Privacy Policy

Last Revised: November 10th, 2022

Introduction

Sunlight API Inc. and its affiliates (collectively, “Sunlight”, “we”, “our” or “us”) respect the privacy of our Platform’s Users (collectively, “Platform” and “User” or “you”). Please read the following privacy policy (“Privacy Policy”) carefully to understand our views and practices regarding your personal information and how we will treat it. Capitalized terms which are not defined herein, shall have the meaning ascribed to them in our Terms of Use at https://www.sunlightapi.com/terms-conditions (the “Terms of Use”), into which this Privacy Policy is incorporated by reference.

1. Your Consent

By entering, accessing or using the platform, you agree to the terms and conditions set forth in this Privacy Policy and consent to the collection and processing of your Personal Information. If you disagree to any term provided herein, you may not access or use the Platform and you should not provide us with any Personal Information. you acknowledge and confirm that you are not required to provide us with your Personal Information and that such information is voluntarily provided to us.

2. Which information we may collect on our Users?

We may collect two types of data and information from our Users:

2.1 Non-personal Information. The first type is non-identifiable and anonymous information. Non-personal Information, which is being gathered, consists of technical information and behavioral information that does not pertain to a specific individual (“Non-Personal Information”). When you use the Platform, like most platforms, we passively collect certain Non-Personal Information from your devices, including: (i) technical information such as the type and version of your device and its operating system, the type of browser, screen resolution, device browser and keyboard language, Wi-Fi connectivity, the type and name of your device and/or browser, etc.; and (ii) behavioral information which may include the User’s click-stream on the Platform, the activities of the User on the Platform and additional information of a similar nature (collectively, “Technical and Behavioral Information”). We also use third-party service providers such as Mixpanel to obtain detailed analytics on the User's behavior on the Platform. Please note that we or our third-party service providers will collect such Technical and Behavioral Information by using certain technologies such as cookies, as further detailed below.

2.2 Personal Information. The other type of information we collect is individually identifiable information (“Personal Information”), including:

2.2.1 Personal Information which is provided consciously and voluntarily:

Third Party Service Credentials: when you wish to update your Card information on Third Party Services, you will be required to provide us with the relevant login credentials to such Third-Party Services’ accounts. We will process and use such credentials solely in order to provide you with our services, namely, to update the Card information on such accounts. Such information may include, as applicable, your full name, account name, e-mail address, phone number, password, security questions, etc.
Information derived from your use of our Services: when you use the Platform, we are aware of your actions and interactions within our Platform and may retain such information and derive additional information based on such information, such as your preferences and habits.
Communications with Sunlight: Personal Information you provide to us as part of any communications with Sunlight, by any means, including by contacting us via the Platform.

2.2.2 Personal Information provided via the App: when you use the Platform, we will obtain your credit/debit card information and certain associated information (such as your name, ID number, address, etc.) from your account on the App in which the Platform is integrated.

2.2.3 Personal Information collected via technology:

Identifiers: during your use of the Platform, we will access, collect, process, monitor and/or remotely store online and/or device identifiers, such as Internet Protocol (IP) and MAC address, or other unique identifiers, for statistical, security and metric purposes.
Geolocation data: while using the Platform we will access, collect, process, monitor and/or remotely store "geolocation data", including through the collection of IP addresses and other similar information to determine your general location for analytics and security purposes.
Technical and Behavioral Information: to the extent that the Technical and Behavioral Information detailed above under Section ‎2.1 will be linked to or associated with a specific individual then such information will be considered as Personal Information.

2.3 Please note: We may cross-reference Personal Information with other Personal Information we have about you and any Non-personal Information connected or linked to or associated with any Personal Information shall be deemed as Personal Information as long as such connection, linkage or association exists.

3. How Do We Collect Information about Our Users?

There are a few main methods that we use in order to collect information:

3.1 We collect information through your entry and use of the Platform. In other words, when you are using the Platform we are aware of it and may gather, collect and store the information relating to such usage. For example, when you use the Platform, we gather your Technical and Behavioral Information.

3.2 We collect information which you decide to provide us voluntarily. For example, we collect Personal Information when you provide us with your Third-Party Service accounts’ credentials.

3.3 We collect information from the App in which the Platform may be integrated. When you use the Platform, we will receive from the App into which the Platform is incorporated certain information, including your credit/debit card information.

