Privacy Policy

Last Updated: June 25, 2024

Thank you for choosing to be a part of the wonderful community at Jon D. Rock, Inc., a Delaware corporation doing business as Jon D. Rock (“Jon D. Rock”, “we”, “us”, “our”). It is our fundamental belief that privacy is a human right to be respected. Our users’ trust is our highest priority, and we are committed to protecting your personal information and your right to privacy. For any questions or concerns regarding this Privacy Policy, or our practices with regards to your personal information, please contact us at info@jondrock.com.

When you use the Jon D. Rock mobile application, as the case may be (the “App”) and more generally, use any of our services (the “Services”, which include the App), we appreciate the trust you are placing in us with respect to your personal information. We take your privacy very seriously and as a result, in this Privacy Policy, we seek to explain clearly and transparently what personal information we collect through the App, how we use it and what rights you have in relation to it. Please take the time to carefully read this Privacy Policy, as it is important. If there are any terms in this Privacy Policy that you do not agree with, please discontinue use of our Services immediately. 

This Privacy Policy applies to all personal information collected through our Services (which, as described above, includes our App), as well as any related services, sales, marketing, or events.

Information we collect

Personal Information you disclose to us

In short – we collect personal information that you provide to us. 

We collect personal information that you voluntarily provide to us when you register on the App, express an interest in obtaining information about us or our products and Services, when you participate in activities on the App or otherwise when you contact us. 

The personal information we collect depends on the context of your interactions with us and the App, the choices you make and the products and features you use. The personal information we collect may include the following: names; email addresses; phone numbers; mailing addresses; usernames; passwords; contact preferences; contact or authentication data; gross income and other similar financial information.

Information automatically collected

In short – Some information – such as your Internet Protocol (IP) address and/or browser and device characteristics – are collected automatically when you visit the App. 

We automatically collect certain information when you visit, use, or navigate the App. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name or ID, country, location, information about how and when you use our App and other technical information. This information is primarily needed to maintain the security and operation of our App, and for our internal analytics and reporting purposes. 

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect automatically includes:

  • Log and Usage Data. Log and usage data is service-related, diagnostic, usage and performance information our servers automatically collect when you access or use our App and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings and information about your activity in the App (such as data/time stamps associated with your usage, pages and files viewed, searches and other actions you take, such as which features you use), device event information (such as system activity, error reports (sometimes called “crash dumps”) and hardware settings.
  • Device Data. We collect device data such as information about your computer, phone, tablet or other device you use to access the App. Depending on the device you used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system and system configuration information.
  • Location Data. We collect location data such as information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the App. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. Note however, if you choose to opt out, you may not be able to use certain aspects of the Services.

This information is primarily needed to maintain the security and operation of our App, for troubleshooting and for our internal analytics and reporting purposes. 

Information collected from other sources

In short – We may collect limited data from public databases, marketing partners and other outside sources. 

In order to enhance our ability to provide relevant marketing, offers and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, as well as from other third parties. 

This information may include mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), Internet Protocol (IP) addresses, social media profiles, social media URLs and custom profiles, for purposes of targeted advertising and event promotion.

Jon D. Rock, Inc. uses Plaid Inc. (“Plaid”) to gather End User’s data from financial institutions. By using our service, you grant Jon D. Rock, Inc. and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid Privacy Policy.

How we use your information

In summary, we process specific personal information such as your name, contact information, and transaction details for purposes grounded on legitimate business interests (such as improving our services), the fulfillment of our contract with you, compliance with our legal obligations, and/or your explicit consent. 

We use personal information collected via our App for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or fulfil a contract with you, with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below.

We use the information we collect or receive:

  • To facilitate account creation and logon process. If you choose to link your account with us to a third-party account (such as your Google or Facebook account), we use the information that these GDPR-compliant third parties allow us to collect, such as your email address and profile picture, to facilitate account creation and logon process in line with our contract.
  • To post testimonials. We may post testimonials on the App that may contain personal information. Prior to posting a testimonial, we will obtain your consent to use your name and the content on the testimonial. If you wish to update or delete your testimonial, please contact us at info@jondrock.com and be sure to include your name, testimonial location and contact information.
  • Request feedback. We may use your information to request feedback and to contact you about your use of our App.
  • To enable user-to-user communications. We may use your information in order to enable user-to-user communications with each user’s consent. 
  • To manage user accounts. We may use your information for the purposes of managing our accounts and keeping your account in working order.
  • To send administrative information to you. We may use your personal information to send your product, service and new feature information and/or information about changes to our terms, conditions, and policies.
  • To protect our Services. We may use your information as part of our efforts to keep our App safe and secure (for example, for fraud monitoring and prevention).
  • To enforce our terms, conditions and policies for business purposes, to comply with legal and regulatory requirements or in connection with our contract.
  • To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
  • To deliver and facilitate delivery of services to the user. We may user your information to provide you with the requested service.
  • To respond to user inquiries/offer support to users. We may use your information to respond to your inquiries and solve any potential issues you might have with Services.
  • To send you marketing and promotional communications. We and/or our third-party marketing partners may use the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. For example, when expressing an interest in obtaining information about us or our App, subscribing to marketing or otherwise contacting us, we will collect personal information from you. You can opt-out of our marketing materials at any time through a straightforward process that is easily accessible in our App. Opting out of marketing communications will not affect the provision of our services to you.
  • Deliver targeted advertising to you. We may use your information to develop and display personalized content and advertising (and work with third parties who do so) tailored to your interests and/or location and to measure its effectiveness.
  • For other business purposes. We may use your information for other business purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our App, products, marketing and your experience. We may use and store this information in aggregated and anonymized form so that it is not associated with individual end users and does not include personal information.

