PRIVACY POLICY

1. INTRODUCTION

Welcome to Piggi. Designed Partners, LLC ("Piggi," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. INFORMATION WE COLLECT

We collect information that you provide directly to us, information we obtain automatically when you use our Service, and information from third-party sources.

2.1 Information You Provide to Us

Account Information:

• Full name
• Email address
• Phone number
• Date of birth
• Mailing address
• Password (encrypted and hashed)

Financial Account Information:

• Bank account numbers
• Routing numbers
• Debit and credit card information
• Transaction history
• Account balances
• Financial institution names

Donation Preferences:

• Selected charitable organizations
• Donation frequency settings
• Donation threshold preferences
• Charity allocation percentages

Identity Verification Information:

• Government-issued ID (when required for compliance)
• Social Security Number (last 4 digits only, when required)
• Proof of address documents

Communications:

• Messages you send to us through support channels
• Feedback and survey responses
• User testimonials (with your consent)

2.2 Information We Collect Automatically

Device Information:

• Device type, model, and operating system
• Unique device identifiers
• Mobile network information
• IP address
• Browser type and version

Usage Information:

• Pages or screens viewed
• Time and date of access
• Time spent on pages or screens
• Links clicked
• Features used
• Search queries within the app

Location Information:

• Precise geolocation (with your permission)
• Approximate location derived from IP address

Cookies and Similar Technologies:

• Session cookies
• Persistent cookies
• Web beacons
• Pixel tags
• Local storage

2.3 Information from Third-Party Sources

Plaid and Financial Institutions: We use Plaid Inc., a third-party service provider, to connect to your financial accounts. Through Plaid, we receive:

• Transaction data (merchant name, amount, date, category)
• Account information (account type, balance, ownership)
• Identity verification data

Payment Processors: We receive transaction confirmation and processing information from payment processors like Stripe.

Charitable Organizations: We may receive confirmation of donation receipt from partner charities.

Public Databases: We may obtain information from public databases for identity verification and fraud prevention purposes.

Social Media: If you connect your social media accounts, we may receive profile information you authorize us to access.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

3.1 To Provide and Maintain the Service

• Create and manage your account
• Process and facilitate donations
• Calculate round-up amounts from your transactions
• Connect to your financial accounts through Plaid
• Initiate ACH transfers
• Disburse donations to selected charities
• Provide customer support
• Send transactional notifications (donation confirmations, payment receipts)

3.2 To Improve and Personalize the Service

• Analyze usage patterns and trends
• Develop new features and functionality
• Recommend charities based on your interests
• Personalize your user experience
• Conduct research and analytics

3.3 To Communicate with You

• Send service-related announcements
• Provide updates about your donations and impact
• Respond to your inquiries and support requests
• Send monthly donation summaries and tax receipts
• Request feedback and conduct surveys (with your consent)
• Send marketing and promotional communications (with your consent)

3.4 For Legal and Security Purposes

• Comply with legal obligations and government requests
• Prevent fraud and unauthorized transactions
• Protect against security threats
• Enforce our Terms of Service and other policies
• Resolve disputes
• Conduct investigations
• Comply with anti-money laundering (AML) and Know Your Customer (KYC) requirements

3.5 For Business Operations

• Process payments and manage billing
• Maintain records and perform accounting
• Conduct audits and financial reconciliation
• Provide tax reporting (Form 1098-C for charitable contributions)
• Evaluate and improve our business operations

4. HOW WE SHARE YOUR INFORMATION

We may share your information in the following circumstances:

4.1 With Third-Party Service Providers

We share information with vendors who perform services on our behalf:

Plaid Inc.:

• Connects to your financial accounts
• Retrieves transaction data
• Facilitates ACH transfers
• Plaid's use of your information is governed by their Privacy Policy

Payment Processors (e.g., Stripe):

• Process ACH debits and payments
• Handle refunds and chargebacks
• Provide fraud detection services

Cloud Service Providers:

• Amazon Web Services (AWS) or similar providers
• Data storage and hosting services
• Database management

Analytics Providers:

• Google Analytics or similar services
• Usage analytics and reporting
• Marketing attribution

Customer Support Tools:

• Zendesk, Intercom, or similar platforms
• Help desk and ticketing systems

Identity Verification Services:

• Identity verification and fraud prevention
• Background checks when required

4.2 With Charitable Organizations

We share limited information with charities you select:

• Total donation amounts you've contributed
• Frequency of donations
• Anonymous user identifier (not personal information)

4.3 For Legal Purposes

We may disclose your information when required by law or to:

• Comply with court orders, subpoenas, or legal processes
• Respond to government requests
• Enforce our Terms of Service and other agreements
• Protect the rights, property, or safety of Piggi, our users, or the public
• Prevent fraud or illegal activity
• Comply with AML, KYC, and other financial regulations

4.4 Business Transfers

If Piggi is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any such transfer and any choices you may have regarding your information.

