Privacy Policy

Effective November 20, 2024

At Karat, we take your privacy seriously. Please read the following to learn how we treat your personal information. By using or accessing the Services (as defined in our Terms of Use) in any manner, or when interacting with us as a representative of our business partners, vendors and other companies we do business with, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent that we will collect, use, and share your information in the following ways. If you do not agree to this Privacy Policy, please do not access or use any of the Services.

Remember that your use of Karat's Services is at all times subject to our Terms of Use, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Use. The Services are designed for users in the United States only and are not intended for users located outside the United States.


What this Privacy Policy Covers

This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, or regulations. Personal Data does not include information that is aggregated or deidentified such that the information cannot be reasonably linked to you (and when we collect deidentified data, we maintain it in deidentified form and do not attempt to reidentify the information). This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage.

Sources of Personal Data

We collect Personal Data about you from:

  • You:
  • when you provide such information directly to us, and
  • when Personal Data about you is automatically collected in connection with your use of our Services.
  • Third parties, when they provide us with Personal Data about you or when you choose to share information with us via third parties. Third Parties that share your Personal Data with us include: Service providers. For example, we may use analytics service providers to analyze how you interact and engage with the Services, or third parties may help us provide you with customer support.  We may also receive information from social media platforms such as Instagram. We are not responsible for the accuracy of information provided to us by third parties and are not responsible for their policies or practices.  



Categories of Personal Data We Collect

The following chart details the categories of Personal Data that we collect and have collected over the past twelve (12) months from you.

Throughout this Privacy Policy, we will refer back to the categories of Personal Data listed in this chart (for example, “Category A. Personal identifiers”).

Category of Personal Data
Types of Personal Data Collected
A
Personal identifiers
Real name, alias, telephone number, postal address, unique personal identifier, online identifier, social media handle, Internet Protocol address, email address.
B
Customer records identified by state law (including the California Customer Records statute (Cal. Civ. Code § 1798.80(e))) (information in this category may overlap with others)
Name, signature, Social Security number, bank account number, credit card number.
C
Commercial information
Records of personal property, products or services purchased, obtained, or considered, annual revenue, information about bank transactions.
D
Geolocation information
Postal address
E
Internet or other similar network activity information
Browsing history, search history, or information on a consumer's interaction with a website or application.
F
Professional or employment-related information
Current or past employer, industry/trade, role, primary social media platform, income and other bank account information.
G
Sensitive personal data
Social Security number, account log-in, financial account and credit card number in combination with access credentials.


We also collect other types of Personal Data that you provide in communications with us. The following section provides additional information about how we collect your Personal Data.

Information Collected Automatically

The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser and tell us how and when you visit and use our Services, to analyze trends, learn about our user base and operate and improve our Services. Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone, or similar device when you use that device to visit our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). Please note that because of our use of Cookies, the Services do not support “Do Not Track” requests sent from a browser at this time.


We use the following types of Cookies:

  • Essential Cookies. Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features and services unavailable.
  • Functional Cookies. Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
  • Advertising Cookies. Advertising Cookies are used to help show relevant content and ads and to measure the performance of ad campaigns, including on third-party websites. For example, certain Cookies may allow us to recommend products and services or otherwise deliver ads to you based on your activity on the Services.


You can decide whether or not to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your computer. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some of the Services and functionalities may not work.

To explore what Cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. To find out more information about Cookies, including information about how to manage and delete Cookies, please visit http://www.allaboutcookies.org/. To opt out of tracking by Google Analytics, click here.


How We Use Your Personal Data

We process Personal Data to operate, improve, understand and personalize our Services. We use Personal Data for the following purposes:

  • To meet or fulfill the reason you provided the information to us.
  • To communicate with you about the Services, including Service announcements, updates or offers.
  • To provide support and assistance for the Services.
  • To personalize website content and communications based on your preferences.
  • To process orders or other transactions.
  • To respond to user inquiries and fulfill user requests.
  • To improve and develop the Services, including testing, research, analysis and product development.
  • To protect against or deter fraudulent, illegal or harmful actions and maintain the safety, security and integrity of our Services.
  • To comply with our legal or contractual obligations, resolve disputes, and enforce our Terms of Use.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • For any other business purpose stated when collecting your Personal Data or as otherwise set forth in applicable data privacy laws, such as the California Consumer Privacy Act (the “CCPA”).


We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you notice.

As noted in the list above, we may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers or email you about your use of the Services. Also, we may receive a confirmation when you open an email from us, which helps us improve our Services. If you do not want to receive communications from us, please use the unsubscribe link provided in the email or indicate your preference by emailing us at concierge@trykarat.com.


How We Disclose Your Personal Data

Disclosures of Personal Data for a Business Purpose

We disclose your Personal Data to service providers and other parties for the following business purposes:

  • Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
  • Helping to ensure security and integrity.
  • Debugging to identify and repair errors that impair existing intended functionality.Short-term, transient use of Personal Data, including but not limited to non-personalized advertising shown as part of an individual’s current interaction with us.
  • Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf.
  • Providing advertising and marketing services.
  • Undertaking internal research for technological development and demonstration.
  • Undertaking activities to verify or maintain the quality or safety of a service or device that we own, manufacture, was manufactured for us, or control, and to improve, upgrade, or enhance such service or device.