Use of AI for Personalized Financial Advice

In short – we use AI, specifically OpenAI, to deliver personalized financial advice through our Personal CFO Chatbot feature.

We may use your personal information to provide personalized financial advice via our Personal CFO Chatbot feature. This feature utilizes artificial intelligence technology provided by OpenAI to analyze your financial data and provide tailored recommendations. By using this feature, you consent to the processing of your personal and financial information by OpenAI in accordance with their privacy policy. The personal information shared with OpenAI may include, but is not limited to, your name, email address, financial data, and any other information necessary to provide relevant financial advice.

How we use your information:

  • To deliver personalized financial advice tailored to your specific financial situation.
  • To improve the accuracy and relevance of the financial advice provided by the Personal CFO Chatbot.

We ensure that all data shared with OpenAI is handled securely and in compliance with applicable privacy laws. For more information on how OpenAI handles your data, please refer to their privacy policy.

If you have any concerns about this processing, you may contact us at info@jondrock.com or choose to disable this feature within the App settings.

How we share your information

In summary, we only share specific information such as your name, contact information, and transaction details with your explicit consent, to comply with laws, to provide services, to protect your rights, or to fulfill business obligations (such as providing necessary information to our service providers).

We may process or share your personal information based on the following legal basis:

  • Consent. We may process your personal information if you have given us specific consent to use your personal information for a specific purpose.
  • Legitimate Interests. We may process your personal information when it is reasonably necessary to achieve our legitimate business interests.
  • Performance of a Contract. Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.
  • Legal obligations. We may disclose your personal information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
  • Vital Interests. We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.

More specifically, we may need to process or share your personal information in the following situations:

  • Business Transfers. We may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will take appropriate measures to ensure the security and confidentiality of your personal data during such transfers, and the receiving party will be obligated to use your personal information in accordance with this privacy policy.
  • Affiliates. We may share your personal information with our affiliates, in which case we will require those affiliates to honor this privacy notice. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under control with us.
  • Business Partners. We may share specific categories of your personal information, as defined and limited by our Privacy Policy, with our business partners to offer you certain products, services or promotions. Our business partners are contractually obligated to protect your information and use it solely for the purpose of providing these offerings.
How we use cookies and other tracking technologies

In short – We may use cookies or other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice. 

How long we keep your information

In short – we keep your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law. 

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).

When we have ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

How we keep your information safe

In short – we aim to protect your personal information through a system of organization and technical security measures.

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your personal information, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your personal information. Therefore, transmission of personal information to and from our App is at your own risk. You should only access the App within a secure environment.

Information collected from minors – under age 18

In short – we do not knowingly collect personal information from or market to children under 18 years of age.

We do not knowingly solicit personal information from or market to children under 18 years of age. By using the App, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the App. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any personal information we may have collected from children under age 18, please contact us at info@jondrock.com.

Your privacy rights

In short – you may review, change or terminate your account at any time.

If you have questions or comments about your privacy rights, you may email us at info@jondrock.com.

Account Information

If you would at any time like to review or change the personal information in your account or terminate your account, you can log into your account settings and update your user account.

Upon your request to terminate your account, we will deactivate or delete your account and personal information from our active databases. However, we may retain some personal information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with applicable legal requirements.

  • Cookies and similar technologies – most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our App. To opt-out of interest-based advertising by advertisers on our App visit http://www.aboutads.info/choices/.
  • Opt-out of email marketing – You can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the details provided below. You will then be removed from the marketing email list, however, we may still communicate with you, for example to send you service-related emails that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes. To otherwise opt-out, you may contact us using the contact information provided.
Controls for Do-Not-Track features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your only browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

Specific rights for California residents:

In short – if you are a resident of California, you are granted specific rights regarding access to your personal information. 

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided at the end of this document in the Contact Us section of this document.

If you are under 18 years of age, resident in California, and have registered an account with the App, you have the right to request removal of unwanted personal information that you publicly post on the App. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the App, but please be aware that the data may not be completely or comprehensively removed from all our systems due to technical constraints or legal obligations (e.g., backups, record keeping, retention for legal disputes, or compliance with tax requirements).

CCPA Privacy Notice

The California Code of Regulations defines a “resident” as:

  1. Every individual who is in the State of California for other than a temporary or transitory purpose and 
  2. Every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose.

All other individuals are defined as “non residents.”

If this definition of “resident” applies to you, we must adhere to certain rights and obligations regarding your personal information.

