Doorstep by ClearBalance Privacy Policy

CSI Financial Services, LLC, and our subsidiaries and affiliates (collectively “Doorstep”, “we”, “us”, “our”) respect your privacy. This privacy policy (“Doorstep Privacy Policy”) outlines Doorstep’s privacy practices as related to the Doorstep by ClearBalance software-as-a-service (“Doorstep SaaS”), including any content, functionality, and services offered on or through the Doorstep SaaS (the “Services”).  Specifically, this Doorstep Privacy Policy explains: (1) how we may collect, use, and disclose information we obtain through the Services; and (2) the choices you can make about the handling of the information. We also describe how you can contact us about our privacy practices. This Doorstep Privacy Policy is incorporated by reference into the Doorstep Terms of Use.

Please note that we may operate other websites, services, or applications which may be governed by other privacy policies and for which we may have other privacy practices.  You should review the privacy policies applicable to these other websites, services, or applications to learn more about our privacy practices there.  This Doorstep Privacy Notice only applies to your use of Services and any information processed through the Services. 

A.           Information We Collect and How we Collect It

We may obtain information about you in a variety of ways, such as when you voluntarily provide it to us, in our role as a processor of payment transactions, or when it is automatically sent to us by the device you use to access the Services.

Information We Collect from You

When you use the Service, you may provide us with the following types of information:

  • Your Account information. To interact with our Doorstep SaaS, you will need to provide us with your name, hospital identifier, and date of birth. We will ask for your email and/or cell phone if you opt-in to electronic communications with the Doorstep portal.
  • Payment Information. When submitting a payment through our Services, we ask you for payment information such as the payer’s name, address, phone number, and email address. As part of the payment process, we and/or our partners may collect your credit card information, financial account information, such as bank account numbers, names, and routing codes.
  • Messages and Support Requests. We collect the information you submit when you communicate with us by email, chat, or other methods. This includes payer support where you may choose to submit information regarding a problem or whether you speak to one of our representatives directly or otherwise engage with our support team. A summary of the problem you are experiencing, screenshots, documentation or information that would be helpful in resolving the issue.
  • Use of the Services. We collect information about you when using the Services and taking certain actions. This information includes links you click on; content using analytics techniques that hash, filter or otherwise scrub the information and we collect clickstream data about how you interact with and use features of the Services.
  • Device Information. We collect information about your computer, phone, tablet or other devices you use to access the Services. Including browser type, IP address, device identifiers and crash data. We will also use your IP address and/or country preference to provide you with a better user experience.

Information We Collect from Others

We may receive information from third parties, including financial institutions and other financial service providers. In the course of processing your payment transaction we may work with a number of institutions, who we have partnered with, to help us provide our Services, including banks and non-bank financial institutions such as card processors, electronic money institutions and payment service providers.

Information We Collect Using Cookies and Similar Technologies

When you use our Services or open our communications, we and our third-party service providers may collect certain information by automated means, such as cookies, web beacons and web server logs. The information collected in this manner includes IP address, browser characteristics, device IDs and characteristics, operating system version, language preferences, referring URLs, and information about the usage of our Services. We may link this data to your profile. To learn more about the use of cookies by us and third parties, including your opt out options, please visit our Cookie Policy.

We work with third party partners such as analytics partners, who may collect information about your use of the Services, including Google Analytics. To learn more about Google Analytics and the choices Google provides regarding your information, please visit https://policies.google.com/technologies/partner-sites.

B.           How We Use the Information We Collect

We may use the information we obtain about you, as permitted by applicable law, to:

  • Provide and improve the Services;
  • Confirm your identity and authenticate your detail when logging in;
  • verify accounts and activities, to monitor suspicious or fraudulent activities and to identify violations of policy;
  • Process your payment transaction and keep you informed about the status of your payment;
  • Comply with and enforce applicable legal requirements, industry standards and our policies;
  • Prevent potentially illegal or prohibited activities and enforce our Terms of Use;
  • Respond to your inquiries, resolve disputes, and provide support;
  • We use collective learnings about how people use our Services to troubleshoot and to identify trends, usage, patterns, and areas of integration to better analyze, operate, and improve our business and the Service (including enhancing the user experience, managing communications and functionality, and developing new products and services);
  • Communicate with you for Services-related purposes, such as sending payment reminders;
  • Compare information for accuracy and verify it with third parties;
  • Further our business relationship with you, if we have collected your personal information in the context of an actual or potential business relationship;
  • De-identify or aggregate data collected through the Services and use and disclose it for any purpose; and
  • Fulfill other purposes to which you have consented, which would be reasonably expected by you, or which are otherwise authorized or required by law. Where required by law or where we believe it is necessary to protect our legal rights, we will use information about you in connection to legal claims, regulatory issues, audit function, merger, or funding.

