Terms and Policies

End User Terms of Use

Last Updated: December 11, 2024.

Welcome to Pinwheel!

This Agreement (“Agreement”) provides a simple explanation of what we do, the relationship between Pinwheel and you, and each of our rights and responsibilities.  If you don't agree with this Agreement, you can choose not to use Pinwheel.

Important Notice About Arbitration

Before we get into the details, a few notes:

THIS AGREEMENT INCLUDES A BINDING ARBITRATION PROVISION THAT CONTAINS A CLASS ACTION WAIVER. IT WILL HAVE A SUBSTANTIAL EFFECT ON YOUR RIGHTS IN THE EVENT OF A DISPUTE UNLESS YOU OPT OUT. Please refer to the “Arbitration” section for more information.

About Pinwheel

Pinwheel enables you (“you” or “End User”) to connect your financial and payroll data (e.g., income, paystubs, employment status, time and attendance, W2s, taxes, direct deposit allocations, identity information) to software applications that help you access credit, file taxes, switch bank accounts for direct deposits or bill payments, manage subscriptions, and access financial products. We do not offer these financial products ourselves, but we facilitate your access to them by helping you provide your data to the third-party companies that do.

Underdog Technologies Inc., d/b/a Pinwheel (“Pinwheel,” “we,” “our,” or “us”) provides services that enable you to connect your payroll, financial, and subscription services data to websites or applications (“Services”).

  • On one side, you have payroll, bank or other accounts (each, an “Account”) with a third-party payroll provider, a government entity, a subscription service, a financial institution, etc. (an “Account Provider”).
  • On the other side, you have websites and applications (the “App(s)”) made by other third parties (the “App Provider”).  They need data to provide you with certain functions and features you want, such as direct deposit switching, bill pay switch, verification of employment and income information, and management of your subscriptions.  

Example 1: You work at EmployerCo and you want to get a financial product from FinancialCo.  EmployerCo uses a payroll provider named PayrollCo (that’s the company whose product or website you use when you want to see your paystubs or change your benefits).  FinancialCo needs information from your payroll account (e.g., income, paystubs, employment status, time and attendance, W2s, taxes, direct deposit allocations, identity information).  You could log in yourself, take screenshots, search around, and download PDFs and email it to FinancialCo if you wanted (and if they accepted it).  Or you can use Pinwheel to pull your data about your employment at EmployerCo automatically.  We log into PayrollCo on your behalf, pull the data, and send it to FinancialCo.

Example 2: You work at EmployerCo and want to get a new bank account with BankCo.  You have PayrollCo as your payroll provider.  BankCo wants to help you switch your direct deposit from your old bank (or wherever else you sent your paychecks).  BankCo hires Pinwheel and tells us, “Help this user switch over their direct deposit allocation to this new bank account.”  We pull information from your Account (via your Account Provider) and send it to BankCo, and then we also tell PayrollCo “here’s this user’s new bank account information, send their paychecks there from now on.”  We do not transmit or take custody of the money, but instead just enable you, the App, and your Account to communicate so that the money is transferred to your new account.

Example 3: You want to better manage subscription costs within your account at BankCo. You have bank accounts at OtherBank and OtherCreditUnion that you use to pay some subscriptions. You also have an old subscription at StreamingServiceInc.  BankCo hires Pinwheel and asks us to help you “identify upcoming trial expirations and hidden subscriptions based on your payments data from your other bank accounts.” With your permission, we pull information from your bank accounts and streaming services (your Accounts) and send it to BankCo to allow you to manage your subscriptions with StreamingServiceInc through your account at BankCo.

About this Agreement (And Other Ones You May Have)

This Agreement is specific to your relationship with Pinwheel.  It does not cover what developers of the apps you use do with your data (reminder: in this Agreement, we call them “Apps” and “App Providers”).  The Apps, App Providers, and Accounts are not part of our Services and we’re not responsible for them. If you are under the age of majority, by consenting to your use of the Services, your parent or guardian agrees to be subject to the terms of this Agreement and responsible for your activity in connection with the Services. If applicable, your parent or guardian also consents to your grant of authority to us in this Agreement.

We just mentioned examples where you are employed by EmployerCo, have your employment data held at PayrollCo, and want to get a product from FinancialCo or BankCo; where you want to switch how you pay your bills from your accounts with OtherBank or OtherCreditUnion to payment from your account with BankCo; and how you’d like to manage your subscriptions through your account at BankCo.  You probably have contracts (e.g., terms and conditions, privacy policy, etc.) with each of the entities in the examples.  You should review those contracts.  They’re separate from this Agreement.  This Agreement governs your use of the Services that allow you to connect your Accounts, in order for you provide your payroll, financial, and subscription services data to your App Providers to help you receive services from them.  

Pinwheel is not responsible for any nonpayment of funds, payment of funds to an incorrect direct deposit account, or any other issues related to the disbursement of funds to or from Accounts.

How Pinwheel Uses Your Data

Please review our Privacy Policy to learn how we collect, use, store, and disclose data and personal information. By entering into this Agreement, you agree to use of your personal information in accordance with our privacy policy. If you have questions, contact us at privacy@pinwheelapi.com. The privacy policy of Pinwheel is incorporated by this reference into, and made a part of, this Agreement.

