We are committed to protecting the privacy and security of your personal information. Below is Dave’s Privacy Policy with information on how we collect, use, and disclose information and how we protect the privacy and security of your personal information. Our privacy policy applies to all members, consumers who visit or use the Dave mobile app, and website visitors.

You account is also covered by privacy notices from Dave and our bank partner(s), which provide privacy practices and your privacy rights in a standardized format provided by the federal Gramm-Leach-Bliley Act:

• Dave Privacy Notice: Describes Dave’s privacy practices.
• Evolve Bank and Trust Privacy Notice: Applies to all members with an ExtraCash, Spending or Goals account and describes the privacy practices of the bank providing these services.

Effective Date: May 14, 2024

1. About This Policy

This Privacy Policy (the “Policy” ) describes how  Dave Operating LLC, its subsidiaries, affiliates, agents and assigns (“Dave”, or “we”, “our” and “us”)  collect, use, share and protect information in connection with your use of our website, our mobile application, and offered products and services from us and/or our bank partners (collectively the “Services”), or when you otherwise interact with us. 

When you obtain products or services through Dave from our bank partner(s), such as Evolve Bank & Trust (“Evolve”), those products and services are further subject to the bank partner’s privacy notice posted above. 

The term "Site" includes (1) all websites and all devices or mobile applications operated by Dave that collect personal information from you and that link to this Privacy Policy; (2) pages within each such website, device, or mobile application, any equivalent, mirror, replacement, substitute, or backup website, device, or mobile application; and (3) all pages within each such website, device, or mobile application.

2. Information We Collect

Dave collects your data for improving app functionality, fraud prevention, security and compliance, including information you provide, information about your transactions, information from third parties and information collected when you interact with us and our Services.

2.1 Personal Information  

When you use our Services we receive Personal Information in a variety of ways, including directly from you, from third parties (including our affiliates, banking partners, your employer, and other users), from publicly available sources, and through information that we collect automatically.  “Personal Information” means any data that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a person or household or any other data or information that constitutes “personal data,” “personal information,” or “personally identifiable information” under applicable privacy laws. 

We may receive the following categories of Personal Information when you use our Service:

• Contact information: name, address, phone number, and email address.
• Sensitive information: date of birth, driver's license number and social security number, used to verify your identity.
• Demographic information: marital status, language preferences, citizenship status, race and gender, when such information is included in documents, such as government-issued identification and tax forms and returns.
• Biometric information: We receive biometric information, such as facial imagery for identity verification purposes, where you provide your consent. We process biometric information through third-party vendors and do not store such information on our systems.
• Location information 
• Internet or other network activity information, for example, how individuals interact with the Site, emails, or marketing materials.
• Professional or employment-related information
• Financial information
• Commercial information, such as products or services purchased, obtained, used, or transactional data.
• Bank account and debit card information, such as account numbers, card numbers, and transaction histories.

Personal Information is required in order to verify your identity and to fulfill our obligation to provide Services to you, including communicating with third parties as necessary to provide such products and services, such as identification verification companies, consumer reporting agencies, payment validation companies, law enforcement agencies, or others.

2.2 Information We Receive from You

When you become a Dave member, you provide Personal Information to establish a membership and enroll for the Services.  We also collect Personal Information when you visit or use our online services, including such as researching or using available products and services, responding to surveys, or managing the products you already have. The types of personal information we may collect include name, address, email address, phone number, date of birth, Social Security number, or other identifying information such as fingerprints or other biometrics.

2.3 Information Collected from Third Party Services 

When you use some of our Services, we may collect information from you, such as usernames, passwords, account numbers, and other account information for third-party websites and Internet banking services (“Third-Party Sites”). We also collect account information from you when you open a Financial Account(s) and/or obtain a Dave Card from Evolve through our mobile application and use these products. 

We use third-party service providers, such as Galileo Financial Technologies, Inc. (“Galileo”) to obtain your account, transaction, and other banking information from the relevant financial institution on your behalf in order to display the information to you or to fulfill your requests for certain products, services, or transactions through a Service. Dave also uses Plaid Inc. (“Plaid”) to gather your data from financial institutions. 

