Pomelo values customer trust and respects a customer’s privacy. This policy explains what information we collect about customers, with whom we share it, and how customers can direct us not to share certain information with certain parties. We are committed to maintaining the confidentiality of a customer’s personal financial information in accordance with our established policies and in compliance with applicable law. This document outlines the manner in which we collect, use and maintain the nonpublic personal information we receive from and about customers.
We collect nonpublic personal information about you in order to administer our business, process your transactions, understand your needs, and provide you with products and services. We obtain nonpublic personal information about you from the following sources:
We may disclose all of the information we collect, as described above, to companies (including affiliates) that perform services on our behalf, including those who assist us in preparing and distributing cardholder communications, and responding to customer inquiries. We will also disclose information about your card, membership, and transactions: (a) to service your account; (b) where it is necessary or helpful to effect, process, confirm or enforce a transaction you request or your membership rights and obligations; (c) to verify the existence and availability of credit associated with your card; (d) to comply with legal process, such as subpoenas and court orders; (e) to law enforcement authorities if we believe a crime has been committed; (f) to our agents, service providers and auditors, and (g) if you give us your consent. We may also disclose nonpublic personal information about you as permitted by law.
We may enter into arrangements with non-affiliated parties, such as financial service providers, lenders, insurance providers and agencies, card issuers, retailers and direct marketers, in order to provide you with special offers that we believe may be of value to you. We may disclose contact information to those parties who may want to offer their products and services to you, unless you opt-out as described below.
We may use an outside shipping company to fulfill orders, and a card processing company to bill you for goods and services. These companies do not retain, share, store or use personally identifiable information for any other purpose.
We use other third parties to provide statistical tracking and advertising effectiveness for our web site. When you sign up for Pomelo services, we may share information such as your name and address and other information as necessary for the third party to provide that service. These third parties are prohibited from using your personally identifiable information for any other purpose.
As described in this privacy policy, we may use nonpublic personal information about you for certain marketing and promotional activities, including disclosure of such information to non-affiliated third parties. You have the right to opt out of this use and disclosure of nonpublic personal information at any time before or after you submit such information through one of the two following methods:
By email: support@pomelo.com
By Mail: Pomelo, 720 York St, Ste 116, San Francisco, CA 94110
Pomelo does not disclose information about consumers with a Vermont or California mailing address to unaffiliated third parties without your written authorization, unless otherwise permitted by law. Disclosures that are permitted under Vermont and California law without written authorization include, among others, disclosures necessary to effect, administer or enforce a transaction you request; disclosures to our authorized agents and service providers; disclosures permitted or required by law or disclosures to prevent fraud or other illegal activities.
Written authorizations from Vermont residents may be delivered to us by mail at Pomelo, 720 York St, Ste 116, San Francisco, CA 94110 or by email at support@pomelo.com. Vermont authorizations must contain your name, address and signature and your authorization to disclose your information to nonaffiliated parties.
You may revoke your consent at any time by sending us written notice by mail or email at the addresses above.
California residents should contact us at the addresses provided above for instructions on how to deliver their authorizations.
We will occasionally send you information on new products, features or promotions. Out of respect for your privacy, we present the option not to receive these types of communications. Please see the “Choice/Opt-Out” section above.
In addition, we may also send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email. Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account.
We restrict access to nonpublic personal information about you to our employees who have a need to know such information (e.g., to process your transactions). We train our employees on the importance of customer privacy and confidentiality. We also maintain physical, electronic, and procedural safeguards that comply with federal standards to guard the nonpublic personal information of our customers.
The security of your personal information is important to us. When you enter sensitive information (such as your Social Security number) on our registration or order forms, we encrypt that information using the secure socket layer technology (SSL).
Our web site may feature links to third party web sites that offer goods, services, or information. Some of these sites may appear as windows-within-windows at our web site. When you click on one of these links, you will be leaving our site and will no longer be subject to this policy. We are not responsible for the information collection practices of the other web sites that you visit and urge you to review their privacy policies before you provide them with any personally identifiable information. Third party sites may collect and use information about you in a way that is different from this policy.
