Privacy Policy

Last updated: 10/25/2022

If you are reading this Privacy Policy (the “Policy”), that means you have created an account through the website (the “Site”) and/or the mobile app (the “App”, and collectively with the Site, the “Platform”) that Higo Inc. (“Higo”) makes available to power your banking needs or you are otherwise using Higo’s Mobile App and services under the Terms of Service. By using these services, signing an electronic signature card or opening a deposit account (“Account”) with us, you agree to this Policy.

We may update this Policy from time to time and we will provide updates as required by law. We may update this Policy from time to time and the continued use of our services means acceptance of this Policy. If you do not agree to the Policy as last revised, do not use (or continue to use) the Services (as defined below).

Synctera is our backend software provider, and partners with financial institutions to provide FDIC insurance. Synctera’s API, and their relationship with financial institutions, enables us to offer banking services and products. By agreeing to this Policy, you also agree to Synctera’s privacy policy found at: www.synctera.com/privacy-policy, as well as the privacy policy of our bank partner, Lineage Financial Network, Inc., (“Bank Partner”), found at: www.lineagebank.com/privacy/.

At Higo, we take our customers’ privacy and security very seriously as provided herein. To demonstrate our commitment to privacy and security, we have developed this Policy to explain how we may collect, retain, process, share, and transfer your information.


1. Policy Overview
Higo Inc (“Higo” or the “Company”) has developed this Policy to comply with Privacy requirements.

To ensure that customers are protected against unwanted sharing of their financial information, the Gramm-Leach-Bliley Act (“GLBA”) includes a series of regulations known as the Privacy Rules. The Privacy Rules are intended to ensure the confidentiality and security of consumer and customer information.

When an institution chooses to share customer information, a customer can opt-out, or forbid the sharing of their information. Because we do not share any of our customers' personal information with outside parties (except for the purposes of day-to-day business), it is not necessary for the customer to opt-out.

The GLBA Privacy Rules address the following four concepts:
- Our obligation to inform consumers and customers of our policies and procedures regarding the sharing of their personal information.
- The concept of personal customer information, and the limited exceptions under which we may share this information with outside parties.
- Our responsibilities to protect personal customer information.
- Our responsibility to establish appropriate standards relating to safeguarding customer information.

The three principal requirements of the GLBA Privacy Rules are as follows:
- Provide customers with notices describing our privacy policies and practices, including policies with respect to the disclosure of nonpublic personal information to affiliates and to nonaffiliated third parties.
- Subject to specific exceptions, we may not disclose nonpublic personal information about consumers to any nonaffiliated third party unless consumers are given a reasonable opportunity to direct that such information not be shared (i.e., Opt-Out).
- We generally may not disclose account numbers to any nonaffiliated third party for marketing purposes.

As noted above, Higo does not share customers’ personal information with nonaffiliated third parties (except for reasons allowed by the Rules), and therefore is not required to provide the customer with the opportunity to opt-out.

The Right to Financial Privacy Act (“RFPA”) establishes specific procedures that federal government authorities must follow in order to obtain information from us about a customer’s financial records. Generally, these requirements include obtaining subpoenas, notifying the customer of the request, and providing the customer with an opportunity to object. The Act imposes related limitations and duties on financial institutions prior to the release of information requested by federal authorities.

The Children’s Online Privacy Protection Act (“COPPA”) was enacted to prohibit unfair and deceptive acts or practices in connection with the collection, use, or disclosure of personal information from children under the age of 13 in an online environment. Generally, the Act requires operators of Websites or online services directed to children, or that have actual knowledge that they are collecting or maintaining personal information from children online, to provide certain notices and obtain parental consent to collect, use, or disclose information about children. The FDIC is granted enforcement authority under the Act. Federal Trade Commission regulations (16 CFR 312) that implement COPPA became effective April 21, 2000.

This Policy describes the types of personal information we collect, how we use the information, with whom we may share it, and the choices available to you regarding our use of the information. We also describe measures we take to protect the security of the information and how you can contact us about our privacy practices.