4.5 With Your Consent

We may share your information with third parties when you explicitly consent or direct us to do so.

4.6 Aggregated or De-Identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. For example:

• "10,000 users donated to environmental causes this month"
• "Average donation per user is $15"
• General usage statistics and trends

5. DATA SECURITY

We implement reasonable administrative, technical, and physical security measures to protect your information from unauthorized access, use, or disclosure.

5.1 Security Measures

Encryption:

• Data in transit is encrypted using TLS/SSL
• Data at rest is encrypted using industry-standard encryption
• Passwords are hashed and salted

Access Controls:

• Multi-factor authentication for employees
• Role-based access controls
• Principle of least privilege
• Regular access reviews

Network Security:

• Firewalls and intrusion detection systems
• Regular security assessments and penetration testing
• DDoS protection
• Network segmentation

Monitoring:

• 24/7 security monitoring
• Automated threat detection
• Incident response procedures
• Regular security audits

5.2 Third-Party Security

Plaid Security:

• Plaid uses bank-level 256-bit encryption
• Your bank login credentials are handled exclusively by Plaid
• We never see, store, or have access to your banking passwords
• Plaid is SOC 2 certified and complies with banking regulations

Payment Processor Security:

• Payment processors (e.g., Stripe) are PCI-DSS compliant
• We do not store full credit card numbers
• Payment data is tokenized

5.3 Limitations

While we strive to protect your information, no security system is impenetrable. We cannot guarantee the absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account.

6. DATA RETENTION

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

6.1 Retention Periods

Account Information:

• Retained while your account is active
• Retained for 7 years after account closure for tax and legal compliance

Transaction Data:

• Retained for 7 years for tax reporting and IRS compliance
• Required for issuing tax receipts (Form 1098-C)

Communications:

• Customer support communications retained for 3 years
• Marketing communications retained until you unsubscribe

Financial Records:

• Retained for 7 years per IRS requirements
• Required for audit and regulatory purposes

6.2 Deletion Requests

You may request deletion of your personal information by contacting us at privacy@piggibanks.com. We will respond to deletion requests within 30 days. However, we may retain certain information:

• As required by law (e.g., tax records, financial transactions)
• To resolve disputes or enforce our agreements
• For legitimate business purposes (e.g., fraud prevention)
• In backup systems for a limited time

7. YOUR PRIVACY RIGHTS

Depending on your location, you may have certain rights regarding your personal information.

7.1 Rights for All Users

• Access: You can access your personal information through your account settings or by contacting us.
• Correction: You can update or correct your information through your account settings.
• Deletion: You can request deletion of your account and personal information (subject to legal retention requirements).
• Opt-Out of Marketing: You can unsubscribe from marketing emails by clicking the unsubscribe link or contacting us.

7.2 Additional Rights for California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

Right to Know: You have the right to request:

• Categories of personal information we collect
• Sources from which we collect information
• Business purposes for collecting information
• Categories of third parties with whom we share information
• Specific pieces of personal information we hold about you

Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out of Sale: We do not sell your personal information. If this changes, we will update this Privacy Policy and provide you with an opt-out mechanism.

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

How to Exercise Your Rights:

• Email: privacy@piggibanks.com
• Phone: 408-755-0493

We will respond to verified requests within 45 days.

7.3 Additional Rights for EU/UK Residents (GDPR)

If you are located in the European Union or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access: Request access to your personal data.
• Right to Rectification: Request correction of inaccurate personal data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data.
• Right to Restriction of Processing: Request that we limit how we use your personal data.
• Right to Data Portability: Request a copy of your personal data in a structured, machine-readable format.
• Right to Object: Object to our processing of your personal data for certain purposes.
• Right to Withdraw Consent: Withdraw consent at any time where we rely on consent as the legal basis for processing.
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

Legal Bases for Processing: We process your personal data based on the following legal grounds:

• Contract: To perform our contract with you (provide the Service)
• Consent: Where you have given explicit consent
• Legitimate Interests: For fraud prevention, analytics, and business operations
• Legal Obligation: To comply with legal requirements

International Data Transfers: We may transfer your data outside the EU/UK. We ensure adequate protection through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions
• Other approved transfer mechanisms

8. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to collect information and improve our Service.