You may have other privacy protection under some state laws. We will comply with applicable state laws regarding information about you. For example, certain state laws may restrict the types of information we may disclose about you or require us to provide you with additional notices or opt-out rights.
We have a process in place that helps us to maintain the accuracy of the personally identifiable information that we collect. Please visit our web site at https://www.pomelo.com to review and correct information about yourself, such as a change in your contact information. If you believe that our information is inaccurate or incomplete, you may contact us as listed at the end of this document and ask us to correct or update our information.
We may add to, delete from, or otherwise change the terms of this Privacy Policy from time to time by posting a notice of the change (or an amended Privacy Policy) at this website. If required by law, we will send you a notice of the change by a method that we select and that complies with applicable state and federal laws as well as the terms of your cardholder agreement. Such methods could include email, postal mail and/or posting on this website. Your continued use of our web site or any service following such notification will constitute evidence of your agreement to the revised Privacy Policy.
Pomelo will provide an annual notice of its privacy policies and practices during the continuation of a customer relationship.
If you have any questions regarding this Privacy Policy, you can contact us in the following ways:
By email: support@pomelo.com
By Mail: Pomelo, 720 York St, Ste 116, San Francisco, CA 94110
Penalties for Non-Compliance: Non-compliance with any policy or standard may expose the Company to unacceptable risk. Any deviation can subject the offender to disciplinary action, including dismissal. If adherence to any policy or standard is believed to be unwarranted, documentation substantiating that assessment must be forwarded to the Information Security Officer and Human Resources.
California Consumer Privacy Act Notice
This California Consumer Privacy Act Notice (“CCPA Notice”) explains how Pomelo, Inc. (“Pomelo,” “we,” “us,” or “our”) collects, uses, and discloses personal information that is subject to the California Consumer Privacy Act (“CCPA”). It also describes the privacy rights of California residents under the CCPA and how they can exercise those rights.
This CCPA Notice applies solely to California residents and supplements any other privacy policies or notices applicable to the Pomelo services that you visit or use.
Under the CCPA, “personal information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
The CCPA does not apply to certain information, such as information subject to the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and certain other state or federal privacy laws.
Most of the information we have collected has been collected in the context of providing financial products and services, and is therefore not subject to the CCPA. We also collect personal information relating to California residents in other contexts, including in connection with our marketing activities, our websites and mobile applications.
In the past twelve months, we have collected the following categories of personal information, as defined in the CCPA, relating to California residents. The categories of personal information that we collect, use, and disclose about a California resident will depend on our specific relationship or interaction with that individual. The examples provided in each category below include both financial and non-financial information and are for illustrative purposes only.
CCPA Categories | Illustrative Examples |
Identifiers | Name, address, phone, email address, online identifiers, internet protocol address, or other similar identifiers |
Personal information as defined in the California Customer Records Act, Cal. Civ. Code § 1798.80 | Contact and financial information |
Protected classification characteristics under California or federal law | Age |
Commercial information | Information about past transactions or purchases |
Internet or other electronic network activity | Information on a consumer’s interaction with a website, application, or advertisement |
Geolocation data | Device location |
Inferences drawn from other personal information to create a profile about a consumer | Certain inferences concerning an individual’s preferences and characteristics |
In the past twelve months, we have collected personal information relating to California residents from the following sources:
Sources | Illustrative Examples |
Directly from you | Credit card applications, transactions, interactions with our website or mobile apps, calls to our call center. |
Business partners | Card partnerships |
Service providers | Software providers, marketing companies, communication services, fraud prevention services, data analytics providers, data providers |
Third parties that you have authorized or directed to share your information with us | Payment processors, credit management programs, additional cardholders connected to your account |
Most of the information we use is in the context of providing financial products and services, and is therefore not subject to the CCPA. We may use personal information relating to California residents for one or more of the following business purposes:
Providing and maintaining our products and services
Verifying your identity
Detecting and preventing fraud
Protecting against security risks
Advertising and marketing
Conducting research and data analysis
Maintaining our facilities, systems, and infrastructure
Improving our products and services
Carrying out our legal and business purposes, such as complying with federal, state, or local laws, responding to civil, criminal, or regulatory lawsuits or investigations, exercising our rights or defending against legal claims, resolving complaints and disputes, performing compliance activities, performing institutional risk control, and otherwise operating, managing, and maintaining our business
As otherwise disclosed to you at or before the point of collecting your personal information