In this Policy, “Services” refers to any products, services, content, features, technologies, or functions made available to you by Higo as a technology service provider working with Synctera and its Bank Partner via the Mobile App.

The terms “Higo,” we”, “us” or “our” shall refer to Higo, Inc. The terms “you” or “your” shall refer to any individual or entity who accepts this Policy.


2. Key Definitions

A. Child. An individual under the age of 13.

B. Consumer. An individual who obtains from us a financial product or service that is to be used primarily for personal, family, or household purposes. For example, a consumer is an individual who applies for credit (regardless of whether the credit is extended).

C. Customer (GLBA). A consumer who has a continuing relationship with us under which we provide one or more financial products or services.

NOTE: A consumer has a more temporary relationship with us than a customer. All customers are consumers, but all consumers are not customers.

D. Personally identifiable financial information. Any information – financial or otherwise – that we have about our customers, which can be tied to a specific customer.

E. Nonpublic personal information.  The nonpublic portion of personally identifiable financial information, including any customer lists. Nonpublic personal information consists of nonpublic information that is collected in connection with providing a financial product or service. Specifically, it means:

- Personally identifiable financial information, which includes:

• Information a customer provides on an application;
• Account balance information, payment history, overdraft history and credit or debit card purchase information;
• Any information collected through an Internet “cookie”;
• Information from a consumer report;
• The fact that an individual is or has been one of our customers or has obtained a financial product or service from us; and
• Any information about our customer if it is disclosed in a manner that indicates that the individual is or has been our customer.

- Any list, description, or other grouping of consumers that is derived using any personally identifiable financial information that is not publicly available. Lists include, but are not limited to, any list of individuals’ names and addresses that is derived in whole or in part using personally identifiable information that is not publicly available, such as account numbers.

NOTE: Nonpublic personal information does not include information that is available from public sources, such as telephone directories or government records. It also does not include aggregate information or blind data that does not contain personal identifiers.

F. Affiliate. Any company that controls, is controlled by, or is under common control with another company.

G. Nonaffiliated Third Party. Persons or entities except affiliates and persons jointly employed by a financial institution and a nonaffiliated third party. GLBA Privacy Rules restrict information sharing with nonaffiliated third parties


3. Policy Statement - Privacy
Higo seeks to proactively comply with all requirements that stem from regulations that govern our activities. The Privacy Rules within the GLBA apply to all activities that involve nonaffiliated third parties and the disclosure of nonpublic personal information for consumers. Higo engages with nonaffiliated third parties for the carrying out of financial transactions and for marketing of financial products which includes:

- Vendors that verify consumers' identification information
- Processors that conduct transaction information
- Financial institutions that process financial data

The use of nonpublic personal information for any of these reasons does not require that Higo obtain explicit prior consent from the consumer. As of the enacting of this policy, Higo does not engage with any nonaffiliated third party for the purpose of marketing non-financial products to consumers and there are no known plans to do so in the future.

It is the policy of Higo not to disclose nonpublic personal information about our customers to nonaffiliated third parties except as authorized by law (outlined above). However, Higo will permit additional information sharing in a manner consistent with legal requirements. To the extent that Higo seeks to disclose nonpublic information to nonaffiliated third parties in additional circumstances (such as for marketing), Higo will ensure that the customer is provided with the right to opt-out or limit the sharing by notifying Higo of such intent through the use of a mail-in form or other permissible means.

Additionally, Higo aims to comply with the RFPA, which establishes specific procedures that federal government authorities must follow in order to obtain information from a financial institution about a customer’s financial records.

Should Higo operate a website or online service directed to children that collects or maintains personal information about them, or knowingly collects or maintains personal information from a child online, the Company will comply with COPPA requirements.

