parts of the Petal Services so that we can analyze and improve those services.
Email, SMS, and Push Notification Communications:
When we communicate with you via email, SMS or other text message or push notifications, we may collect information regarding such communications, such as confirmation when you open an email, read a text message or receive a push notification. We use this information to operate and improve our customer service and other Petal Services.
Information We Receive from Third Parties:
We may collect information about you from third parties that perform services and analytics for us. Such companies may include credit bureaus, data providers, fraud detection services and data analytics providers.
Information Collected Using Cookies:
Cookies are pieces of text that are stored on your computer or device when you access a website. Your browser stores cookies in a manner associated with each website you visit. We use cookies to enable our servers to recognize your web browser and tell us how and when you visit and use the Petal Services.

Most browsers have an option for turning off the cookie feature, which, depending on your browser, may prevent your browser from accepting new cookies or allow you to choose whether to accept each new cookie.  We recommend that you leave cookies active, because they enable you to take full advantage of the Petal Services’ features.
Information Related to Advertising and the Use of Web Beacons; Interest-Based Advertisements:
We may serve advertisements, and also allow third party digital marketing partners, including third party advertising servers, advertising agencies, advertising networks, advertising exchanges, advertising vendors and research firms, to serve advertisements through the Petal Services. These advertisements, which may be both for our own products and services and for third party products and services that we think might be of interest to you, may be targeted to users who fit certain general profile categories or display certain preferences or behaviors (“Interest-Based Ads”).  Information for Internet-Based Ads (including Personal Information) may be provided to us by a user, or derived from the usage patterns of particular users on the Petal Services and/or services of Third Party Service Providers.  Such information may be gathered through tracking users’ activities across time and unaffiliated properties. To accomplish this, we or our service providers may deliver a pixel (known as a “web beacon”) from a digital marketing partner to you through the Petal Services. Web beacons allow our digital marketing partners to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Web beacons also enable our digital marketing partners to serve targeted advertisements to you when you visit other websites, and to view, edit or set their own cookies on your browser, just as if you had requested a web page from their site.

We do not provide Personal Information to any digital marketing partners for use outside of the Petal Services.   We may use analytics service providers to analyze how you interact and engage with the Petal Services and our advertisements, so we can learn and make enhancements to offer you a better experience. Some of these entities may use cookies, web beacons and other technologies to collect information about your use of the Petal Services and other websites, which may include tracking activity across time and unaffiliated properties, including your IP address, web browser, pages viewed, time spent on pages, links clicked and conversion information. Information from analytics service providers may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests in the Petal Services and other websites and better understand your online activity.  For example, Google, Inc. (“Google”) uses cookies in connection with its Google Analytics services.  Google’s ability to use and share information collected by Google Analytics about your visits to the Petal Services is subject to the Google Analytics Terms of Use and the Google Privacy Policy. You have the option to opt out of Google's use of cookies by visiting the Google advertising opt-out page at www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/.

To the extent that Petal engages in any Interest-Based Advertising, more information can be found here petalcard.com/privacy-policy/interest-based-advertising.

Through the Digital Advertising Alliance (“DAA”) and Network Advertising Initiative (“NAI”), several media and marketing associations have developed an industry self-regulatory program to give consumers a better understanding of and greater control over ads that are customized based on their online behavior across different websites. To make choices about Interest-Based Ads from participating third parties, including to opt out of receiving behaviorally targeted advertisements from participating organizations, please visit the DAA’s or NAI’s consumer opt out pages, which are located at http://www.networkadvertising.org/choices/ and www.aboutads.info/choices, respectively.
Aggregate and De-identified Information:
We collect statistical information about both unregistered and registered users that is not Personal Information and cannot be tied back to you, your Account or your web browser (“Aggregate and De-identified Information”). Some of this information is derived from Personal Information.

We may use Aggregate and De-identified Information for various business purposes where permissible under applicable laws and regulations, including for analytics or to develop or improve our services and marketing.  We may share this Aggregate and De-identified Information with Third Party Service Providers for their business purposes. Third Party Service Providers may also share with us non-private, aggregated or otherwise non-Personal Information about you that they have independently developed or acquired.

