NORTHSTAR PRIVACY POLICY

LAST UPDATED: September 18, 2024

Watt, Inc. d/b/a Northstar is a Northstar is a financial wellness benefit for employees. We provide personal finance tools and access to a team of in-house financial advisors to help users make their financial decisions with confidence.

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Notice describes Northstar’s policies and practices regarding its collection and use of your personal data and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

Information that you provide to us when you apply for or obtain a product or service from us to be used primarily for personal, family or household purposes is also governed by a separate notice entitled Northstar GLBA Notice. If you are such an applicant or customer, please refer to that notice for additional information about our privacy practices.

How we collect and use (process) your personal information

Northstar collects personal information about its website visitors and customers. With a few exceptions, this information is generally limited to:

We use this information to respond to your questions or requests concerning the Services; fulfill the terms of any agreement you have with us; fulfill your requests for our Services or otherwise complete a transaction that you initiate; send you information about our Services and other topics that are likely to be of interest to you, including newsletters, updates, or other communications, including promotional emails; and deliver confirmations, account information, notifications, and similar operational communications.

Our legal bases for processing your personal information are: 1) our legitimate interest in running and maintaining our business; 2) performance and fulfillment of our contracts; 3) your consent; and 4) compliance with our legal obligations. In many instances, more than one of these legal bases apply to the processing of your personal information.

Pursuant to your request to use certain aspects of the Services (e.g., auto-transfer of assets), you may be required to provide us additional information, such as your address, phone number, date of birth, and/or the last four digits of your Social Security Number, as part of verification required by us and our ACH, bank, and other Subprocessors (as such term is defined below).

In some cases, you may wish to contact one of our financial advisors through the Services. Please note that such financial advisors may store the information that you provide them, or share such information internally, as needed in their discretion in order to better assist you (e.g., keeping track of your financial goals and progress).

In order to provide you with Services pursuant to your request, we may collect and store information relating to your bank account from you or our subprocessors, such as bank transactions and balances, last four digits of bank account numbers, bank institution, and type of bank accounts. We do not currently store your bank account log-in name or password; that information is stored by our subprocessors, and the use and storage of that information is governed by those subprocessors’ applicable terms of service and privacy policy.

From time to time, Northstar receives personal information about individuals from third parties. Typically, information collected from third parties will include further details on your employer or industry. We may also collect your personal data from third-party websites (e.g. LinkedIn)

Use of the Northstar Website

As is true of most other websites, Northstar’s website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system, and other usage information about the use of Northstar’s website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.

Northstar has a legitimate interest in understanding how members, customers and potential customers use its website. This assists Northstar with providing more relevant products and services, with communicating value to our sponsors and corporate members, and with providing appropriate staffing to meet member and customer needs.

Cookies and tracking technologies

We use cookies on the Services. Cookies are small files that are stored on your computer by your web browser. A cookie allows the Services to recognize whether you have visited before and may store user preferences and other information. For example, cookies can be used to collect or store information about your use of our website during your current session and over time (including the pages you view and the files you download), your computer’s operating system and browser type, your Internet service provider, your domain name and IP address, your general geographic location, the website that you visited before our website, and the link you used to leave our website. If you are concerned about having cookies on your computer, you can set your browser to refuse all cookies or to indicate when a cookie is being set, allowing you to decide whether to accept it. You can also delete cookies from your computer. However, if you choose to block or delete cookies, certain features of the Services may not operate correctly.

For further detail, Northstar makes available a comprehensive Cookie Policy that describes the cookies and tracking technologies used on Northstar website and provides information on how users can accept or reject them. To view the notice, just click https://www.northstarmoney.com/legal/cookies.

Web beacons

Our Services may use an application known as a “web beacon” (also known as a “clear gif” or “web bug”). A web beacon is an electronic file that usually consists of a single-pixel image. It can be embedded in a web page or in an email to transmit information, which could include personal information. For example, it can allow an email sender to determine whether a user has opened a particular email.

Aggregated and deidentified information.

From time to time, we may also collect and share aggregated or deidentified information about website users, such as by publishing a report on trends in the usage of the website. Such aggregated or deidentified information will not identify you personally.

Sharing information with third parties

The personal information Northstar collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage, retrieval, and abuse detection. On occasion, Northstar engages third parties to send information to you, including information about our products, services, and events.

We do not otherwise reveal your personal data to non-Northstar persons or businesses for their independent use unless:

The Northstar website connects with third party services such as Facebook, LinkedIn, Twitter and others. If you choose to share information from the Northstar website through these services, you should review the privacy policy of that service. If you are a member of a third-party service, the aforementioned connections may allow that service to connect your visit to our website to your personal data.

We use Plaid to gather users’ data from financial institutions. By using the Services, you grant us and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution. You hereby agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid Privacy Policy.

We may partner with vendors, including but not limited to OpenAI and Anthropic, to enable certain functionality in our Services, including AI services as described further in our Terms of Service.

