EMPOWER FINANCE PRIVACY POLICY
Last Updated: February 6, 2025
This Privacy Policy describes how Empower Finance and its affiliates, including Empower Finance, Inc., Empower Lending, LLC and Petal Card, Inc., (collectively, “Empower,” “we,” or “us”) collect, use, disclose, and otherwise process information about you. This Privacy Policy applies to information we collect when you access or use any of our websites, mobile applications, and other online products and services offered through Empower, including Empower Cash Advance, Thrive, and Petal Card, that link to this Privacy Policy (collectively, “Services”), or when you otherwise interact with us, such as through our customer support channels or on social media. We may provide different or additional notices of our privacy practices for certain offerings or activities, in which case those notices will supplement or replace the disclosures in this Privacy Policy.
This Privacy Policy applies only to Empower’s processing activities and not to any other financial institution or other third party that you interact or contract with as part of the Services, such as the financial institutions that provide Thrive and Petal Card.
If you apply for or use a financial product or service through Empower, you can also review our U.S. Financial Privacy Notice for a summary of our practices with respect to the nonpublic personal information we collect about you.
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy. If we make material changes, we will provide you with additional notice (such as by adding a statement to the Services or sending you a notification). We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.
CONTENTS
COLLECTION OF INFORMATION
The information we collect about you depends on how you use the Services or otherwise interact with us. In this section, we describe the categories of information we collect and the sources of this information.
Information You Provide to Us
We collect information you provide directly to us. For example, we collect information directly from you when you create an account, fill out a form, sign up to receive communications from us, request customer support, or otherwise communicate with us.
The types of information that we collect directly from you include:
- Name and Contact Information, such as your name, email address, postal address, and phone number;
- Government-Issued Identifiers, such as your Social Security number or driver’s license number;
- Demographic Information, such as your date of birth;
- Financial Account Information, such as the names of the financial institutions where you have accounts and the types of accounts you have;
- Payment Information, we engage a third-party payment processor to collect and process information such as payment method and related information like account number and routing number, account type, security codes, and expiration date;
- Employment-Related Information, such as your annual income and current and past employers and job titles; and
- Other Information you choose to provide directly to us, such as information about you contained in your communications with us.
Information We Collect Automatically
We automatically collect information about your interactions with us or the Services, including:
- Transaction Information: When you complete a transaction through the Services, such as by using one of the credit card products, we collect information about the transactions, such as the merchant you transacted with, the merchant’s location, transaction amount, and date of the transaction.
- Device, Usage, and Activity Information: We collect information about how you access the Services, including data about the device and network you use, such as your hardware model, operating system version, battery usage, device storage, mobile network, IP address, unique device identifiers, browser type, and app version. We also collect information about your activity in connection with the Services, such as the route by which you access the Services, access dates and times, browsing behavior (such as pages viewed and links clicked), and information about your activity on a specific page (such as mouse movements, screen progressions, and the features you use).
- Audio Recordings and Chat Content: If you contact customer service through our chat feature or by phone, we may monitor and retain those conversations.
- Precise Geolocation Information: With your consent, we may collect information about the precise location of your device. You may stop the collection of precise location information at any time (see the Your Privacy Choices section below for details).
- Information Collected by Cookies and Similar Tracking Technologies: We use tracking technologies, such as cookies, pixels, SDKs, and session replay, to collect information about your interactions with the Services and our marketing communications. These technologies help us improve the Services and marketing communications, personalize your experience, and analyze use of the Services and interactions with us, including to see which areas and features of the Services are popular and to count visits. For more information about the cookies and other tracking technologies we use, and the choices available to you, see the Targeted Advertising and Analytics and the Your Privacy Choices sections below.
Information We Collect from Other Sources
We obtain information from other sources. For example, we may collect information from credit reporting agencies; financial institutions that you use; companies that connect the Services to the financial institutions you use; service providers that support offers and rewards programs, like Petal Offers; payment processors; and fraud detection services and data analytics providers. This information may include information relating to your creditworthiness, your accounts and transactions with the financial institutions linked to the Services, and your redemption of offers and the corresponding transaction. For example, Empower uses Plaid Technologies, Inc. (“Plaid”) to gather an end user’s data from financial institutions. By using our service, you grant Empower, our bank partners and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid Privacy Policy.
Information We Derive
We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your approximate location based on your IP address or infer which of the Services may be of interest to you.