We may also use and share Aggregate and De-identified Information for research, including research conducted by government entities, non-profit entities, and academic institutions. This may involve publishing findings or combining Aggregate and De-identified Information with other data sets, but such information will not be shared in a way that allows you or any other person to be personally identified.
How, and With Whom, Is My Information Shared?
Information Disclosed for Our Everyday Business Purposes
We share information about you for our everyday business purposes, such as to process your application, assist in underwriting, process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus.
Information Disclosed for Our Marketing Purposes
We share information about you for our marketing purposes to offer products and services to you.
Information Disclosed Pursuant to Business Transfers
If we decide to buy or sell assets, user information is typically one of the transferred business assets. Moreover, if we (or substantially all of our assets) were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that may be transferred or acquired by a third party. Any acquirer of us or our assets may continue to use your Personal Information as set forth in and in accordance with this policy.
Information Disclosed for Our Protection and the Protection of Others
We reserve the right to access, read, preserve and disclose any information as we reasonably believe is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) enforce this General Privacy Policy and our Terms of Use, including investigation of potential violations hereof, (iii) detect, prevent or otherwise address fraud, security or technical issues, (iv) respond to user support requests, or (v) protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.
Information We Share With Your Consent:
In addition to the disclosures described in this General Privacy Policy, we may also share your information, which may include your Personal Information, in additional ways, if you consent.

We do not sell or share your Personal Information with third parties for their own commercial uses without your consent, except as set forth in the “Information Disclosed Pursuant to Business Transfers” section above.
Is Information About Me Secure?
We protect your personal information from unauthorized access and use by maintaining physical, electronic and procedural safeguards in compliance with applicable law.  These measures include computer safeguards and secured files and buildings. We authorize our employees to access your information only when they need it to do their work, and we require companies that work for us to protect your information. However, we cannot guarantee the security of any information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
What Information of Mine Can I Access?
If you are a registered user, you can view information associated with your Account by logging into your Account or by contacting us at support@petalcard.com. In addition, you can access and delete cookies through your web browser settings, as detailed above.
California Privacy Rights:
Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: Petal Card, Inc., 94 Bowery, Floor 3, New York, NY 10013.
How Can I Delete My Account?
If you decide to delete your Account, you can do so by emailing support@petalcard.com. If you terminate your Account, any association between your Account and information we store will no longer be accessible through your Account.  We will continue to store, access, and use information about you and your Account in compliance with this General Privacy Policy and as required by any applicable legal or regulatory obligations.
What Choices Do I Have Regarding My Information?
• You can always choose not to disclose certain information to us, but please note that certain information is required for use of Petal Services.
• You may request that we remove your bank and financial information, although this may negatively impact your ability to use Petal Services.
• You can delete your Account. Please note that we will need to verify that you have the authority to delete the Account, and we will continue to store and use information we collected in connection with your past Account activity.
• You can opt out of certain cookies and tracking technologies.  You can learn more about this in the “Information Collected Using Cookies” and “Information Related to Advertising and the Use of Web Beacons; Interest-Based Advertisements” sections above.
• Your browser may offer you a “Do Not Track” or “DNT” option,  which allows you to  opt out of certain of your online activities over time and across different websites.  Petal does not support Do Not Track requests at this time, which means that we may collect information about your online activity both while you are using the Petal Services and after you leave our properties, as we describe above.
Children’s Privacy
The Petal Services are not intended for use by children. We do not knowingly collect personal information from children under the age of 13 years. If we become aware that a child under 13 has opened an account or otherwise provided us with Personal Information, we take steps to terminate the child’s account and delete such information.
What Happens When There Are Changes to this General Privacy Policy?
We may amend this General Privacy Policy from time to time. If we make changes in the way we collect or use information, we will attempt to notify you by posting an announcement on the Petal Services or sending you an email; however, any changes to the General Privacy Policy are effective as soon as we post them here.
Petal Gramm-Leach-Bliley Act Privacy Notice, rev. 3/28
Facts
WHAT DOES PETAL DO WITH YOUR PERSONAL INFORMATION IN CONNECTION WITH YOUR PETAL CARD CREDIT ACCOUNT?
Why?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What?
The types of personal information we collect and share depend on the product or service you have through us. This information can include:

• Social Security number and transaction history
• Account balances and payment history
• Credit history and credit scores

