Privacy Policy
Last updated: July 1, 2026
1. SCOPE AND ROLE
Harmoney operates as a technology platform. We do not custody funds and are not a bank or money transmitter. In providing the Services, we act:
- As a data controller with respect to information we collect from Users about their use of the Services (account, device, marketing, and analytics data); and
- As a service provider or data processor with respect to information we handle on behalf of a merchant, partner, or business customer for whom we provide the Services. Payment processing is performed by Stripe, and bank data connectivity is performed by Plaid. Their privacy practices are governed by their own policies, referenced in Section 8 below.
2. INFORMATION WE COLLECT
2.1 Information you provide.
- Identity information: name, date of birth, government-issued ID number (e.g., Social Security Number or ITIN, where required for KYC), photograph, signature.
- Contact information: email, phone number, mailing address.
- Business information: business name, EIN, entity type, beneficial owners, formation documents (for KYB).
- Financial account information: bank account numbers, routing numbers, card numbers, transaction history, balances (typically routed through Plaid or Stripe rather than stored by Harmoney directly).
- Product-related information: TapCard activation data, routing preferences, merchant profile.
- Communications: correspondence with support, feedback, and survey responses.
2.2 Information collected automatically.
- Device and technical data: IP address, device identifiers, browser type, OS, mobile carrier, hardware model.
- Usage data: pages viewed, features used, taps and transactions initiated, timestamps, referrers.
- Location data: general geographic location derived from IP; precise location only if you affirmatively grant permission.
- Cookies and similar technologies: see the Cookie Policy, Section 12.
2.3 Information from third parties.
- From Stripe and Plaid: verification results, transaction records, dispute and chargeback data, account status.
- From identity-verification and fraud-prevention vendors: verification outcomes, risk signals, sanctions and PEP screening results.
- From distribution partners (e.g., Posh): user or organizer identifiers necessary to fulfill and provision TapCards.
- From public sources and consumer reporting agencies: where permitted by law and necessary for verification or fraud prevention.
2.4 Sensitive information.
We collect SSN/ITIN, date of birth, and government ID information only where required for identity verification and financial compliance. We do not intentionally collect information about race, religion, health, sexual orientation, political opinions, or biometric identifiers unless voluntarily submitted and necessary for a specific feature (e.g., selfie-based liveness for KYC).
3. HOW WE USE INFORMATION
We use information to:
- (a) provide, maintain, and improve the Services;
- (b) create and administer accounts and authenticate Users;
- (c) process, route, or facilitate transactions through Stripe, Plaid, and other partners;
- (d) verify identity and comply with KYC, KYB, AML, sanctions, and card-network requirements;
- (e) prevent, detect, and investigate fraud, abuse, and security incidents;
- (f) provide customer support and respond to inquiries;
- (g) send transactional, service, and, with consent where required, marketing communications;
- (h) develop new products and features, including through aggregated and de-identified analysis;
- (i) enforce our Terms and legal rights; and
- (j) comply with legal, regulatory, tax, and law-enforcement obligations.
3.1 GLBA-permitted use of NPI.
To the extent we handle NPI in providing financial-services technology, we use and disclose it only for permitted purposes under GLBA and its implementing regulations, including servicing Users’ accounts, processing transactions Users have authorized, fraud prevention, compliance with legal obligations, and as otherwise permitted by 16 C.F.R. §§ 313.14–313.15.
3.2 AI and machine learning.
We may use information (including transaction and usage data, in de-identified or aggregated form where feasible) to train and improve fraud-detection models, risk scoring, routing logic, and product recommendations. We do not sell NPI to third parties for AI training.
4. HOW WE SHARE INFORMATION
We share information as follows:
4.1 Service providers and financial partners.
Stripe (payment processing), Plaid (bank connectivity), identity-verification vendors, cloud hosting, communications, analytics, and other vendors bound by contractual confidentiality and data-protection obligations.
4.2 Business customers and merchants.
Where you transact with a merchant using the Services, we share transaction and identification data necessary to complete the transaction and to comply with card-network and receipt requirements.
4.3 Distribution partners.
Partners such as Posh receive information necessary to fulfill their role in provisioning and supporting the TapCard.
4.4 Corporate transactions.
In connection with a merger, acquisition, financing, or sale of assets, information may be transferred, subject to reasonable confidentiality protections.
4.5 Legal and safety disclosures.
We may disclose information to comply with law, respond to lawful requests, enforce our Terms, or protect the rights, property, or safety of Harmoney, our Users, or others.
4.6 With your consent.
For any purpose not described above with your consent.
4.7 Aggregated and de-identified data.
We may share aggregated or de-identified data that does not reasonably identify any individual.