The objective of this Privacy Policy is to protect customer information in accordance with the Privacy Rules. Higo respects the privacy of our customers and is committed to treating customer information responsibly. We are dedicated to protecting confidential information and have established standards and procedures to safeguard that personal information. 

4. Information We Obtain
We obtain personal information about you in various ways, such as when you use our Services, communicate with us, or interact with our member services representatives.  In addition, we may obtain information about you when you send or receive payments to or from one of our members.

The types of personal information we may obtain about you include:

- Identifiers such as name, date of birth, postal and email address, and phone number;
- Government-issued photo ID, such as a driver’s license or passport;
- Login credentials for your Higo account;
- Financial information, including your account number from our Bank Partners, Higo account transaction history, information about your linked non-Higo accounts (such as transaction information and balances, payroll account information, etc.), and payment card information;
- Direct deposit status (whether you electronically deposit a portion of your regular paycheck or benefit payment above a minimum threshold);
- Information included on a tax return you provide;
- Employment information, including occupation, information about your employer, and income details (such as source of income, approximate annual income and how frequently you are paid);
- Physical characteristics, demographic information and similar details (such as sex, gender, race, color, marital or family status, citizenship status, signature, language preference and national origin) present in documents (e.g., IDs, tax returns) you provide;
- Commercial information, including interest in a product or service, purchasing or consuming tendencies, and receipts or records of purchase or enrollment in products or services;
- Voice recordings (such as when you call Higo’s member services);
- Biometric information (such as a facial image collected for identity verification, if you use certain features of our App);
- Social media handles;
- Information you provide through member services interactions and that you provide about your experience with Higo, including via questionnaires, surveys, participation in user research or other feedback;
- Geolocation data;
- Information provided by marketers and other websites on which Higo advertises;
- Information you provide through contacts integration, including a list of contacts from your phone’s operating system; and
- Other information you choose to provide, such as through our “Contact Us” feature, emails or other communications (such as with member services), referrals, on social media pages, or in registrations and sign-up forms.

When you visit our Site, we may obtain certain information by automated means, such as cookies, web beacons, web server logs and other technologies. A “cookie” is a text file that websites send to a visitor’s computer or other internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an internet tag, pixel tag or clear GIF, links web pages to web servers and cookies and may be used to transmit information collected through cookies back to a web server. The information we collect in this manner may include your device IP address, unique device identifier, web browser characteristics, device characteristics, operating system, language preferences, referring URLs, clickstream data, and dates and times of website visits.

When you use our App, we also may collect certain information by automated means, such as through device logs, server logs and other technologies. The information we collect in this manner may include the device type used, the mobile operating system, device identifiers and similar unique identifiers, device settings and configurations, IP addresses, battery and signal strength, usage statistics, referring emails and web addresses, dates and times of usage, actions taken on the App, and other information regarding use of the App. In addition, as indicated above, we may collect your device’s geolocation information. Your device’s operating platform may provide you with a notification when the App attempts to collect your precise geolocation. Please note that if you decline to allow the App to collect your precise geolocation, you may not be able to use all of the App’s features or the offers available through the App.

We may use these automated technologies on our Platform to collect information about your equipment, browsing actions and usage patterns. These technologies help us (1) remember your information so you do not have to re-enter it; (2) track and understand how you use and interact with our Platform and the use of the Services, including our online forms, tools or content; (3) tailor the Platform around your preferences; (4) measure the usability of our Services and the effectiveness of our communications; and (5) otherwise manage and enhance our products and services, and help ensure they are working properly.

Your browser may tell you how to be notified about certain types of automated collection technologies and how to restrict or disable them. Please note, however, that without these technologies, you may not be able to use all of the features of our Platform. For mobile devices, you can manage how your device and browser share certain device data by adjusting the privacy and security settings on your mobile device.


5. How We Use the Information We Obtain
The law allows Higo to share information with our affiliates, to the extent that there is a need for our affiliate to have that information, and subject to the opt-out provisions for affiliate marketing and consumer credit report information established by the Fair Credit Reporting Act.