When you are no longer our customer, we continue to share your information as described in this notice.
How?
All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Petal chooses to share; and whether you can limit this sharing.
Reasons we can share your personal information
Does Petal share?
Can you limit this sharing?
For our everyday business purposes: such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
Does Petal share?
Yes
Can you limit this sharing?
No
For our marketing purposes: to offer our products and services to you
Does Petal share?
Yes
Can you limit this sharing?
No
For joint marketing with other financial companies
Does Petal share?
Yes
Can you limit this sharing?
No
For our affiliates’ everyday business purposes: information about your transactions and experiences
Does Petal share?
No
Can you limit this sharing?
We don't share
For our affiliates’ everyday business purposes: information about your creditworthiness
Does Petal share?
No
Can you limit this sharing?
We don't share
For our affiliates to market to you
Does Petal share?
No
Can you limit this sharing?
We don't share
For non-affiliates to market to you
Does Petal share?
No
Can you limit this sharing?
We don't share
Questions?
Visit us online: www.petalcard.com/
Or, email your inquiry to: support@petalcard.com
Who are we
Who is providing this notice?
Petal Card, Inc. (“Petal”)
What we do
How does Petal protect my personal information?
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does Petal collect my personal information?
We collect your personal information, for example, when you

• Open an account or use your credit card
• Pay your bills or give us your contact information
• Provide account information

We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing?
Federal law gives you the right to limit only:

• Sharing for affiliates’ everyday business purposes—information about your creditworthiness
• Affiliates from using your information to market to you
• Sharing for non-affiliates’ companies to market to you

See below for more on your rights under state law.
Definitions
Affiliates
Companies related by common ownership or control. They can be financial and non-financial companies.

• Petal does not share with our affiliates
Non-affiliates
Companies not related by common ownership or control. They can be financial and non-financial companies.

• Petal does not share with non-affiliates so they can market to you
Joint Marketing
A formal agreement between non-affiliated financial companies that together market financial products or services to you.

• Petal does not jointly market
Other Information
Special Notice For State Residents: We will also comply with more restrictive state laws to the extent that they apply.
WebBank Gramm-Leach-Bliley Act Privacy Notice, rev. 3/28
Facts
WHAT DOES WEBBANK DO WITH YOUR PERSONAL INFORMATION IN CONNECTION WITH YOUR PETAL CREDIT ACCOUNT?
Why?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What?
The types of personal information we collect and share depend on the product or service you have through us. This information can include:

• Social Security number and transaction history
• Account balances and payment history
• Credit history and credit scores

When you are no longer our customer, we continue to share your information as described in this notice.
How?
All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons WebBank chooses to share; and whether you can limit this sharing.
Reasons we can share your personal information
Does WebBank share?
Can you limit this sharing?
For our everyday business purposes: such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
Does Petal share?
Yes
Can you limit this sharing?
No
For our marketing purposes: to offer our products and services to you
Does Petal share?
Yes
Can you limit this sharing?
No
For joint marketing with other financial companies
Does Petal share?
Yes
Can you limit this sharing?
No
For our affiliates’ everyday business purposes: information about your transactions and experiences
Does Petal share?
No
Can you limit this sharing?
We don't share
For our affiliates’ everyday business purposes: information about your creditworthiness
Does Petal share?
No
Can you limit this sharing?
We don't share
For our affiliates to market to you
Does Petal share?
No
Can you limit this sharing?
We don't share
For non-affiliates to market to you
Does Petal share?
No
Can you limit this sharing?
We don't share
Questions?
Visit us online: www.petalcard.com/
Or, email your inquiry to: support@petalcard.com
Who are we
Who is providing this notice?
WebBank
What we do
How does Petal protect my personal information?
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does WebBank collect my personal information?
We collect your personal information, for example, when you

• Open an account or use your credit card
• Pay your bills or give us your contact information
• Provide account information

We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing?
Federal law gives you the right to limit only:

• Sharing for affiliates’ everyday business purposes—information about your creditworthiness
• Affiliates from using your information to market to you
• Sharing for non-affiliates’ companies to market to you

See below for more on your rights under state law.
What happens when I limit sharing for an account I hold jointly with someone else?
WebBank does not offer joint Petal Credit accounts.
Definitions
Affiliates
Companies related by common ownership or control. They can be financial and non-financial companies.

• WebBank does not share with our affiliates
Non-affiliates
Companies not related by common ownership or control. They can be financial and non-financial companies.

• WebBank does not share with non-affiliates so they can market to you
Joint Marketing
A formal agreement between non-affiliated financial companies that together market financial products or services to you.

• WebBank doesn’t jointly market
Other Important Information
If you live in Vermont, we will not share information about your creditworthiness with our affiliates for their everyday business purposes unless you consent to that sharing. If you live in California, we will not share information about you (1) with our affiliates for their own purposes or (2) for joint marketing with other financial companies.
Effective Date: April 17, 2018