8.1 Types of Cookies We Use

Strictly Necessary Cookies:

• Required for the Service to function
• Enable core functionality like security and account access
• Cannot be disabled

Performance Cookies:

• Collect information about how you use the Service
• Help us improve performance and user experience
• Example: Google Analytics

Functional Cookies:

• Remember your preferences and settings
• Provide enhanced functionality
• Example: language preferences, location

Marketing Cookies:

• Track your visits across websites
• Used to display relevant advertisements
• Example: Facebook Pixel, Google Ads

8.2 Managing Cookies

You can control cookies through your browser settings:

• Browser Controls: Most browsers allow you to refuse or delete cookies
• Opt-Out Tools: Use industry opt-out tools like:
  • Network Advertising Initiative (NAI) opt-out: http://optout.networkadvertising.org/
  • Digital Advertising Alliance (DAA) opt-out: http://optout.aboutads.info/
• Do Not Track: We currently do not respond to Do Not Track signals

8.3 Mobile Device Tracking

Mobile Advertising IDs:

• iOS: Identifier for Advertising (IDFA)
• Android: Google Advertising ID (GAID)

You can limit ad tracking through your device settings:

• iOS: Settings > Privacy > Advertising > Limit Ad Tracking
• Android: Settings > Google > Ads > Opt out of Ads Personalization

9. CHILDREN'S PRIVACY

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

If we learn that we have collected personal information from a child under 18 without parental consent, we will delete that information immediately. If you believe we have collected information from a child under 18, please contact us at privacy@piggibanks.com.

10. THIRD-PARTY LINKS AND SERVICES

The Service may contain links to third-party websites, applications, and services that are not operated by us. This Privacy Policy does not apply to third-party services.

Third-Party Services Include:

• Plaid (https://plaid.com/legal/)
• Payment processors (e.g., Stripe)
• Charitable organization websites
• Social media platforms
• Analytics providers

We are not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party services you access through our Service.

11. YOUR COMMUNICATION PREFERENCES

We may send you various types of communications. You can control your preferences as follows:

11.1 Transactional Communications

These are necessary for the Service and cannot be opted out of:

• Donation confirmations
• Payment receipts
• ACH debit notifications
• Account security alerts
• Legal notices and policy updates
• Tax receipts and annual summaries

11.2 Marketing Communications

You can opt out of promotional emails by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your preferences in account settings
• Contacting us at privacy@piggibanks.com

Note: Opting out of marketing communications does not affect transactional communications.

11.3 Push Notifications

You can disable push notifications through your device settings or app settings.

11.4 SMS/Text Messages

If you opt in to receive text messages, you can opt out by:

• Replying "STOP" to any text message
• Contacting us at privacy@piggibanks.com

Standard message and data rates may apply.

12. DATA BREACH NOTIFICATION

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of discovering the breach
• Provide details about the breach and information compromised
• Describe steps we are taking to address the breach
• Recommend actions you can take to protect yourself
• Comply with all applicable data breach notification laws

You will be notified via:

• Email to the address on file
• In-app notification
• Notice on our website (if appropriate)

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You:

• We will post the updated Privacy Policy on this page
• We will update the "Last Updated" date at the top
• For material changes, we will provide prominent notice:
  • Email notification
  • In-app notification
  • Notice on our website

Your Continued Use: Your continued use of the Service after the effective date of an updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated Privacy Policy, you must stop using the Service and may request deletion of your account.

We encourage you to review this Privacy Policy periodically for any updates.

14. CALIFORNIA SHINE THE LIGHT LAW

California Civil Code Section 1798.83 permits California residents to request certain information about our disclosure of personal information to third parties for their direct marketing purposes.

To make such a request, please contact us at:

15. NEVADA PRIVACY RIGHTS

Nevada residents have the right to opt out of the sale of certain covered information collected by website operators. We do not sell your covered information as defined under Nevada law. If you are a Nevada resident and would like to make such a request, please contact us at privacy@piggibanks.com.

16. INTERNATIONAL USERS

The Service is operated in the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

Data Protection Standards: By using the Service, you consent to the transfer of your information to the United States and other countries that may have different data protection laws than your country of residence.

EU/UK Users: For users in the EU/UK, we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission.

17. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

18. ACKNOWLEDGMENT

Designed Partners, LLC d/b/a "Piggi"
Last Updated: October 1, 2025
Version: 1.0