USE OF INFORMATION
We use the information we collect to:
- Provide, maintain, and improve the Services and develop new products and services;
- Provide and administer the rewards and offers program(s);
- Personalize your experience with us;
- Send you technical notices, security alerts, support messages, and other transactional or relationship messages;
- Send you marketing communications (see the Your Privacy Choices section below for information about how to opt out of these communications at any time);
- Target advertisements to you on third-party platforms and websites (for more information and to opt out, see the Targeted Advertising and Analytics section below);
- Monitor and analyze trends, usage, and activities in connection with the Services;
- Facilitate contests, sweepstakes, and promotions and process and deliver entries and rewards;
- Detect, investigate, respond to, prosecute, and help protect against security incidents and other malicious, deceptive, fraudulent, or illegal activity, and help protect the rights and property of Empower and others; and
- Comply with our legal and financial obligations.
TARGETED ADVERTISING AND ANALYTICS
We engage others to provide analytics services, serve advertisements, and perform related services across the web and in mobile applications. To do this, we and these third parties may use cookies, web beacons, SDKs, device identifiers, and other technologies to collect information about your use of the Services and other websites and mobile apps, such as your IP address, web browser and mobile network information, pages viewed, time spent on pages or in mobile apps, links clicked, and conversion information. This information is used to deliver advertising targeted to you on other companies’ sites or online services, understand the effectiveness of this advertising, analyze and track data, determine the popularity of certain content, and better understand your activity. Depending on where you reside, you can opt out of cookie-based ad targeting on our website by following the prompts behind the Your Privacy Choices link 
in the site footer. Your opt-out choice will be linked to your browser only; therefore, you will need to renew your opt-out choice if you visit our website from a new device or browser, or if you clear your browser’s cookies. From within our mobile app, you can opt out by adjusting your mobile device settings to limit ad tracking (iOS: Settings > Privacy & Security > Tracking > Allow Apps to Request to Track; Android: Settings > Google > Ads > Opt out of Ads Personalization).
The activities described in this section may constitute “targeted advertising,” “sharing,” or “selling” under certain privacy laws. See Additional Information for Individuals Residing in Certain U.S. States below for details.
You can also visit www.aboutads.info/choices to learn more about interest-based ads or opt out of having your web browsing information used for behavioral advertising purposes by companies that participate in the Digital Advertising Alliance.
DISCLOSURES OF INFORMATION
We disclose personal information as described in the Targeted Advertising and Analytics section above and in the following scenarios:
- Vendors and Service Providers. We disclose personal information to our vendors, service providers, contractors, and consultants who perform services for us, such as companies that assist us with web hosting, payment processing, fraud prevention, identity verification, customer service, professional advisors (e.g., legal, financial, and insurance advisors), analytics, and marketing.
- Credit Reporting Agencies. We disclose and report information about you to credit reporting agencies in accordance with applicable laws, including to retrieve your credit report.
- Financial Institutions. We disclose information about you to the financial institutions that provide you with financial products and services through the Empower platform;
- Law Enforcement Authorities and Individuals Involved in Legal Proceedings. We disclose personal information in response to a request for information if we believe that disclosure is in accordance with, or required by, any applicable law, regulation, or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements.
- To Protect the Rights of Empower and Others. We disclose personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Empower, our users, our third-party business partners, the public, or others.
- Corporate Transactions. We disclose personal information in connection with, or during negotiations of certain corporate transactions, including the merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
- Corporate Affiliates. Personal information is disclosed between and among Empower and our parents, affiliates, subsidiaries, and other companies under common control and ownership.
- With Your Consent and at Your Direction. We make personal information available to third parties when we have your consent or you intentionally direct us to do so. For example, when you participate in any of the offers and rewards programs, you direct us to disclose information about you and your transactions to offers and rewards programs partners like DOSH, payment card networks, and merchants.
If you provide a publicly available product review or otherwise post publicly available content through the Services, the public will be able to see this information. We also disclose aggregated or de-identified information that cannot reasonably be used to identify you.
PROTECTION OF INFORMATION
Empower implements security policies and practices designed to protect the confidentiality and security of personal information associated with your account, which includes the information you provide to register for the Services (such as Social Security number and other identifying information) and other personal information we collect about you and associated with your account. Empower implements measures designed to limit access to this information to personnel that have a business reason to know it and prohibits its personnel from unlawfully disclosing this information.
INTERNATIONAL TRANSFERS
Empower is based in the United States, and we and our service providers process and store personal information on servers located in the United States, which may not provide levels of data protection that are equivalent to those of your home jurisdiction. By using the Services, you acknowledge that such transfers of information outside of your country of residence may occur.
