Vera Online Privacy Notice
This Online Privacy Notice (“Notice”) explains how Vera Inc. (“Vera,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you visit or use our websites, mobile applications, online services, or interact with us electronically (collectively, the “Online Services”).
This Policy applies to Vera’s Online Services whether or not you are a Vera cardholder. It supplements other disclosures we provide, including the FinWise Bank d/b/a Cottonwood Payments (“Cottonwood Payments”) U.S. Consumer Privacy Notice (for GLBA-covered financial information) and the Vera California Privacy Notice (for California residents).
If you obtain a Vera credit card issued by Cottonwood Payments, some of your information will be subject to the Bank’s GLBA privacy notice, which governs how the Bank collects, uses, and shares information related to your financial product. This Online Privacy Notice covers information collected by Vera outside the scope of GLBA—primarily online interactions, marketing, analytics, and digital services.
Information We Collect
Some of the information we collect may be considered ‘sensitive personal information’ under applicable state privacy laws. We use such information only as reasonably necessary to provide services, ensure security, comply with law, or for other permitted purposes. We may collect information from or about you in the following ways:
A. Information You Provide Directly
This includes information you give to us when you:
- Create or access an online accoun
- Use our mobile application or website
- Contact customer support using any channel we may make available
- Sign up for marketing communications
- Complete surveys or feedback forms
Examples include:
- Name, email address, phone number, mailing address
- Login credentials
- Date of birth or other identifiers
- Communications and customer-support messages
B. Information We Collect Automatically
When you use our Online Services, we automatically collect:
Device & Browsing Information
- IP address
- Browser type and settings
- Mobile device identifiers
- Operating system
- Language and time zone
- Referring URLs
Usage Information
- Pages viewed, links clicked, scrolling and navigation
- Session length and patterns
- App performance and crash logs
Cookies & Tracking Technologies
We use:
- Cookies
- Web beacons / pixels
- SDKs (in our mobile app)
- Local storage
- Session identifiers
- Advertising IDs (e.g., IDFA, GAID)
These technologies support:
- Authentication
- Fraud prevention
- Analytics
- Personalization
- Marketing and advertising
We do not intentionally collect biometric identifiers. If biometric data (such as fingerprints, facial geometry, or voiceprints) is processed in connection with authentication or security, it is collected and controlled by third-party providers (such as device manufacturers or wallet providers) and governed by their privacy policies.
C. Information from Third-Party Sources
We may receive information from:
- Service providers (analytics, fraud prevention, communications tools)
- Marketing partners
- Social-media platforms (if you interact with Vera content)
- Third parties you authorize to share information with us
Examples: identity verification results, device-risk signals, aggregated marketing insights.
D. Information Related to Your Credit Card Account (If Applicable)
When you have a Credit Card and related Account serviced by Vera:
- Information related to your credit account, credit decisioning, transactions, or financial data is collected and governed by Cottonwood Payments, not this Online Privacy Policy, and is covered by the Bank’s GLBA privacy notice.
- Vera may receive certain data from the Bank as the program manager and servicer, but its use is limited to operating the program and providing services to you.
How We Use Your Information
We may use information collected through the Online Services to:
Provide and Improve Services
- Operate the website and mobile app
- Authenticate users and process requests
- Provide customer support
- Maintain and improve our Online Services
Security, Fraud Prevention, and Compliance
- Verify identity
- Detect and prevent fraud or unauthorized activity
- Monitor and secure our systems
- Comply with legal and regulatory obligations
Marketing and Personalization
- Provide tailored content and promotions
- Deliver targeted advertising
- Measure campaign performance
Analytics & Research
- Understand usage patterns
- Improve user experience
- Develop and evaluate new features and products
Legal, Regulatory, and Operational Purposes
- Respond to subpoenas and legal process
- Enforce our terms and policies
- Support corporate transactions (mergers, acquisitions)
We may combine information collected from different sources for the above purposes.