We may share information with other parties, without meeting the “opt-out” condition (defined below), under any of the following conditions:

- Provide the Services;
- Process and fulfill transactions;
- Establish and manage Higo accounts;
- Personalize your experience on our Platform;
- Facilitate direct deposits (including tax refunds and payroll) to your Higo account;
- Facilitate transfers between your external bank account and Higo accounts;
- Verify your identity and comply with our bank partners’ compliance with applicable law, including anti-money laundering (AML) and sanctions screening rules designed to prevent, detect, and investigate fraud, hacking, infringement, or other suspected or actual misconduct, crime, or violation of an agreement involving the Services;
- Respond to inquiries, provide member support and resolve disputes;
- Determine your eligibility for, and administer your participation in, certain features of the Platform, including surveys, contests, sweepstakes, promotions and rewards;
- Facilitate and manage referrals from our business partners;
- Identify recipients for transfers;
- Advertise and market our Services, and send information about third-party products and services we think may interest you;
- Provide you targeted offers and notify you nearby third-party locations where you may use our Services;
- Provide member support and quality assurance, and conduct customer service training;
- Collect fees and other amounts owed in connection with your Higo account;
- Operate, evaluate and improve our business (including researching and developing new products and services; enhancing, improving, debugging and analyzing our products and services; managing our communications; establishing and managing our business relationships; and performing accounting, auditing and other internal functions);
- Maintain and enhance the safety and security of our products and services and prevent misuse;
- Protect against, identify and prevent fraud and other criminal activity, claims and other liabilities;
- Exercise our rights and remedies and defend against legal claims; and
- Comply with and enforce applicable legal requirements, relevant industry standards and Higo policies.
- We also may use the information in other ways for which we provide specific notice at the time of collection.
- Diagnose and debug our technical systems.


6. Third-Party Analytics Services
We may use third-party analytics on our Services. For example, we use Google Analytics to better understand how you interact with our Site. We also Google Maps to better understand how our Services are used. The information we obtain through our Services may be disclosed to or collected directly by these third parties. To learn more about Google Analytics and Google Maps, please visit https://www.google.com/policies/privacy/partners/.


7. Interest-Based Advertising
On our Services, we may obtain information about your online activities to provide you with advertising about products and services that may be tailored to your interests. This section of our Privacy Policy provides details and explains how to exercise certain choices.

You may see our ads on other websites because we use third-party ad services. Through these ad services, we can target our messaging to users considering demographic data, users’ inferred interests and browsing context. These services track your online activities over time and across multiple websites and apps by collecting information through automated means, including through the use of cookies, web server logs, web beacons and other similar technologies. The ad services use this information to show you ads that may be tailored to your individual interests. The information ad services may collect includes data about your visits to websites that serve Higo advertisements, such as the pages or ads you view and the actions you take on the websites or apps. This data collection takes place both on our Platform and on third-party websites and apps that participate in these ad services. This process also helps us track the effectiveness of our marketing efforts.

The Platform is not designed to respond to “do not track” signals from browsers.
To learn how to opt out of interest-based advertising in the U.S., please visit www.aboutads.info/choices, http://www.networkadvertising.org/choices/ and http://preferences-mgr.truste.com/.


8. Information We Share
We may share the information we obtain about you with our affiliates and subsidiaries; our Bank Partner; other Higo users (including in connection with member referrals); other companies in connection with co-branded products, services or programs; joint marketing partners; and consumer reporting agencies. We also may share the information we obtain about you with third-party vendors and other entities we engage to perform services on our behalf, such as payment and check deposit processors, risk detection  and mitigation tools, and modeling and analytics tools.

We also may disclose personal information (i) if we are required to do so by law or legal process (such as a court order or subpoena); (ii) in response to requests by government agencies, such as law enforcement authorities; (iii) to establish, exercise or defend our legal rights; (iv) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (v) in connection with an investigation of suspected or actual illegal activity or (vi) otherwise with your consent.