By using our Services, you grant Client and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid Privacy Policy.

2.4 Information Collected by Cookies and Web Beacons 

We use various technologies to collect information, which may include sending cookies to your computer or mobile device. Cookies are small data files that are stored on your hard drive or in device memory by a website. Among other things, cookies support the integrity of our registration process, retain your preferences and account settings, and help evaluate and compile aggregated statistics about user activity. We may also collect information using web beacons. Web beacons are electronic images that may be used in our Services or emails. We may use web beacons to deliver cookies, count visits, understand usage, and determine whether an email has been opened and acted upon.

Our mobile application may also include third-party software development kits (“SDKs”) that allow us and our service providers to collect information about your use of these applications. In addition, some mobile devices come with a resettable identifier that allows us and our service providers to identify your device over time for marketing purposes.

2.5 Technical and Navigation Information

We may collect your computer browser type, Internet protocol address, pages visited, and average time spent on our Site. This information may be used, for example, to alert you to software compatibility issues, or it may be analyzed to improve our web design and functionality.

2.6 Device Data Information

When you use our mobile applications or the mobile versions of our Site, we may collect the following device information:

• Locale Data: This includes specifics about the user’s regional settings and preferences, such as the type of calendar, the language of the keyboard, and other cultural and linguistic details relevant for data formatting.
• Accessibility Settings: Information regarding the accessibility features that are activated on the device, enhancing user interaction based on their needs.
• Motion and Orientation Data:
  • Device Motion: Includes details on the device’s movement, captured through sensors like accelerometers and gyroscopes, to track acceleration and orientation.
  • Accelerometer: Detects the device’s acceleration and direction, indicating how fast and in what direction the device is moving.
  • Magnetometer: Used to measure magnetic fields, aiding in navigation applications to determine directional heading like where "North" is.
• Communication Data: Information gathered from SMS and Short Code Messaging services, focusing on how these communication tools are utilized.
• Device Performance Metrics: Data related to the device’s operational performance, such as battery level, available storage space, and memory utilization.
• Network Details: Includes information about the internet connection, such as the IP address, and whether the device is connected to a Wi-Fi or cellular network.

3. How We Use Your Information 

We may use the information you provide about yourself and about your Dave Account, any financial accounts, Dave Card, or Third-Party Sites to fulfill your requests for the  Services, to respond to your inquiries about the Services, and to offer you other products, programs, or services that we believe may be of interest to you. We may use your information to complete transactions you request, to verify the existence and condition of your accounts, or to assist with a transaction, and fraud prevention. For example, we may use the account information you provide or that we collect from Third-Party Sites to confirm your accounts are valid and to access funds from your accounts in connection with the fulfillment of the Services. We may use your information to improve and personalize the Services, or to communicate with you about your account or use of our Services, including about product updates, security alerts, technical notices, and changes to our policies and terms, to respond to you when you contact us, and to provide customer service and support.

4. How We Share Your Information 

We may share any of the categories of information set out in Section 2 with third parties when it is permitted by law. For example:   

• Vendors
  • We work with third parties to provide, maintain, service and improve our Services; to improve app functionality, fraud prevention, security and compliance.
  • We may also share information to process transactions that you authorize or to fulfill your requests, such as communicating with participating merchants to determine if you are eligible to receive rewards or promotions.
• Legal reasons
  • To respond to subpoenas, court orders, or legal process.
  • In order to investigate, prevent, defend against, or take other action regarding violations of our Terms of Use, illegal activities, suspected fraud, or situations involving potential threats to the legal rights or physical safety of any person or the security of our network, Sites, or Services.
  • With our Bank Partners as required to support their products and services available through Dave
  • As otherwise required or allowed by law.
• With your consent:
  • We may also share your Personal Information with other third parties, with your consent.

