Principle 3: Transparency
Digital finance companies communicate with users in a complete and meaningful way.
- Subprinciple: Meaningful Privacy Information
- Company clearly discloses legally binding documentation.
- All legally binding documentation can be accessed from a single location accessible to users before creating an account or purchasing access to the service.
- Data collection, usage, sharing, and rights are transparently shared with consumers in a meaningful way.
- Information about data collection, usage, sharing, and rights are integrated into the onboarding/account set-up process in a meaningful way.
- App includes regular privacy check-up notifications to encourage and support users to review their privacy settings.
- Users receive in-app notifications of data collection, usage, sharing, and rights at appropriate times when interacting with the service.
- Privacy policies are written at no higher than an 8th grade reading level.
- Company shares information about data collection, usage, sharing, and rights in a short form that is accessible before a person creates an account on the service.
- Users understand their data rights.
- Users understand their data rights.
- Subprinciple: Transparent Safety Practices
- The company meets, and shares which, recognized information security standards.
- The company transparently states which information security standards it meets.
- The company notifies appropriate authorities and those affected when a cybersecurity incident occurs.
- The company commits in legally binding documentation to notify the relevant authorities within 36 hours, or as required by statute, when a cybersecurity incident occurs.
- The company clearly discloses its process and timeline for notifying, and the steps it will take to address the impact to users who might experience a disruption in service, monetary loss, or identity theft due to a cybersecurity incident.
- The company maintains a service status dashboard so people can see if and when the service is impacted by outages in real time.
- Subprinciple: Explanation of Service
- Fees are transparently shared with consumers in a meaningful way.
- Fees are shared before a person creates an account with the service.
- Users receive in-app notifications of fees at appropriate times when interacting with the service.
- Company explains the service to users in a meaningful way.
- Services are explained in a legal document.
- Services are clearly explained in a meaningful way throughout the user experience.
- The company commits to notify users about changes to the service.
- The company discloses how and when users will be directly notified of changes to the service(s).
- Subprinciple: Legal Rights
- People do not need to give up legal rights in order to use the service.
- The legally binding documentation does not require an end user to commit to resolve disputes via binding arbitration.
- The legally binding documentation does not require an end user to commit to give up their right to be part of a class action against the company.