We disclose your Personal Data to the following categories of service providers and other parties:

  1. Service providers, including:
  2. Payment processors.
  3. Security and fraud prevention consultants.
  4. Hosting and other technology and communications providers.
  5. Companies that assist us with our marketing efforts.
  6. Analytics providers.
  7. Staff augmentation and contract personnel.
  8. Professional advisors such as auditors, law firms and accounting firms.
  9. Parties who acquire your Personal Data through an acquisition or other change of control.
  10. Personal Data may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).
  11. With companies that we partner with or who may wish to offer you products, promotions or services
  12. [With our affiliates or otherwise within our corporate group]
  13. Other parties at your direction.
  14. Other users (where you post information publicly or as otherwise necessary to effect a transaction initiated or authorized by you through the Services).
  15. Third-party business partners who you access or interact with through the Services.
  16. Other parties authorized by you.
  17. To comply with applicable legal requirements or to ensure the safety of Karat and our users.


Over the past twelve months, we have disclosed the following categories of your Personal Data to service providers or other parties for the business purposes listed above:

  • A. Personal identifiers.
  • B. Customer records identified by state law.
  • C. Commercial information.
  • D. Geolocation information.
  • E. Internet or other similar network activity information.
  • F. Professional or employment-related information.
  • G. Sensitive Personal Data (we do not use or disclose sensitive Personal Data for purposes other than permitted by applicable laws, including the CCPA, or otherwise with your consent).


Sales and Sharing of Personal Data

We do not and have not “sold” or “shared” your Personal Data over the last 12 months (as those terms are defined under applicable laws). As such, we do not have actual knowledge that we sell or “share” Personal Data of individuals under 16 years of age.

Data Security and Retention

We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. For example, the Services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of Personal Data you provide to us. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; and limiting access to your computer or device and browser. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the Internet or storing data is completely secure. We cannot guarantee the complete security of any data you share with us, and except as expressly required by law, we are not responsible for the theft, destruction, loss or inadvertent disclosure of your information or content.

We will retain your Personal Data only for as long as necessary to fulfil the purposes for which we collected it. To determine the appropriate retention period, we consider the amount, nature and sensitivity of your Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data (and whether we can achieve those purposes through other means), and applicable legal requirements. We will also retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

Data Deletion Requests
You have the right to request that we delete your personal information that we have collected from or about you. Contact concierge@trykarat.com to request your personal data to be deleted.

Personal Data of Children

As noted in the Terms of Use, we do not knowingly collect or solicit Personal Data from children under 13; if you are a child under 13, please do not attempt to register for or otherwise use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 13, we will take commercially reasonable steps to delete that information as quickly as possible. If you believe that a child under 13 may have provided us Personal Data, please contact us at concierge@trykarat.com.



Other US State Law Privacy Rights



Depending on where you live and subject to certain exceptions, you may have some or all of the following rights:

Right to Know/Access.
You have the right to request that we disclose to you the personal information we collect, use, or disclose, and information about our data practices. 

Right to Request Correction.
You have the right to request that we correct inaccurate personal information that we maintain about you.

Right to Request Deletion.
You have the right to request that we delete your personal information that we have collected from or about you. Contact concierge@trykarat.com to request your personal data to be deleted.

Right to Non-Discrimination.
We will not discriminate against you for exercising any of these rights.

As we do not sell or “share” personal information, we do not recognize opt-out preference signals.

Under US privacy laws, you may also designate an authorized agent to make these requests on your behalf. If you use an authorized agent to submit a request, please note that we may need to collect additional information, such as a valid government-issued ID, to verify your identity before


Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to request certain details about how their Personal Data is disclosed to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at concierge@trykarat.com.


Changes to this Privacy Policy

We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time as well, but we will alert you to changes by placing a notice on the www.trykarat.com website, by sending you an email, and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes. Use of information we collect is subject to the Privacy Policy in effect at the time such information is collected.


Contact Information:

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data, your choices and rights regarding such use, please do not hesitate to contact us at: concierge@trykarat.com



Contact Us

Website: www.trykarat.com  
E-Mail: concierge@trykarat.com
Phone: +1 (323) 747-7086

Company
Why KaratCareers
Resources
Creator InsightsPodcast
Help
SupportHelp Desk
Follow
InstagramLinkedInTwitterYoutube
Terms of UsePrivacy Policy
Karat Financial Technologies, Inc.
© 2023 All Rights Reserved
Karat is a financial technology company and not a bank. The Karat Charge Card is issued by Cross River Bank, Member FDIC. See Privacy Policy, Card Program Terms, and Cardholder Agreement. Karat Financial is not affiliated with Karat, Inc. at http://www.karat.com