What categories of personal information do we collect?

We collect personal information categories listed in the California Customer Records statute including, but not limited to, name, contact information, address, and financial information. 

We may also collect other personal information outside of these categories in instances where you interact with us in-person, online, or by phone or mail in the context of:

  • Receiving help through our customer support channels;
  • Participation in customer surveys or contests; and
  • Facilitation in the delivery of our Services and to respond to your inquiries.

How do we use and share your personal information?

More information about our data collection and sharing practices can be found in the relevant sections of this Privacy Policy.

You may contact us by email at info@jondrock.com, or by referring to the contact details at the bottom of this document. 

If you are using an authorized agent to exercise your right to opt-out we may deny a request if the authorized agent does not submit adequate proof, such as a signed written authorization, that they have been validly authorized to act on your behalf. 

Will your information be shared with anyone else?

We may disclose your personal information with our service providers, such as IT service providers or customer service providers, pursuant to a written contract between us and each service provider. Each service provider, whether a for-profit, non-profit, or governmental entity, processes the information on our behalf.

We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be “selling” of your personal information.

We have not disclosed or sold any personal information to third parties for a business or commercial purpose in the preceding 12 months. We will not sell personal information in the future belonging to website visitors, users and other consumers.

Your rights with respect to your personal information

You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law. These exceptions may include, but are not limited to, situations such as the exercise of another consumer’s right to free speech is involved, our compliance requirements resulting from a legal obligation, any processing that may be required to protect against illegal activities, or where the information is necessary for us to provide our services or fulfill our contractual obligations.

Depending on the circumstances, you have a right to know:

  • Whether we collect and use your personal information;
  • The categories of personal information that we collect;
  • The purposes for which the collected personal information is used;
  • Whether we sell your personal information to third parties;
  • The categories of personal information that we sold or disclosed for a business purpose;
  • The categories of third parties to whom the personal information was sold or disclosed for a business purpose; and 
  • The business or commercial purpose for collecting or selling personal information.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request. However, we adhere to best practices in data security and privacy to ensure that your information is safe.

In accordance with applicable privacy laws, we will not discriminate against you if you exercise your privacy rights.

Verification process. Upon receiving your request, we will need to verify your identity to determine that you are the same person about whom we have personal information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.

We will only use personal information provided in your request to verify your identity or authority to make your request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity, and for security or fraud – prevention purposes. We will delete such additionally provided information as soon as we finish verifying you. 

Other privacy rights

  • You may object to the processing of your personal information.
  • You may request correction of your personal information if it is incorrect or no longer relevant, or ask to restrict the processing of your personal information.
  • You can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA.
  • You may request to opt-out from future selling of your personal information to third parties. To make this request, please contact us at the email or postal address provided at the end of this document. Upon receiving a request to opt-out, we will act upon the request as soon as feasibly possible, but no later than 15 days from the date of the request submissions.

To exercise these rights, you can contact us by email at info@jondrock.com, or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your personal information, we would like to hear from you.

Specific rights for Nevada residents:

In short –if you are a resident of Nevada, you have the right to opt-out of the sale of your personal information.

If you are a Nevada resident and wish to exercise this right, please submit your request in writing to us using the contact information provided at the end of this document.

Specific rights for residents of Virginia, Colorado, Connecticut, and Utah:

In short –if you are a resident of Virginia, Colorado, Connecticut, or Utah, you are granted specific rights regarding access to your personal information.

These rights include:

  • The right to access personal information we hold about you.
  • The right to correct inaccurate personal information.
  • The right to delete your personal information.
  • The right to opt-out of the sale of your personal information and the processing of your personal information for targeted advertising.

To exercise these rights, you can contact us by email at info@jondrock.com, or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your personal information, we would like to hear from you.

If you are a resident of the European Economic Area (EEA), you have the following data protection rights:

  • Right to Access: You have the right to request copies of your personal data.
  • Right to Rectification: You have the right to request correction of any information you believe is inaccurate or incomplete.
  • Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
  • Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • Right to Withdraw Consent: Where the processing of your personal information is based on your consent, you have the right to withdraw that consent at any time.

To exercise these rights, please contact us at info@jondrock.com. We will respond to your request in accordance with applicable data protection laws.

Third Party Sites

The App may include links to third party websites. Except where we post, link to or expressly adopt or refer to this Privacy Policy, this Privacy Policy does not apply to, and we are not responsible for, any personal information practices of third party websites or the practices of third parties. We recommend that you review the privacy policies of any third party websites that you visit. To learn about the personal information practices of third parties, please review their respective privacy notices.

Updates to this Privacy Policy

In short –we will update this Privacy Policy as necessary to stay compliant with relevant laws and regulations.

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Last Updated” date and the updated version will be effective as soon as it is accessible. If we make changes to this Privacy Policy that significantly alter our privacy practices, we will notify you either by prominently posting a notice on our website’s homepage or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your personal information.

Contact us about this Privacy Policy

If you have questions or comments about this Privacy Policy, you may email us at info@jondrock.com or by post to:

Jon D. Rock, Inc.
30 Wall St.
New York, NY 10005