5. GLBA FINANCIAL PRIVACY NOTICE
We do not sell NPI to non-affiliates for their independent marketing purposes. Under GLBA, you have the right to receive this notice describing our information-sharing practices with respect to NPI. Our practices are as follows: Reasons we can share NPI Do we share? Can you limit sharing? For our everyday business purposes — such as to process transactions, maintain your account, respond to court orders and legal investigations, or report to credit bureaus Yes No For our marketing purposes — to offer our products and services to you Yes No For joint marketing with other financial companies No Not applicable For our affiliates’ everyday business purposes — information about your transactions and experiences Yes No For our affiliates’ everyday business purposes — information about your creditworthiness No Not applicable For our affiliates to market to No Not applicable Reasons we can share NPI Do we share? Can you limit sharing? you For non-affiliates to market to you No Not applicable Affiliates include entities within the Anthem Global Syndicate Management portfolio. Non-affiliates include Stripe, Plaid, and other independent service providers, which are permitted recipients under GLBA’s service-provider exception.
6. DATA RETENTION
We retain information for as long as necessary to provide the Services, comply with legal and regulatory obligations (including anti-money-laundering recordkeeping of typically five to seven years), resolve disputes, and enforce agreements. When no longer needed, we delete, anonymize, or securely archive information.
7. SECURITY
We maintain administrative, technical, and physical safeguards designed to protect information, including encryption in transit and at rest, access controls, logging, and regular security assessments. No system is perfectly secure. You are responsible for the to support@inharmoney.xyz.
8. THIRD-PARTY POLICIES
Your use of the Services requires acceptance of the following third-party policies, which govern their handling of your data:
- Stripe Privacy Policy — stripe.com/privacy
- Stripe Connected Account Agreement — stripe.com/legal/connect-account
- Plaid End User Privacy Policy — plaid.com/legal/#end-user-privacy-policy
- Plaid End User Services Agreement — plaid.com/legal/#end-user-services-agreement Harmoney is not responsible for the privacy practices of third parties.
9. YOUR RIGHTS
Depending on your jurisdiction, you may have rights to:
- Access the personal information we hold about you;
- Correct inaccurate information;
- Delete personal information, subject to legal-retention exceptions;
- Restrict or object to certain processing;
- Data portability — receive your data in a portable format;
- Withdraw consent where processing is based on consent;
- Opt out of “sales” or “sharing” as defined under state privacy laws (Harmoney does not sell personal information for money, but certain data uses may constitute “sharing” for cross-context behavioral advertising under some state laws; you may opt out via the “Do Not Sell or Share My Personal Information” link on our website);
- Non-discrimination for exercising these rights. To exercise these rights, contact info@inharmoney.xyz. We will verify your identity before responding and will respond within the timeframe required by applicable law.
9.1 California residents (CCPA/CPRA).
California residents have specific rights under the California Consumer Privacy Act as amended by the CPRA, including the rights above and the right to limit use of “sensitive personal information.” Categories of personal information we have collected and disclosed in the preceding twelve months are described in Section 2. We do not knowingly sell the personal information of California residents.
9.2 Other U.
S. states. Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have analogous rights. Contact us at info@inharmoney.xyz to exercise them.
9.3 EEA/UK residents.
If you are located in the European Economic Area or United Kingdom, our legal bases for processing include contract performance, legal obligation, legitimate interests (including fraud prevention and product improvement), and consent. You have the right to lodge a complaint with your supervisory authority. International transfers are made pursuant to Standard Contractual Clauses or other lawful mechanisms.
10. CHILDREN
The Services are not directed to children under 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected such information, we will delete it.
11. AUTOMATED DECISION-MAKING
Certain compliance decisions (e.g., KYC pass/fail, fraud-risk scoring) may involve automated processing. You may request human review of any automated decision that produces legal or similarly significant effects by contacting info@inharmoney.xyz.
12. COOKIES AND TRACKING
We and our service providers use cookies, pixels, SDKs, and similar technologies for authentication, security, analytics, and (with consent where required) advertising. You can manage preferences via our cookie banner and browser settings. Blocking certain cookies may impair Service functionality. We honor Global Privacy Control (“GPC”) signals as an opt-out where required by law.
13. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. Material changes will be posted at inharmoney.xyz/privacy with a revised “Last Updated” date and, where required, communicated by email or in-app notice.
14. CONTACT
Harmoney Financial Technologies, Inc. General & legal inquiries: info@inharmoney.xyz Customer support: support@inharmoney.xyz Website: inharmoney.xyz If you are unsatisfied with our response, you may contact your applicable regulator or supervisory authority.