We reserve the right to transfer any personal information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution or liquidation). 


9. Your Rights & Choices
We offer you certain choices in connection with the personal information we collect from you.  To update your preferences, limit the communications you receive from us, or submit a request, please contact us as indicated in the How To Contact Us section of this Policy. You can also unsubscribe from our marketing mailing lists by following the “Unsubscribe” link in our emails.

If you are a Higo member, you may update some of your account details and settings by logging into your account on our Platform or by emailing us at help@usesammy.com


10. Opt-Out Provision
Although Higo does not currently engage in this practice, if the company does eventually share nonpublic personal information with nonaffiliated third parties in any other capacity than as defined above, Higo will offer customers the opportunity to “opt out” of the information sharing process. Prior to any such sharing, Higo will ensure that the customer is provided with the right to opt-out or limit the sharing by notifying Higo of the intent to “opt out” through the use of a mail-in form or other permissible means. Higo will share information with its affiliates, and will provide opt-outs as required by FCRA.


11. How We Protect Personal Information
We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized access, destruction, loss, alteration, disclosure or use.


12. Children’s Privacy

Our Platform is designed for a general audience and is not directed to children.  In connection with the Services, we do not knowingly solicit or collect personal information from children under the age of 13 without parental consent.  If you believe that a child under age 13 may have provided us with personal information without parental consent, please contact us as specified in the How To Contact Us section of this Policy.


13. Links to Third-Party Services and Features
For your convenience and information, our Platform may provide links to other online services, and may include third-party features such as apps, tools, widgets and plug-ins. These online services and third-party features may operate independently from us. The privacy practices of the relevant third parties, including details on the information they may collect about you, are subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked online services or third-party features are not owned or controlled by Higo, we are not responsible for these third parties’ information practices. 

If you are a Higo member and elect to use the Plaid Technologies, Inc. (“Plaid”) feature in the Services, Plaid may collect your information from financial institutions.  By using the Plaid service, you acknowledge and agree that Plaid will collect and use your personal information in accordance with Plaid’s privacy policy, which is available at https://plaid.com/legal.


14. GLBA Notice to New Customers
Higo is required to provide a copy of the GLBA Notice when it enters into a customer relationship with a consumer. A customer relationship means a continuing relationship between a consumer and Higo, and is established when we provide one or more financial products or services to the consumer that are to be used primarily for personal, family, or household purposes. Higo will make the GLBA Notice available on the website and require the consumer/customer to acknowledge receipt of the notice as a necessary step to opening an account with Higo.

Higo will provide a clear and conspicuous notice that accurately reflects the privacy policies and practices as they relate to:  a) the Company’s customers and b) consumers who may inquire or apply for our services, but do not become customers. This Privacy Notice will be given to the individual when that individual enters into a continuing relationship with the Company. If our sharing of information changes, a new Privacy Notice will be delivered to covered customers. The Privacy notice will inform the customer of the following information:

- Categories of nonpublic personal information we collect;
- Categories of nonpublic personal information we disclose;
- Categories of affiliates and nonaffiliated third parties to whom we disclose nonpublic personal information;
- Categories of nonpublic personal information about our former customers that the bank discloses and the categories of affiliates and nonaffiliated third parties to whom we disclose nonpublic personal information about our former customers;
- An explanation of the consumer’s right to opt-out of the disclosure of nonpublic personal information to nonaffiliated third parties and the ability to opt-out of disclosures of information among affiliates;
- Our policies and practices with respect to protecting the confidentiality and security of nonpublic personal information;
- Any exceptions to the opt-out requirements

Higo does not  disclose nonpublic personal information about customers to anyone, except as permitted by law.  When customers close accounts or become inactive customers, we adhere to the privacy policies and practices as described in our privacy disclosures. It is our policy not to reveal specific information about customer accounts or other personally identifiable data to unaffiliated third parties for their independent use, except as permitted by law.