C.           Disclosure of Information

We may share your information, as permitted by applicable law, in connection with the purposes described in Section B of this privacy policy. This includes sharing your information in the following ways:

  • We may share your information with service providers and vendors who assist us with the delivery of the Services. In some cases, to successfully process your payment or refund, we may share bank/payment receipt documents that you have sent to us with financial institutions under contract with whom we work, to assist with the processing and/or refund of that payment. Our contracts oblige these financial institutions to only use your personal information in connection with the services they provide to us and not for their own benefit.
  • To process your payment, we may share some of your information with your healthcare provider.
  • In order to perform the Services or meet our legal and regulatory obligations, we may have to transfer your personal information to third parties, including third parties outside of your local country.
  • Additionally, your information may be shared with other financial institutions, trade bodies, anti-fraud organizations and law enforcement agencies for the purposes of identifying and preventing fraud, money laundering, terrorist financing and other financial crimes.
  • If we are required to do so by law or legal process or to comply with the law, or when we believe, in our sole discretion, that the disclosure of personal information is appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity or to investigate violations of our Terms of Use and other agreements.
  • To any third party with your consent.
  • To any third party we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Doorstep, our users, or others.
  • If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction.

We do not rent, sell, or share personal information (as defined by California Civil Code § 1798.83) about you with other people or nonaffiliated companies for their direct marketing purposes.

D.           Your Rights and Choices

You may have certain rights regarding the personal information we collect and maintain about you and how we communicate with you.

When we request information from you on the Services, you may always choose not to provide us with that information. However, if you decline to provide us with certain information, this may affect the functionality of the Services.

You can access, modify, or update certain personal information submitted on our Services by logging into your account and changing your preferences. Subject to applicable law, you may have the right to request access to and receive other personal information we hold about you, update, and correct inaccuracies in your personal information, and have the information deleted, as appropriate or to request a copy of your information. To exercise these rights, contact us as described below (see section K of this privacy policy). Your right to access, update, correct or delete personal information may be limited in some circumstances by local law requirements.

Where your data needs to be shared with third parties for payment, for example, payment partners, you will need to contact those third-party service providers directly to enforce your rights.

You may ask us to stop using or processing your data where you have given us consent.

You may contact us to withdraw your consent, but this will not affect any processing that has already taken place at the time.

You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of the Services may then be inaccessible or not function properly.

We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI's website/or other opt out mechanism.

Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many digital service operators, including Doorstep, does not recognize or respond to DNT signals.]

E.            How We Protect Your Personal Information

Doorstep maintains reasonable safeguards combining administrative, technical, and physical measures which are designed to provide protection to the personal information you provide against accidental, unlawful, or unauthorized destruction, loss, alteration, access, interference, modification, disclosure, or misuse.

Our Services are operated and managed on servers located and operated within the United States. By using and accessing our Services, residents and citizens of countries and jurisdictions outside of the United States agree and consent to the transfer to and processing of personal information on servers located in the United States, and that the protection of such information may be different than required under the laws of your residence or location.

We use Transport Layer Security (TLS) encryption on our website when transmitting information and use other commercially reasonable efforts to protect your information. We continue to assess new technology for protection of information and upgrade our information security systems where appropriate. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us.

F.            Retention

We retain your account information for as long as your account is active and as necessary to comply with our legal obligations. As a regulated business, we comply with statutory retention periods contained in regulations applicable to financial transactions, including those in anti-money laundering, anti-terrorist financing and other laws to which we are subject. After such time we will either delete or anonymize your information or if it is not possible then we will securely store your information and isolate it from any further use until deletion is possible.

G.           Children’s Privacy

Doorstep is not directed to children, and we do not knowingly collect personal information from children under 13. If we find out that a child under 13 has given us personal information, we will take steps to delete that information. If you believe that a child under the age of 13 has given us personal information, please let us know.

H.           Links to Other Websites

Our Services may include links to other third websites, applications, or services. When you access another third-party website, application, or service, we strongly suggest you review the privacy policy or notices before authorizing a third party to process your personal information. Doorstep is not responsible for the content or privacy practices of external websites, applications, or services.

I.             Changes to Our Doorstep Privacy Policy

Our Doorstep Privacy Policy may change from time to time. We will post any Doorstep Privacy Policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes the date this Doorstep Privacy Policy was last revised is at the top of this page. We encourage you to review this Doorstep Privacy Policy periodically to check for any updates or changes.

J.             Contact Information

If you have any questions or concerns related to this privacy policy, or if you wish to request access to, or correction of, your personal information or make a privacy complaint you may contact us, or write to us at:

Doorstep by ClearBalance

Attn: Privacy Officer

PO Box 927830

San Diego, CA 92192-7830

 

Last Updated: January 2024