Dave’s Privacy Policy

Effective Date: December 15, 2021

1. About This Policy

This Privacy Policy (the “Policy”) describes the information Dave, Inc. collects about you, how we use and share that information, and the privacy choices we offer. This Policy applies to information we collect when you register for Dave, access or use our website, mobile applications, products, and services (collectively, the "Services"), or when you otherwise interact with us. This includes information we collect when you access or use the mobile application operated by Dave to view, manage, or conduct transactions on the Dave demand deposit account (“Dave Banking Account”) or the Dave Debit Mastercard® (“Dave Card”), both of which are made available by Evolve Bank & Trust (“Evolve”) on behalf of Dave.

However, it does not apply to the Dave Banking Account or Dave Card themselves. Please refer to the Dave Deposit Account Agreement and Evolve’s Privacy Policy at https://www.getevolved.com/privacy-policy/ for information concerning those products and your privacy rights with respect to those products.

The terms “Dave,” “we,” “us,” or “our” mean Dave, Inc. “You” or “your” means an individual who visits or uses our Services. The term "Site" includes (1) all websites and all devices or mobile applications operated by Dave that collect personal information from you and that link to this Privacy Policy; (2) pages within each such website, device, or mobile application, any equivalent, mirror, replacement, substitute, or backup website, device, or mobile application; and (3) all pages that within each such website, device, or mobile application.

2. Information We Collect and Disclose

Dave collects personal information about you for a variety of purposes. During the past 12 months, we have collected the following categories of personal information from individuals:

Personal Identifiers, such as a full name, postal address, email address, online usernames and passwords for third-party sites and internet services, social security number, driver’s license number, or other similar identifiers.
Internet or other network activity information, such as information regarding how individuals interact with the Site, emails, or marketing materials.
Professional or employment-related information.
Commercial information, such as products or services purchased, obtained, used, or transactional data.
Inferences based on information about an individual to create a summary about, for example, an individual’s preferences and characteristics.
Bank account and debit card information, such as account numbers, card numbers, and transaction histories.

During the past 12 months, we have also disclosed the categories of personal information listed above for our business purposes. We have not, however, sold personal information to third parties.

We may also collect information about you from mailing list providers, publicly available sources, identification verification services and other third parties.

2.1 Third Party Credentials, Account Numbers and Other Account Information

When you use certain Services, we may collect from you usernames, passwords, account numbers, and other account information for third-party websites and Internet banking services (“Third-Party Sites”). We also collect account information from you when you open a Dave Banking Account and obtain a Dave Card through our mobile application. This information is used to obtain your account, transaction, and other banking information from the relevant financial institution on your behalf in order to display the information to you or to fulfill your requests for certain products, services, or transactions through a Service. We use third-party service providers, such as Plaid Inc. (“Plaid”) and Galileo Financial Technologies, Inc. (“Galileo”), to obtain this information.

By using our Services, you grant Dave, Plaid and Galileo the right, power, and authority to act on your behalf to access and transmit this information from the relevant financial institution, including from Evolve for the Dave Banking Account and Dave Card. With respect to Plaid, you agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with Plaid's privacy policy.

If you are a Dave Rewards Member, notwithstanding anything to the contrary in the Terms or Policy, Dave and Figg Inc. (“Figg”) will use transaction information solely as follows:

Use transaction data to confirm a Qualifying Purchase or return to match transactions to confirm whether you qualify for a statement credit or an Offer;
Share transaction data with the participating merchant where a transaction occurred as needed for the merchant to confirm a specific transaction occurred or points should be awarded; for example, the date and amount of your purchase and the last 4 digits of your card number so the merchant can verify your purchase with its records if there is a missing or disputed transaction;
Provide participating merchants aggregated and anonymized information relating specifically to registered card activity solely to allow participating merchants to assess the results of their campaign;
Create a record of the transaction data and thereafter maintain and use data in connection with operating the Program;
Conduct analysis for the improvement and optimization of the Program, and Provide information in order to respond to a request from government authority or a payment organization involved in a transaction with you or a merchant.
You authorize the sharing, exchange and use of transaction data described above and herein by and among Dave, Figg, applicable Payment Card Networks and applicable Merchants.

2.2 Information Collected by Cookies and Web Beacons

We use various technologies to collect information, and this may include sending cookies to your computer or mobile device. Cookies are small data files that are stored on your hard drive or in device memory by a website. Among other things, cookies support the integrity of our registration process, retain your preferences and account settings, and help evaluate and compile aggregated statistics about user activity. We may also collect information using web beacons. Web beacons are electronic images that may be used in our Services or emails. We may use web beacons to deliver cookies, count visits, understand usage, and determine whether an email has been opened and acted upon.

2.3 Technical and Navigational Information

We may collect your computer browser type, Internet protocol address, pages visited, and average time spent on our Site. This information may be used, for example, to alert you to software compatibility issues, or it may be analyzed to improve our web design and functionality.