4. What are the Purposes of the Collection of Information?

4.1 Non-personal Information is collected in order to:

Provide you with our Services;
Create statistics, for research purposes and for customization and improvement of our Platform;
Enhance the User's experience while using the Platform; and
Keep the Platform safe and secured and for prevention of fraud.

4.2 Personal Information is collected in order to:

Provide our Platform and Services;
Respond to your inquiry;
Ensure that the content on the Platform is presented in an optimal way for you and for your device (e.g., tablet, mobile phone);
Conduct internal operations, including troubleshooting, data analysis, testing, research and statistical purposes and to improve the Platform and Services;
Keep the Platform safe and secured and for prevention of fraud and crime;
Comply with our legal obligations and in order to be able to protect our rights and legitimate interests; and
Maintain our data processing records and general administrative purposes.

5. Cookies

When you access or use the Platform, we and/or our third party service providers may use industry-wide technologies such as cookies, web beacons, pixels, clear gifs and other similar tools (or other similar technologies) (collectively, "Cookies") which may enable us, amongst others, to recognize your device from those of other Users of the Platform, to improve the Platform's performance, to deliver a better and more personalized service according to our Users' individual interests and the device or browser used, to track Users' use of the Platform, to gather information about the Users' approximate geographic location (e.g. city), to prevent fraud and/or abuse, to estimate our audience size and usage pattern and perform other analytics and to develop our Platform and Services.

Cookies may locally store information on your device, and we and/or our authorized third party service providers may access such information for the purposes detailed under this Privacy Policy. We and/or our authorized third party service providers may use both session Cookies (which expire once you close the web-browser) and persistent Cookies (which stay on the User’s device until he/she deletes them).

Most devices and browsers will allow you to erase Cookies from your device’s hard drive, block acceptance of Cookies, or receive a warning before a Cookie is stored on your device. However, if you block or erase Cookies, your experience of the Platform may be limited.

For detailed instructions regarding the blocking of Cookies, please refer to your browser's 'help', 'tool' or 'edit' sections or see http://www.allaboutcookies.org/manage-cookies/. Below are links to instructions regarding the blocking of Cookies on commonly used web-browsers: Chrome, Internet Explorer and Microsoft Edge, Mozilla Firefox and Safari.

Please note that the Platform includes the Mixpanel analytics tool. You can prevent Mixpanel from using your information for analytics purposes by opting-out. To opt-out of Mixpanel service, please visit this page: https://mixpanel.com/optout/.

6. Sharing Information with Third Parties

6.1 Sunlight respects your privacy and will not disclose, share, rent, or sell your Personal Information to any third party, other than as permitted under this Privacy Policy. However, we may also share your Personal Information with third parties in the following cases:

Service Providers: Note, that we collect, hold and/or manage Personal Information through Sunlight's authorized third party vendors of certain products or services (such as, cloud services) (including, as applicable, their affiliates) solely and limited to providing us with such requested services, and not for any other purposes. For more information regarding our Service Providers, please refer to Section ‎10 below.
In addition, we may share Personal Information in the following cases: (a) to satisfy any applicable law, regulation, legal process, subpoena or governmental request; (b) to enforce this Privacy Policy and/or the Platform Terms of Use, including investigation of potential violations thereof, and to defend against any claims or demands asserted against us by you or on your behalf; (c) to detect, prevent, or otherwise address fraud, security or technical issues; (d) to respond to claims that contact information (e.g. name, e-mail address, etc.) of a third-party has been posted or transmitted without their consent or as a form of harassment; (e) to protect the rights, property, or personal safety of Sunlight, its Users or the general public; (f) by virtue of undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of the assets of Sunlight, so long as such acquirer maintains the same privacy terms hereunder; or (g) pursuant to your explicit approval prior to the disclosure.

6.2 For avoidance of doubt, Sunlight may use Non-personal Information and transfer and disclose it to third parties at its discretion, including without limitation for statistical, analytical and research purposes and for customization, developing and improvement of the Platform.

7. Your Rights

Sunlight acknowledges that under circumstances you may have the right to access and to request an amendment or deletion of the Personal Information we collect and process about you. If you wish to access or to correct, amend, or delete Personal Information, please send us an email to: support@sunlightapi.com and we will enable you to fulfill such rights, to the extent it is required under applicable laws. If you are a resident of California, please see the additional disclosures regarding your rights under applicable law at the end of this Privacy Policy.