How We Share Information
Vera does not sell personal information for monetary consideration. However, certain disclosures of information may be considered a ‘sale’ or ‘sharing’ under applicable state privacy laws, including disclosures for targeted advertising. We may share information with:
A. Service Providers
To support:
- Website/app functionality
- Hosting and storage
- Analytics
- Advertising and marketing
- Identity verification
- Fraud detection
- Customer support
Service providers are contractually required to use information only to perform services for Vera.
We do not sell, rent, or share your mobile phone number, SMS consent status, or opt-in data with third parties for any purposes unrelated to delivering communications on our behalf. We may share this data with our service providers (such as MoEngage, Twilio, and similar vendors) solely for the purpose of delivering text messages or other communications as consented to by you.
B. Business Partners
Such as:
- Merchants participating in reward programs
- Payment processors
- Identity verification or fraud-prevention partners
C. Advertising & Analytics Partners
We allow third parties to collect information through tracking technologies to provide:
- targeted advertising,
- cross-site and cross-app personalization, and
- analytics services.
You may opt out (see the “Your Privacy Rights and Choices” Section below).
D. Legal, Regulatory, or Safety Requirements
We may disclose information when required by:
- law enforcement
- regulators
- legal process
- to protect the rights, safety, or property of Vera, our users, or others
E. Corporate Transactions
Information may be shared in connection with a merger, acquisition, asset sale, or bankruptcy.
Cookies & Tracking Technologies
We use cookies, pixels, SDKs, and related technologies for:
- authentication
- remembering preferences
- analytics
- improving performance
- preventing fraud
- delivering targeted ads
Third-Party Tracking
We allow certain third parties to collect information across our Online Services and others for:
- remarketing
- behavioral advertising
- audience measurement
You can manage or disable cookies through your browser or device settings.
Children’s Privacy
Our Online Services are not intended for children under 13, and we do not knowingly collect information from children. If we learn we have collected such information, we will delete it.
Data Retention & Security
Retention
We retain information for as long as:
- necessary to provide and support the services;
- required by law;
- needed for fraud prevention, auditing, tax, or compliance;
- necessary to fulfill the purposes described in this Notice, or
- needed to defend or bring legal claims.
Security
We implement reasonable administrative, technical, and physical safeguards.
However, no method of transmission or storage is 100% secure.
Our service providers may process information in the United States and other countries. We take steps to ensure appropriate safeguards are in place consistent with applicable law.
Your Privacy Rights & Choices
Depending on your state of residence, you may have rights to:
- access your personal information
- request deletion
- request correction
- opt out of sharing for targeted advertising
- limit certain tracking technologies
- manage cookie preferences
These rights may be available under state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), Colorado Privacy Act, Virginia Consumer Data Protection Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Texas Data Privacy and Security Act, and other similar state laws.
Global Privacy Control (GPC)
If your browser sends a GPC signal, we will treat it as a request to opt out of sharing for cross-context behavioral advertising where required.
Targeted Advertising Opt-Ou
You may opt out of certain targeted advertising via:
- Digital Advertising Alliance (DAA)
- Network Advertising Initiative (NAI)
- Mobile device settings (“Limit Ad Tracking” or equivalent)
California residents should also refer to the Vera California Privacy Notice for rights under the CCPA.
If we deny your request, you may appeal our decision by contacting us at legal@vera.credit. We will respond to appeals within the time required by applicable law.
Links to Third-Party Websites and Services
We may link to third-party sites or services not controlled by Vera.
This Policy does not apply to those third-party services.
Review their privacy practices independently.
Changes to This Policy
We may update this Online Privacy Policy from time to time.
When we do, we will update the “Effective Date” above and post the revised version.
Your continued use of the Online Services constitutes acceptance of the revised Policy.
Contact Us
If you have questions about this Online Privacy Policy or our privacy practices, you may contact us at:
Vera Inc.
Email: legal@vera.credit
Phone: 1-800-769-1306
Website: vera.credit/privacy
If you are a Vera cardholder, the Cardholder Agreement governs your Card and Account. In the event of a conflict between this Privacy Notice and the Cardholder Agreement with respect to your financial product, the Cardholder Agreement will control.