YOUR PRIVACY CHOICES
Account Information
You can access, correct, and delete certain information stored within your Empower account at any time in the mobile app you use to access your account.
Precise Location Information
When you first launch any of our mobile apps that collect precise location information, you will be asked to consent to the app’s collection of this information. If you initially consent to our collection of such location information, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device.
Cookies and Similar Tracking Technologies
Empower uses cookies and similar tracking technologies, as described above. You can usually adjust your browser settings to remove or reject browser cookies. You can also adjust certain cookie settings by clicking https://empower.me/?showCookieConsent=true. Please note that removing or rejecting cookies could affect some of the functionality of the Services, such as remembering your password once you have logged in. Other than honoring legally recognized universal choice signals as described in Your Privacy Rights below, our websites do not currently respond to other do not track signals.
Communications Preferences
You may opt out of receiving text messages or promotional emails from Empower by following the instructions in those communications or in the Empower mobile app under “Notification Settings.” If you opt out, we may still send you non-promotional emails, such as those about your account or transactions.
Mobile Push Notifications
With your permission, we may send push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
Affiliate Sharing Opt Out
In some cases, you can limit sharing between Empower affiliates. Please see our U.S. Financial Privacy Notice for more details. If you want to exercise this right, please contact us at privacy@empower.me.
ADDITIONAL INFORMATION FOR INDIVIDUALS RESIDING IN CERTAIN U.S. STATES
Some U.S. states, including California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia, have enacted or approved comprehensive privacy laws (“State Privacy Laws”). However, these State Privacy Laws generally do not apply to information subject to the federal Gramm-Leach-Bliley Act (what is referred to as nonpublic personal information), the Fair Credit Reporting Act, or information that is not linked or cannot reasonably be linked to a particular consumer or household. As a result, these State Privacy Laws do not apply to the majority of information collected by Empower, if they apply to Empower at all.
This section applies only to the limited personal information that is subject to these State Privacy Laws.
Additional Disclosures
We use the tables below to explain how we collect, use, and disclose your personal information that is subject to these State Privacy laws.
| Category of Personal Information | Categories of Recipients | Purpose for Collecting Personal Information |
|---|---|---|
Identifiers, such as name and email address |
|
|
Internet or other electronic network activity information, such as Device, Usage, and Activity Information and Information Collected by Cookies and Similar Tracking Technologies |
|
|
We also disclose certain categories of personal information to show you targeted ads on third-party websites or applications and to expand the reach and effectiveness of our own marketing campaigns. These disclosures may be considered “sales,” “sharing,” or use of personal information for “targeted advertising” under State Privacy Laws, and the table below provides more information about our practices.
| Category of Personal Information | Category of Third Parties |
|---|---|
Identifiers, such as name and email address |
|
Internet or other electronic network activity information,such as Device, Usage, and Activity Information and Information Collected by Cookies and Similar Tracking Technologies |
|
We collect personal information from various sources, including directly from you, automatically when you access or use our websites, and from third-party sources.
We maintain and use aggregated or de-identified information that we do not treat as personal information only in a de-identified fashion and will not attempt to re-identify such information, except as permitted by law.
We do not knowingly “sell” or “share” (as those terms are defined under State Privacy Laws) personal information about consumers under the age of 18.
We do not collect information that is considered “sensitive” under the applicable state laws, and we do not use or disclose sensitive personal information for the purpose of inferring characteristics about you.
We retain personal information for as long as necessary to carry out the purposes for which we originally collected it and for other purposes described in this Privacy Policy.
Your Privacy Rights
Opt Out of Sales, Sharing, and Targeted Advertising
Some of the activities described in the Targeted Advertising and Analytics section above may be considered “sales” or “sharing” of your personal information or use of your information for “targeted advertising” under the law that applies to you. You can opt out of cookie-based ad targeting on our website by following the prompts behind the Your Privacy Choices link in the footer of our websites. You may need to renew your opt-out choice if you use a different browser or device to access our websites, or if you clear your cookies. From within our mobile app, you can opt out by adjusting your mobile device settings to limit ad tracking (iOS: Settings > Privacy & Security > Tracking > Allow Apps to Request to Track; Android: Settings > Google > Ads > Opt out of Ads Personalization).
You can also opt out by visiting our websites with a legally recognized universal choice signal enabled (such as the Global Privacy Control). Our processing of the signal will be limited to cookie-based sales, sharing, and targeted advertising for the specific browser or device that you are using.