We may also use personal information relating to California residents for one or more of the specific “business purposes” listed in the CCPA:
Certain auditing and measurement purposes, such as counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with applicable standards
Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
Debugging to identify and repair errors that impair existing intended functionality
Short-term, transient use
Performing services on behalf of Pomelo or its service providers, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of Pomelo or its service providers
Undertaking internal research for technological development and demonstration
Undertaking activities to verify or maintain the quality or safety of a service that is owned or controlled by Pomelo, and to improve, upgrade, or enhance the service that is owned or controlled by Pomelo
In the past twelve months, we have disclosed each of the above-listed categories of personal information concerning California residents for our business purposes to one or more of the following categories of third parties:
Third Parties | Illustrative Examples |
Service providers | Software providers, marketing companies, communication services, fraud prevention services, data analytics providers |
Business partners | Card partnerships |
Third parties, when you have authorized or directed us to share your information with them | Payment processors, credit management programs, additional cardholders connected to your account |
We, as well as third parties that provide content, advertising, or other functionality on our services, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect information through your use of our online services.
Cookies. Cookies are small text files placed in device browsers that store preferences and facilitate and enhance your experience.
Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in our services that collects information about engagement on our services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
Our uses of these Technologies fall into the following general categories: (i) operationally necessary; (ii) performance related; (iii) functionality related; and (iv) advertising or targeting related.
Advertising. Some of the advertising Technologies we use include:
Facebook Connect. For more information about Facebook’s use of your personal information, please visit Facebook's Data Policy. To learn more about how to opt-out of Facebook’s use of your information, please click here while logged in to your Facebook account.
Analytics. Some of the analytics Technologies we use include:
Google Analytics. For more information about how Google uses your personal information, please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your information, please click here.
LogRocket (Session Replay Services). We use LogRocket’s session replay services. This allows us to record and replay an individual’s interaction with the services. For more information about how LogRocket uses your personal information, please visit the “Information Collected from Visits to Websites that use LogRocket Services” section of LogRocket’s Privacy Policy.
Your Choices Regarding Technologies. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS, and others.
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from organizations that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative and the Digital Advertising Alliance.
If you are a California resident, you may request that we disclose to you the following information covering the twelve months preceding your request:
The categories of personal information described above that we have collected about you and the categories of sources from which we collected such personal information
The business or commercial purposes for collecting such personal information
The categories of personal information about you that we have disclosed to third parties for a business purpose and the categories of third parties to whom we have disclosed such personal information
The specific pieces (e.g., copies) of personal information we have collected about you
California residents also have the right to submit a request for deletion of personal information under certain circumstances, although there may be legal or other reasons that Pomelo will retain your information.
In some instances, we may decline to honor your request. For example, we may decline to honor your request if we cannot verify your identity or confirm that the personal information that we maintain relates to you, or if we cannot verify that you have the authority to make a request on behalf of another individual. In other instances, we may decline to honor your request where an exception applies, such as where the disclosure of personal information would adversely affect the rights and freedoms of another consumer or where the personal information that we maintain about you is not subject to the CCPA.
“Sales” of Personal Information under the CCPA. For purposes of the CCPA, Pomelo does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age.
Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To authorize an agent, provide written authorization signed by you and your designated agent and contact us as set forth in “Contact Us” below for additional instructions.
Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling your request. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, or to answer questions regarding your account and use of our services.
Exercising Your Rights. If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.
De-Identified Information. If we create or receive de-identified information, we will not attempt to reidentify such information, except to comply with applicable law.
Do Not Track. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
We may revise this CCPA Notice from time to time in our sole discretion. If there are any material changes to this CCPA Notice, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated CCPA Notice if you continue to use our services after the new CCPA Notice takes effect.
If you have any questions about our privacy practices or this CCPA Notice, or to exercise your rights as detailed in this CCPA Notice, please contact us at:
By email: support@pomelo.com
By mail: Pomelo, 720 York St, Ste 116, San Francisco, CA 94110