Analytics

We partner with certain third parties to obtain the automatically collected information discussed above and to engage in analysis, auditing, research, and reporting. These third parties may use web logs or web beacons, and they may set and access cookies on your computer or other device. In particular, the website uses Google Analytics to help collect and analyze certain information for the purposes discussed above. You may opt out of the use of cookies by Google Analytics here.

Interest-based advertising

We also enable third-party tracking mechanisms to collect information about you and your computing devices for use in online interest-based advertising. For example, third parties may use the fact that you visited our website to target online ads to you. In addition, our third-party advertising networks might use information about your use of our website to help target advertisements based on your online activity in general. For information about interest-based advertising practices, including privacy and confidentiality, visit the Network Advertising Initiative website or the Digital Advertising Alliance website.

The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this policy. If you prefer to prevent third parties from setting and accessing cookies on your computer or other device, you may set your browser to block cookies. Additionally, you may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out here, or of companies participating in the Digital Advertising Alliance by opting out here. Although our website currently does not respond to “do not track” browser headers, you can limit tracking through these third-party programs and by taking the other steps discussed above.

You may also opt-out of interest-based by adjusting the advertising preferences on your mobile device (for example, in iOS, visit Settings > Privacy > Advertising > Limit Ad Tracking, and in Android, visit Settings > Google > Ads > Opt out of interest-based ads). Additionally, you may opt out for companies that participate in the Digital Advertising Alliance's AppChoices tool by downloading it here and following the instructions in the app.

Transferring personal data to the U.S.

Northstar has its headquarters in the United States. Information we collect about you will be processed in the United States. By using Northstar’s services, you acknowledge that your personal information will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. Pursuant to Article 46 of the GDPR, Northstar is providing for appropriate safeguards by entering binding, standard data protection clauses, enforceable by data subjects in the EEA and the UK. These clauses have been enhanced based on the guidance of the European Data Protection Board and will be updated when the new draft model clauses are approved.

Depending on the circumstance, Northstar also collects and transfers to the U.S. personal data with consent; to perform a contract with you; or to fulfill a compelling legitimate interest of Northstar in a manner that does not outweigh your rights and freedoms. Northstar endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Northstar and the practices described in this Privacy Statement. Northstar also enters into data processing agreements and model clauses with its vendors whenever feasible and appropriate. Since it was founded, Northstar has received zero government requests for information.

For more information or if you have any questions, please contact us at privacy@northstarmoney.com.

Data subject rights

If you wish to opt out of any marketing emails you receive from us, you may do so by following the instructions in those emails or by emailing us at privacy@northstarmoney.com.

If you wish to access, correct, or delete your information, please contact us at privacy@northstarmoney.com.

If you are a resident of the EU, UK, or another jurisdiction with an applicable privacy law, you may have certain rights available to you. These rights may include:

To exercise any of the rights listed above, please contact us via email at privacy@northstarmoney.com. We will respond to your request as soon as reasonably possible and in the time period required be applicable law.

Data storage and retention

Your personal data is stored by the Northstar on its servers, and on the servers of the cloud-based database management services the Northstar engages, located in the United States. The Northstar retains service data for the duration of the customer’s business relationship with the Northstar and for a period of time thereafter, to analyze the data for Northstar’s own operations, and for historical and archiving purposes associated with Northstar’s services. Northstar retains prospect data until such time as it no longer has business value and is purged from Northstar systems. All personal data that Northstar controls may be deleted upon verified request from Data Subjects or their authorized agents. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at: privacy@northstarmoney.com.

Data security

We employ physical, technical, and administrative procedures to safeguard the personal information we collect online. However, no website or platform is 100% secure, and we cannot ensure or warrant the security of any information you transmit to the Services or to us, and you transmit such information at your own risk.

Children’s data

We do not knowingly attempt to solicit or receive information from children under the age of 16.

Our Article 27 Representative

We have appointed EU and UK Representatives under Article 27 of the EU GDPR and UK GDPR respectively. Our appointed representatives are:

Our UK Representative:

Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is: GDPR Local Ltd.

Adam Brogden contact@gdprlocal.com
Tel +44 1772 217800
1st Floor Front Suite
27-29 North Street, Brighton
England
BN1 1EB

Our EU Representative:

Under Article 27 of the GDPR , we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is: Instant EU GDPR Representative Ltd.

Adam Brogden contact@gdprlocal.com
Tel +35315549700
INSTANT EU GDPR REPRESENTATIVE LTD
Office 2,
12A Lower Main Street, Lucan Co. Dublin
K78 X5P8
Ireland

Questions, concerns, or complaints

If you have questions, concerns, complaints, or would like to exercise your rights, please contact us at:

Watt, Inc. d/b/a Northstar
8605 Santa Monica Blvd, PMB 65044
West Hollywood, California 90069-4109 US
privacy@northstarmoney.com
310-896-8197