15. Annual GLBA Notice
Not less than annually thereafter, Higo provides a GLBA Notice to applicable customers as long as there is a continuation of the customer relationship. Annually means at least once in any period of 12 consecutive months during which that relationship exists. Higo will post the GLBA Notice on the website and will send an e-mail to all applicable customers notifying them of the location of the Notice.


16. Changes to the GLBA Notice
Higo will not disclose any nonpublic personal information about a customer other than as described in the GLBA Notice, unless Higo provides a clear and conspicuous revised notice that accurately describes the new policies and practices – along with any appropriate opt-out. In such circumstances, Higo will not engage in such sharing until after it provides at least 30 days for the customer to opt-out.


17. Other Information Use and Sharing Restrictions
Account numbers or similar forms of access numbers or access codes for a customer's account cannot be disclosed to any non-affiliated third party for the purpose of marketing non-bank products.

Customer information or other types of information obtained from companies for which Higo is a service provider may not be used beyond the purpose of the contract.

Business Lines are responsible for ensuring information passed to non-affiliated third parties (e.g.,service providers, marketing companies, etc.) is limited to information needed to fulfill the service provided by the third party.

Non-public personal information obtained concerning non-customers, consumers, and customers may not be disclosed to third parties to make their own products.


18. Confidentiality and Security
The Company is  committed to the security of customer financial and personal information.  All of our operational and data processing systems are in a secure environment that protects account information from being accessed by third parties. We maintain and grant access to customer information only in accordance with our internal security standards.

Our employee access to personally identifiable customer information is limited to those with a business reason to know such information. Employees are educated on the importance of maintaining the confidentiality of customer information and on these privacy principles. Because of the importance of these issues, our employees are responsible for maintaining the confidentiality of customer information and employees who violate these privacy policies will be subject to disciplinary measures, including, but not limited to termination.

We have in place reasonable organizational, technical, and administrative measures that are designed to protect data from loss, misuse, and unauthorized access, disclosure, alteration, destruction, and other forms of unlawful processing while it is under our control. However, please be aware that the storage and transfer of data cannot always be one-hundred percent secure. You also play a role in protecting your personal information. Please safeguard your username and password for your Platform’s account and do not share them with others. If we receive instructions using your Platform’s account log-in information, we will consider that you have authorized the instructions. You agree to notify us immediately of any unauthorized use of your Platform’s account  or any other breach of security related to the Services. We reserve the right, in our sole discretion, to refuse to provide the Services, terminate your Platform’s account , and to remove or edit content.


19. Maintenance of Accurate Information
The Company continually strives to maintain complete and accurate information about customer accounts. 


20. Retention period
Federal privacy requirements do not specifically require Higo to maintain records for a specified time period. All records related to compliance with the Privacy laws for any Higo account must be maintained in accordance with the Company's record retention policies and practices.

Higo must also keep a record of all marketing and advertising materials consistent with all applicable laws and in accordance with its record retention practices. All documentation supporting the review and approval of materials related to marketing and advertising also must be maintained. 


21. RFPA Policy Requirements

Access to Financial Records by Federal Government Authorities
Before Higo staff provides a customer’s financial records to a federal government authority, one of the following must have been received:

- Voluntarily signed and dated authorization by a customer which –

• Authorizes such disclosure for a period not to exceed three (3) months;
• States that the customer may revoke such authorization at any time before the financial records are disclosed;
• Identifies the financial records authorized to be disclosed;
• Specifies the purposes for which, and the government authority to which, such records may be disclosed; and
• States the member’s rights under the Act.

- An administrative subpoena or summons. Higo may release a customer’s financial information only if:

• Higo has reason to believe the records sought are related to a legitimate law enforcement inquiry;
• The customer has been served with a copy of the subpoena on or before the date that Higo is served, and Higo receives a copy of the notice sent to the customer specifically describing the nature of the inquiry; and
• Higo waits ten (10) days from the date the customer was served (or 14 days if the customer was served by mail), to see if notice is received that the customer has filed a motion to stop the subpoena. Higo will ensure that all required elements are met before disclosing financial information to the federal authority.