5. How We Secure Your Information 

We take your privacy and the security of your information very seriously, and have an information security program that includes administrative, technical, and physical measures to protect your information. We hold ourselves responsible for the security of cardholder data we possess or otherwise store, process, or transmit on your behalf, or to the extent that we could impact the security of your cardholder data environment. Dave will maintain all applicable PCI DSS requirements to the extent we handle, have access to, or otherwise store, process, or transmit the customer's cardholder data or sensitive authentication data, or manage the customer's cardholder data environment on behalf of a customer. Examples of measures we have taken to protect your information include, but are not limited to:

• The use of industry-standard encryption while transmitting and storing information.
• Mobile application session timeouts to ensure your information is protected when you put down your device without logging out.
• Passwords and personal identification numbers (“PINs”) are only known by you. No employee, contractor or Third-Party Site has access to your Dave password or PIN. We will never ask for your password or PIN through our customer service teams.
• Two-factor authentication is provided to ensure your account can only be accessed by the device you register with.
• Our systems are periodically audited for security flaws.

6. How to Update Your Information 

If you wish to access personal information that you have submitted to us or to request the correction of any inaccurate information you have submitted to us, you may correct certain information through our Site. Alternatively, you can send an email that includes your contact information to support@dave.com to request any corrections to your personal information. You may also email us if you wish to deactivate your Services, but even after you deactivate your Services, we may retain archived copies of information about you for a period of time that is consistent with applicable law.

7. Children’s Privacy

Our online services are not intended for children under the age of 13, and we request that these individuals not provide Personal Information through our online services. We do not knowingly collect Personal Information from children under 13.

8. California Privacy Rights 

The California Consumer Privacy Act (“CCPA”) allows California residents, upon a verifiable consumer request and subject to applicable exemptions, to request that we give you access, in a portable and (if technically feasible) readily usable form, to the specific pieces and categories of personal information that we have collected about you, the categories of sources for that information, the business or commercial purposes for collecting the information, and the categories of third parties with which the information was shared. 

However, the CCPA does not apply to personally identifiable financial information collected by financial institutions (like Dave and its bank partner(s)), as that information is subject to other financial privacy laws, specifically the Gramm-Leach-Bliley Act (GLBA). Therefore, it does not apply to most of the information that Dave collects. The CCPA rights, outlined below, only apply to the more limited personal information we may collect outside of the financial products and services available through our mobile app.

California residents have the right to submit (1) a request for deletion of information under certain circumstances, (2) request correction of personal information, (3) request to know about Dave’s personal information collection and handling, and (4) request to opt out of the sale of personal information or sharing of personal information for cross-context behavioral advertising, although Dave does not currently sell or share this information as defined by the CCPA. Dave will not discriminate against you for exercising your rights, such as by denying you services, charging you different prices for services, or providing you a different level or quality of services. Please note that you must verify your identity and request before further action will be taken. As part of this process, we may require you to provide government identification. Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government-issued identification. 

We do not sell your personal information to third parties. We do, however, share personal information with third parties for the business purposes described in this Policy. California law also permits our customers who are California residents to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year.

If you are a California resident and would like to exercise your data protection rights where applicable, including removing or correcting inaccurate information, you can submit a request using our online form (available here) or contact us through Dave’s Mobile App or support@dave.com. We will consider all requests and provide our response within the time period required by applicable law. Please note, however, that certain information may be exempt from such requests, for example, if we need to keep the information to comply with our own legal obligations or to establish, exercise, or defend legal claims. Personal data will be retained by Dave for at least the time period required by applicable laws, depending on the type of products and services you are engaged in. Here is a summary of the CCPA-related categories of Personal Information we may have collected about you in the past 12 months. 

9. How We Update Our Privacy Policy 

We reserve the right, at our discretion, to make changes to this Policy from time to time, so please review it frequently. You may review updates to our Privacy Policy at any time via links on www.dave.com/privacy. By using our Services, you agree to accept electronic communications and/or postings of revised versions of this Policy on www.dave.com/privacy and agree that such electronic communications or postings constitute notice to you of the revised version of this Policy. Changes take effect immediately upon posting.

If you have questions or concerns regarding this Policy or other Services, please contact support@dave.com.