2.4 Device Data

When you use our mobile applications or the mobile versions of our Site, we may collect the following device information:

Device-centered Data - Data tied to proper information about linguistic, cultural, and technological conventions for use in formatting data for presentation (calendar type, keyboard language, etc.)
Locale - Information pertaining to the user's locale (for example: calendar type used, language used in keyboard, etc.).
Accessibility - Active accessibility settings.
Device Motion - Device motion data, such as acceleration and gyroscope.
Accelerometer - Measures how fast your phone moves & in what direction it points.
Magnetometer - Measures magnetic fields, and is often used (for example) to detect which way "North" is in mapping applications.

The data above allow app developers, and others to uniquely identify your device for purposes of storing application preferences and for your security.

3. How We Use Your Information

We may use the information you provide about yourself and about your Dave Banking Account, Dave Card, or Third-Party Sites to fulfill your requests for our products, programs, and Services, to respond to your inquiries about our Services, and to offer you other products, programs, or services that we believe may be of interest to you.

We may use your information to complete transactions you request, to verify the existence and condition of your accounts, or to assist with a transaction. For example, we may use the account information you provide or that we collect from Third-Party Sites to confirm your accounts are valid and to access funds from your accounts in connection with fulfillment of the Services.

We may use your information to improve and personalize the Services. For example, we may use your information to pre-fill form fields on the Sites for your convenience.

4. How We Share Your Information

We may share personal information about you as follows:

With third parties to provide, maintain, service and improve our Services.
To process transactions that you authorize or to fulfill your requests.
With participating merchants to determine if you are eligible to receive rewards or promotions.
In connection with, or during the negotiation of, any merger, sale of company stock or assets, financing, acquisition, divestiture, or dissolution of all or a portion of our business.
To respond to subpoenas, court orders, or legal process.
In order to investigate, prevent, defend against, or take other action regarding violations of our Terms of Use, illegal activities, suspected fraud, or situations involving potential threats to the legal rights or physical safety of any person or the security of our network, Sites or Services.
the legal rights or physical safety of any person or the security of our network, Sites or Services.
To respond to claims that any posting or other content violates the rights of third parties.
In an emergency, to protect the health and safety of our Sites' users or the general public.
As otherwise required by law.

5. How We Secure Your Information

We take your privacy and the security of your information very seriously, and have an information security program that includes administrative, technical, and physical measures to protect your information. We hold ourselves responsible for the security of cardholder data we possess or otherwise store, process, or transmit on your behalf, or to the extent that we could impact the security of your cardholder data environment. Dave will maintain all applicable PCI DSS requirements to the extent we handle, have access to, or otherwise store, process, or transmit the customer's cardholder data or sensitive authentication data, or manage the customer's cardholder data environment on behalf of a customer. Examples of measures we have taken to protect your information include, but are not limited to:

The use of industry standard encryption while transmitting and storing information.
Mobile application session timeouts to ensure your information is protected when you put down your device without logging out.
Passwords and personal identification numbers (“PINs”) are only known by you. No employee, contractor or Third-Party Site has access to your Dave password or PIN. We will never ask for your password or PIN through our customer service teams.
Two-factor authentication is provided to ensure your account can only be accessed by the device you register with.
Our systems are periodically audited for security flaws.

6. Note on Communication

We may provide you with information and summaries of your accounts and Services through email, SMS and mobile notifications. We may also allow you to subscribe to email newsletters and from time to time may transmit emails to you promoting Dave or third-party goods or services.

Subscribers have the ability to opt out of receiving our promotional emails and to terminate their newsletter subscriptions by following the instructions in the emails. Opting out in this manner will not end transmission of service-related emails, such as information and summaries of your accounts and Services.

7. How to Update Your Information

If you wish to access personal information that you have submitted to us or to request the correction of any inaccurate information you have submitted to us, you may correct certain information through our Site. Alternatively, you can send an email that includes your contact information to Davecares@dave.com to request any corrections to your personal information.

You may also email us if you wish to deactivate your Services, but even after you deactivate your Services, we may retain archived copies of information about you for a period of time that is consistent with applicable law.

8. California Privacy Rights

The California Consumer Privacy Act (“CCPA”) allows California residents, upon a verifiable consumer request and subject to applicable exemptions, to request that we give you access, in a portable and (if technically feasible) readily usable form, to the specific pieces and categories of personal information that we have collected about you, the categories of sources for that information, the business or commercial purposes for collecting the information, and the categories of third parties with which the information was shared. California residents also have the right to submit a request for deletion of information under certain circumstances. Dave will not discriminate against you for exercising your rights, such as by denying you services, charging you different prices for services, or providing you a different level or quality of services. Please note that you must verify your identity and request before further action will be taken. As part of this process, we may require you to provide government identification. Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government issued identification, and the authorized agent’s valid government issued identification.

We do not sell your personal information to third parties. We do, however, share personal information with third parties for the business purposes described in this Policy.

California law also permits our customers who are California residents to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year.

If you are a California resident and would like to exercise your data protection rights, where applicable, you can submit a request using our online form (available here) or contact us through Dave’s Mobile App or Davecares@dave.com.