- A search warrant.
- A judicial subpoena. If the customer does not challenge the subpoena in court, the records may be available to a federal government authority upon expiration of ten (10) days from the date of service by the court (or 14 days if the notice was mailed to the customer). Higo will ensure that all required elements are met before disclosing financial information to the federal authority.
- A formal written request by a federal government authority, which is only used when no other authority is available to the federal authority (above). If the customer does not challenge this written request in court, the records may be available to a federal government authority upon expiration of ten (10) days from the date of service by the court (or 14 days if the notice was mailed to the customer). Higo will ensure that all required elements are met before disclosing financial information to the federal authority.

In addition to one of the above documents, Higo must also receive a written certification from the federal government authority that the authority has complied with the applicable provisions of the Act.  Upon receipt, Higo will begin to prepare delivery of the requested financial information.

Delayed Notice
Higo may be required to delay notice to the customer that records have been requested or obtained for ninety (90) days, or indefinitely, if a judge finds that:

- The investigation being conducted is within the lawful jurisdiction of the federal government authority seeking the financial records;
- There is reason to believe the records sought are relevant to a legitimate law enforcement inquiry; and
- There is reason to believe such notice will result in –

• Endangering the life or physical safety of any person;
• Flight from prosecution;
• Destruction of or tampering with evidence;
• Intimidation of potential witnesses; or
• Otherwise seriously jeopardizing an investigation or official proceeding or unduly delaying a trial or ongoing proceeding to the same extent as the circumstances above.

Exceptions 
The Act’s notification and certification requirements do not apply to the following situations:

- When the request for disclosure is not identified with a particular customer, which also includes records or information that is not identifiable as being derived from the financial records of a particular customer.
- When the request for disclosure is pursuant to the exercise of supervisory, regulatory or monetary functions with respect to financial institutions (e.g., examinations, conservatorships and receiverships).
- When the disclosure is pursuant to procedures authorized by the Internal Revenue Code.
- When the disclosure is pursuant to the filing of a Suspicious Activity Report (SAR) when Higo believes that information may be relevant to a possible violation of a statute or regulation.
- When the disclosure is required, pursuant to a federal statute or regulation.
- When the request for disclosure is sought under the Federal Rules of Civil or Criminal Procedure, or comparable rules of other courts in connection with litigation to which the government authority and the customer are parties.
- When the request is pursuant to an administrative subpoena issued by an administrative law judge in an adjudicatory proceeding.
- When the request is pursuant to legitimate law enforcement inquiries, and the information sought is the name, address, account number and type of account of any customer.
- When the request is pursuant to a grand jury subpoena.  In these instances, Higo staff will not disclose the existence of such a subpoena to the customer, or that financial records were turned over to a grand jury.
- When the records are sought by the General Accounting Office pursuant to an authorized proceeding, investigation, examination or audit directed at a government authority.
- When Higo or a supervisory agency provides any record of any officer or employee to the U.S. Attorney General, a state law enforcement agency, or the Secretary of the Treasury that there is reason to believe there were crimes against Higo by an insider.

Special Procedures
Access to Financial Records for Certain Intelligence and Protective Purposes Aside from the exceptions listed above, Higo may provide records to the following entities:

- A government authority authorized to conduct foreign counter- or foreign positive-intelligence activities, when the authority has certified in writing that it has complied with the applicable provisions of the Act;
- The Secret Service for the purpose of conducting its protective functions, when the agency has certified in writing that it has complied with the applicable provisions of the Act;
- A government authority authorized to conduct investigations of, or intelligence or counterintelligence analyses related to, international terrorism, when the authority has certified in writing that it has complied with the applicable provisions of the Act; or
- The Federal Bureau of Investigation (FBI), when the FBI Director (or its designee) certifies in writing that such records are sought for foreign counterintelligence purposes to protect against international terrorism or clandestine intelligence activities, provided that such an investigation of a U.S. person is not conducted solely on the basis protected by the first amendment to the U.S. Constitution.