Access, Correction, and Deletion
For data that is subject to the State Privacy Laws, you have the right to (1) request to know more about and access your personal information, including in a portable format, (2) request deletion of your personal information, and (3) request correction of inaccurate personal information.
To request access, correction, or deletion of your personal information, email us at privacy@empower.me. To authenticate your request, we may request that you provide your name and an email address and respond to a confirmation email that will be sent to that address. Only you, or someone legally authorized to act on your behalf and with written permission, may make a verifiable consumer request related to your personal information.
Nondiscrimination
You have the right not to be discriminated against for exercising any of your privacy rights.
Appeals
If we deny your request, you may appeal our decision by contacting us at privacy@empower.me. If you have concerns about the result of an appeal, you may contact the attorney general in the state where you reside.
Authorized Agents
If you are an authorized agent seeking to make an opt-out request for a consumer, please follow the instructions in the “Opt Out of Sales, Sharing, and Targeted Advertising” section above.
If you reside in California, you may also designate an authorized agent to submit an access, deletion, or correction request on your behalf. We may ask authorized agents to submit proof of their authority to make a request, such as a valid power of attorney or proof that they have signed permission from the consumer who is the subject of the request. In some cases, we may be required to contact the individual who is the subject of the request to verify his or her own identity or confirm the authorized agent has permission to submit the request. If you are an authorized agent seeking to make an access, correction, or deletion request on behalf of a California resident, please email us at privacy@empower.me.
CONTACT US
If you have any questions about this Privacy Policy, please contact us at privacy@empower.me.
| FACTS | WHAT DO EMPOWER AND ITS AFFILIATES DO WITH YOUR PERSONAL INFORMATION? |
|---|---|
| Why? | Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do. |
| What? | The types of personal information we collect and share depend on the product or service you have with us. This information can include:
When you are no longer our customer, we continue to share your information as described in this notice. |
| How? | All financial companies need to share consumers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their consumers' personal information; the reasons Empower chooses to share; and whether you can limit this sharing. |
| Reasons we can share your personal information | Does Empower share? | Can you limit this sharing? |
|---|---|---|
For our everyday business purposes— | Yes | No |
For our marketing purposes— | Yes | No |
For joint marketing with other financial companies | No | We don't share |
For our affiliates’ everyday business purposes— | Yes | No |
For our affiliates’ everyday business purposes— | Yes | Yes |
For nonaffiliates to market to you | No | We don't share |
| To limit our sharing | E-mail us at privacy@empower.me. Please include “Limit Sharing” in the subject line of the email and include any/all of the following opt-out statements in the body of the email to indicate your choices:
Please note the following: If you are a new customer, we can begin sharing your information 30 days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing. * See Other Important Information Below |
|---|
| Questions? | Call 888.943.8967 or go to empower.me/privacy or email us at privacy@empower.me |
|---|
| Who we are | |
|---|---|
Who is providing this notice? | Empower Finance and its affiliates, including Empower Finance, Inc., Empower Lending LLC, and Petal Card, Inc. |
| What we do | |
How does Empower protect my personal information? | To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings. For more information, see the "Protection of Information" section of our Privacy Policy. |
How does Empower collect my personal information? | We collect your personal information, for example, when you
We also collect your personal information from others, such as credit bureaus, affiliates, or other companies. For more information, see the "Collection of Information" section of our Privacy Policy. |
Why can’t I limit all sharing? | Federal law gives you the right to limit only
State laws and individual companies may give you additional rights to limit sharing. See the "Other important information" section below for more on your rights under state law. |
| Definitions | |
Affiliates | Companies related by common ownership or control. They can be financial and nonfinancial companies.
|
Nonaffiliates | Companies not related by common ownership or control. They can be financial and nonfinancial companies.
|
Joint marketing | A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
|
| Other important information | |
You may have other privacy protections under applicable state laws. To the extent these state laws apply, we will comply with them when we share information about you. For California residents: In accordance with California law, we will not share information we collect about you with companies outside of our corporate family, except as permitted by law, including, for example, with your consent or to service your account. We will limit sharing among our companies to the extent required by California law. For Vermont residents: In accordance with Vermont law, we will not share information we collect about you with companies outside of our corporate family, except as permitted by law, including, for example with your consent or to service your account. We will share information about your creditworthiness and transactions or experiences with us within our corporate family in accordance with law, such as, with respect to your creditworthiness, with your authorization or consent. Telephone Communications: All telephone communications with us or our authorized agents may be monitored or recorded. | |