We will consider all requests and provide our response within a reasonable period of time (and within any time period required by applicable law). Please note, however, that certain information may be exempt from such requests, for example if we need to keep the information to comply with our own legal obligations or to establish, exercise, or defend legal claims.

Here is a summary of the CCPA-related categories of Personal Information we may have collected about you over the past 12 months as well as how we use it and with whom we may have shared it.

Categories of Personal Information we collect:	How we use Personal Information:	Parties with whom your information may be shared:
Personal identifiers Financial information Contact information Transaction information Geolocation information Device information Internet or other electronic network activity information Professional or employment related information Bank account and debit card information Commercial information, such as products or services purchased, obtained, or used	Identity verification Compliance, risk, and fraud detection Providing, personalizing, and improving our products To fulfill your requests for certain products, services, or transactions Contacting you to resolve disputes and help with our Services Conducting investigations, complying with and enforcing any applicable laws, regulations, legal requirements, and industry standards Responding to lawful requests for information To perform other business purposes	Affiliate partners Issuing financial institutions Payment networks Payment card associations Service providers to facilitate: Bank account aggregation Fraud detection Identity verification Payment processing Card issuing services Law enforcement or other third parties in response to a legal request

9. How We Update Our Privacy Policy

We reserve the right, at our discretion, to make changes to this Policy from time to time, so please review it frequently. You may review updates to our Terms of Use and Privacy Policy at any time via links on www.dave.com. You agree to accept electronic communications and/or postings of revised versions of this Policy on www.dave.com and agree that such electronic communications or postings constitute notice to you of the revised version of this Policy. Changes take effect immediately upon posting.

10. Everything Make Sense?

If you have questions or concerns regarding this Policy, or if you have any questions or suggestions, please contact Davecares@dave.com.

Federal Privacy Notice

FACTS	WHAT DOES Dave, Inc. (“Dave”) DO WITH YOUR PERSONAL INFORMATION?
Why?	Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What?	The types of personal information we collect and share depend on the product or service you have with us. This information can include: Social Security number Employment information and income Account balances Account transactions and transaction history Checking account information
How?	All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reason Dave chooses to share; and whether you can limit this sharing.

Reasons we can share your personal information	Does Dave share?	Can you limit this sharing?
For our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations	Yes	No
For our marketing purposes– to offer our products and services to you	Yes	No
For joint marketing with other financial companies	Yes	No
For our affiliates' everyday business purposes –information about your transactions and experiences	Yes	No
For our affiliates to market to you	Yes	Yes
For nonaffiliates to market to you	No	Yes

To limit our sharing

Email us at Davecares@dave.com

Please note:

If you are a new customer, we can begin sharing your information 30 days from the date you sent this notice. When you are no longer our customer, we continue to share your information as described in this notice.

However, you can contact us at any time to limit our sharing.

Questions?

Email us at Davecares@dave.com

Who we are
Who is providing this notice?	Dave is providing this privacy policy and it applies to all loans made by the company and all products and services offered in connection with such loans.

What we do
How does Dave protect my personal information?	To protect your personal information from unauthorized access and use, we use security measures that comply with industry standards. These measures include computer safeguards and secured files and buildings.
How does Dave collect my personal information?	We collect your personal information, for example, when you Apply for services and accounts Give us your income information Tell us where to send money Provide account information Provide employment information
Why can't I limit all sharing?	Federal law gives you the right to limit sharing only for: affiliates from using your information to market to you sharing for nonaffiliates to market to you for joint marketing with other financial companies State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.
What happens when I limit sharing for an account I hold jointly with someone else?	Your choices will apply to everyone on your account.

Definitions
Affiliates	Companies related by common ownership or control. They can be financial and nonfinancial companies. Dave, Inc
Nonaffiliates	Companies not related by common ownership or control. They can be financial and nonfinancial companies. Nonaffiliates we share with can include consumer loan brokers, lenders and direct marketing companies.
Joint marketing	A formal agreement between nonaffiliated financial companies that together market financial products or services to you. Our joint marketing partners can include institutions such as consumer lenders or marketers

Other important information

FOR VERMONT RESIDENTS: We will not share information we collect about you with nonaffiliated third parties, except as permitted by Vermont law, such as to process your transactions or to maintain your account.

FOR CALIFORNIA RESIDENTS: We will not share information we collect about you with nonaffiliated third parties, except as permitted by California law, such as to process your transactions or to maintain your account. We will limit sharing among our companies to the extent required by California law.

FOR NEVADA RESIDENTS: We are providing this notice to you pursuant to Nevada law. If you prefer not to receive marketing calls from us, you may be placed on our internal Do Not Call List by writing to us at Dave, Inc 1265 S Cochran Ave, Los Angeles, CA 90019. Nevada law requires that we also provide you with the following contact information: Bureau of Consumer Protections, Office of the Nevada Attorney General, 555 E. Washington Street, Suite 3900, Las Vegas, NV 89101, phone number (702) 486-3132, email BCPINFO@ag.state.nv.us.

State laws may also provide you with specific privacy protections. We will comply with applicable state laws with respect to our use of your information.