Higo staff will not disclose that a government authority listed above has sought or obtained access to financial records when such authority certifies that there may result a danger to the national security of the United States, interference with a criminal, counterterrorism, or counterintelligence investigation, interference with diplomatic relations, or danger to the life or safety of any person.

Emergency Access to Financial Records
Higo staff may release financial records to a government authority when the authority determines that delay in obtaining access to such records would result in imminent danger of the following:

- Physical injury to any person;
- Serious property damage; or
- Flight to avoid prosecution.

In these cases, the government authority will submit the required certificate of compliance with the Act, which is signed by a supervisory official of a rank designated by the head of the government authority. 


22. COPPA Policy Requirements
The Company currently does not operate a website or online service directed to children that collects or maintains personal information about them, or knowingly collects or maintains personal information from a child online. In the event that the Company does, Higo will comply with the requirements of COPPA including:

- Providing notice on the Company’s website or online service of what information it collects from children, how it uses such information, and its disclosure practices for such information;
- Obtaining verifiable parental consent prior to any collection, use, and/or disclosure of personal information from children;
- Providing a reasonable means for a parent to review the personal information collected from a child and to refuse to permit its further use or maintenance;
- Not conditioning a child's participation in a game, the offering of a prize, or another activity on the child disclosing more personal information than is reasonably necessary to participate in such activity and
- Establishing and maintaining reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children.

Monitoring and Testing
Higo will ensure that compliance with Privacy requirements is independently monitored and tested at least annually.  Results from the testing are maintained and reported to the Board. 

Training
The Company will train all employees on Privacy Compliance each calendar year, and monitor and track completion of this training. Other periodic or ad hoc trainings may be added as required. How to Contact UsYou can update your preferences, ask us to remove your information from our mailing lists, submit a request or ask us questions about this Privacy Policy by emailing us at help@usesammy.com or contacting us via the in-app chat.


23. How to Contact Us

You can update your preferences, ask us to remove your information from our mailing lists, submit a request or ask us questions about this Privacy Policy by emailing us at help@usesammy.com or contacting us via the in-app chat.   

Privacy Notice

What does Higo Inc. do with your personal information?

Why
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What
The types of personal information we collect and share depend on the product or service you have with us. This information can include:
- Social security number, identification number, and account transactions
- Payment history and account balances
- Credit history and transaction or loss history
How
All financial companies need to share users’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their users’ personal information; the reasons Higo Inc. chooses to share; and whether you can limit this sharing.
Reasons we can share your personal information
Does Higo Inc. share?
Can you limit this sharing?
For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
Yes
No
For our marketing purposes — to offer our products and services to you
Yes
No
For joint marketing with other financial companies
Yes
No
For our affiliates’ everyday business purposes — information about your transactions and experiences
Yes
No
For our affiliates’ everyday business purposes — information about your creditworthiness
No
We don't share
For nonaffiliates to market to you
No
We don't share
Who we are
Who is providing this notice?
Higo Inc.
What we do
How does Higo Inc. protect my personal information?
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does Higo Inc. collect my personal information?
We collect your personal information, for example, when you
- open an account or provide account information
- use your debit card
- give us your contact information
Why can’t I limit all sharing?
Federal law gives you the right to limit onlysharing for affiliates’ everyday business purposes—information about your creditworthinessaffiliates from using your information to market to yousharing for nonaffiliates to market to youState laws and individual companies may give you additional rights to limit sharing.
Definitions
Affiliates
Companies related by common ownership or control. They can be financial and nonfinancial companies.
Nonaffiliates
Companies not related by common ownership or control. They can be financial and nonfinancial companies.
Joint marketing
A formal agreement between nonaffiliated financial companies that together market financial products or services to you.