8. Minors

The Platform is intended for Users over the age of sixteen (16). We reserve the right to request proof of age at any stage so that we can verify that minors under this age are not using the Platform. Please contact Sunlight at support@sunlightapi.com if you have reasons to suspect that Sunlight collected Personal Information from minors under the age of sixteen (16).

9. Security

We take reasonable measures to maintain the security and integrity of our Platform and prevent unauthorized access to it or use thereof through generally accepted industry standard technologies and internal procedures. Your Personal Information is hosted on third parties’ servers, which provide advanced strict security standards (both physical and logical). Please note, however, that there are inherent risks in transmission of information over the Internet or other methods of electronic storage and we cannot guarantee that unauthorized access or use will never occur. Sunlight will comply with applicable law in the event of any breach of the security, confidentiality, or integrity of your Personal Information and will inform you of such breach to the extent so required by applicable law. TO THE EXTENT THAT SUNLIGHT IMPLEMENTED THE REQUIRED SECURITY MEASURES UNDER APPLICABLE LAW, SUNLIGHT SHALL NOT BE RESPONSIBLE OR LIABLE FOR UNAUTHORIZED ACCESS, HACKING, OR OTHER SECURITY INTRUSIONS OR FAILURE TO STORE OR THE THEFT, DELETION, CORRUPTION, DESTRUCTION, DAMAGE, OR LOSS OF ANY DATA OR INFORMATION.

10. Third Party Service Providers

While using the Platform we may be using third party service providers, who may collect, store and/or process your Personal Information, as detailed herein. Such third parties service providers include the following:

Cloud Services, such as Amazon Web Services.
Analytics Services, such as Mixpanel.

11. International Data Transfer

Generally, we will store and process your Personal Information solely within the United States. However, to the extent we will transfer such information from the United States to other countries or jurisdictions around the world, we will put in place the necessary safeguards under applicable law to facilitate such transfer, and you hereby consent to such transfer of information (in jurisdiction where such consent is required, to such transfer).

12. Data Retention

Sunlight will retain the Personal Information for as long as we are confident that it is accurate and can be relied upon. Personal Information which is no longer required for the purpose for which it was initially collected will be deleted unless we have a valid justification to retain it which is permitted under applicable law, such as to resolve disputes or comply with our legal obligations.

13. Changes to the Privacy Policy

Sunlight reserves the right to change this Privacy Policy at any time. In case of any material change, we will make reasonable efforts to post a clear notice on the Platform or we will send you an e-mail regarding such changes to the e-mail address that you may have provided us with. Such material changes will take effect seven (7) days after such notice was provided on our Platform or sent to you via e-mail, whichever is the earlier.

14. Additional Disclosures for California Residents

These additional disclosures apply only to California residents. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt-out, and requires businesses collecting or disclosing personal information to provide notices and means to exercise rights.

14.1 Notice of Collection. In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA: (a) Identifiers, including name, email address, device push token and online identifiers; (b) Customer records, including contact details and account details and Third Party Services’ credentials; (c) commercial or transactions information, namely, Card information; (e) Internet activity, including Technical and Behavioral Information and interactions with the Platform; (f) Geolocation data; (g) Inference drawn from the above information about your predicted characteristics and preferences; (h) any personal data included in your communications with us. For further details, please review the Section “What information do we collect?” above. We collect and use these categories of personal information for the business purposes described in the “How do we use the information we collect?” above.

14.2 Sale of Personal Information. We do not “sell” your information, as such term is defined under the CCPA.

14.3 Your Rights. You have the right to know certain details about our data practices in the past 12 months. In particular, you may request the following from us: (a) The categories of personal information we have collected about you; (b) The categories of sources from which the personal information was collected; (c) The categories of personal information about you we disclosed for a business purpose or sold; (d) The categories of third parties to whom the personal information was disclosed for business purposes or sold; (e) The business or commercial purpose for collecting or selling the personal information; and (f) The specific pieces of personal information we have collected about you. In addition, you have the right to delete the Personal Information we have collected from you.

To exercise any of these rights, please submit a request to: support@sunlightapi.com. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete. You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly. You have the right not to receive discriminatory treatment by us for the exercise of any of your rights.

15. Got any Questions?

If you have any questions (or comments) concerning this Privacy Policy, please send us an email to the following address: support@sunlightapi.com and we will make an effort to reply within a reasonable timeframe.