Some of Your Key Responsibilities and Consent

By using the Services, you agree that:

  • You’re at least 18 years old and at least the age of majority, or you are at least 14 years of age and represent that you have your parent or guardian’s permission to use the Services.
  • You haven’t been suspended or removed from using the Services.
  • You have all necessary rights to use our Services and are complying with all relevant terms that apply to your use of your Accounts, the App, and your relationship with the App Provider.  
  • You’re complying with all laws and regulations applicable to your use of the Services, as well as any rules and guidelines that we post.
  • You authorize Pinwheel to use your Account credentials as your agent in order to (a) access and use the information in your Account, and (b) operate the Services and enable communication between the App and your Account, including specifying or changing the account into which your paychecks and other payments will be deposited, all in accordance with your instructions and consent.  
  • You give Pinwheel durable consent (i.e., recurring access).  Some implementations/App Providers require it (e.g., tax providers may need recurring access to pull yearly tax forms).  Please refer to your App Provider for more detail on what data they collect and how it is used.
  • If you’re using Pinwheel (via an App) to switch direct deposit providers, you also grant us, as your agent, the ability to control and change the destination account into which your paycheck or other payment to you is deposited from the Account.
  • If you’re using Pinwheel (via an App) to manage your subscriptions or change the accounts from which you pay your bills, you also grant us, as your agent, the authority to act on your behalf with an Account Provider (i.e. a financial institution or subscription provider) and to enroll, cancel, modify, or renew a subscription or bill payments on your behalf.
  • You are giving Pinwheel, the App Provider, and your Account Provider accurate information (e.g., identity information, account and routing numbers, etc.).  You’re accessing your own Account(s) and information and not anyone else’s.  
  • You authorize us to rely on the information that you provide to us, the App Provider, and your Account Provider, and you waive all liability for inaccuracies or errors (which could cause delayed deposits or problems with signing up or using the App).
  • You grant us the right to delegate all agency appointments, authorizations, and rights you grant to us, to our service providers or other designees.
  • Your use of the Services doesn’t violate any laws, is not fraudulent or inappropriate, and does not violate anyone’s rights (e.g., intellectual property).  
  • You will not (a) modify, reverse engineer or try to gain unauthorized access to the Services or related systems, data or source code, or (b) bypass or circumvent security or protective measures designed to prevent or limit access to any part of the Services.
  • You are using the Services on your own behalf, for your personal and non-commercial use and are not reselling the Services to anyone else.

Termination and Modifications

We may update or change this Agreement. If we do, we’ll post the new policy on our website and update the effective date at the top of the page.  

We can turn off your access to the Services at any time, without notice and in our discretion. Pinwheel will have no liability for any change to the Services or any suspension or termination of access.  

You may terminate your Pinwheel account and this Agreement at any time by contacting customer service at hello@pinwheelapi.com. Except for your right to use the Services, the following sections of the Agreement will survive any termination: Arbitration, Indemnity, Disclaimers & Limitations, and Miscellaneous.

Disclaimers and Limitations

The Services are provided "as is" and "as available.”  Your use of the Services is at your own discretion and risk.  Pinwheel, its affiliates, service providers, and vendors do not make any representations or warranties, whether express, implied, statutory, or otherwise. This includes any implied warranties of merchantability, title, fitness for a particular purpose, or non-infringement. Pinwheel does not warrant that the use of its Services will be uninterrupted or error-free. Additionally, Pinwheel cannot guarantee that your data will be accurate, complete, or secure, or that it will maintain any data without loss.

To the extent allowed by law, Pinwheel and its affiliates, service providers, and vendors are not responsible for:

  • any issues related to third-party products or services, including errors, defects, or security problems
  • any incorrect information you provide or any actions taken by third-party providers
  • any payment failures, late or incorrect payments, overdraft fees, or inaccurate delivery of information, even if caused by our Services
  • any indirect, special, incidental, reliance, exemplary, or consequential damages or any damages exceeding the amount you paid us to use the Services or $100, whichever is greater.

These limitations and disclaimers apply to the fullest extent permitted by law. Each provision in this agreement that limits liability or disclaims warranties is intended to allocate risks between the parties, and each provision is independent of all others.

Indemnity

You are responsible for using the Services, App, and Account properly, and you must defend and compensate Pinwheel and its employees, affiliates, and vendors (“Pinwheel Entities”) if someone claims that you did something wrong while using them (misusing the Services, App, or Account, breaking the rules in this Agreement, or violating a law or regulation). This includes compensating Pinwheel Entities for any expenses, such as legal fees, that result from the claim. You may also have to compensate Pinwheel Entities if you violate someone else's rights, such as their intellectual property, privacy, or publicity rights, or if you have a disagreement with someone else, such as the App Provider or Account Provider. Pinwheel has the right to take over the defense of any claim that requires indemnification, but you still need to cooperate with Pinwheel.

Arbitration

By entering into the agreement, the parties waive the right to a trial by jury or participation in a class action.  Every dispute arising out of or relating to this Agreement, or use of the Services, will be resolved by binding arbitration (though there are a couple exceptions to this, see below).  

Exceptions.  Nothing in this Agreement will limit the right of either party to: (a) bring an individual action in small claims court; (b) pursue an enforcement action through the applicable federal, state, or local agency if that action is available; (c) seek injunctive relief in a court of law in aid of arbitration; or (d) to file suit in a court of law to address an intellectual property infringement claim.

Opting out. You can opt out of this within 30 days after agreeing to this Agreement by sending a letter to Underdog Technologies Inc, DBA Pinwheel, Attention: Legal Department – Arbitration Opt-Out, 335 Madison Ave, Floor 16, New York NY 10017 that specifies: your full legal name, the email address associated with your account on the Service, and a statement that you wish to opt out of arbitration (“Opt-Out Notice”). Once we receive it, you won’t be obligated to use arbitration.  The remaining provisions of this Agreement will not be affected by your Opt-Out Notice.

Arbitrator. Any arbitration between you and Pinwheel will be settled under the Federal Arbitration Act and administered by the American Arbitration Association (“AAA”) under its Consumer Arbitration Rules (collectively, “AAA Rules”) as modified by this Agreement. The AAA Rules and filing forms are available online at www.adr.org, by calling the AAA at 18007787879, or by contacting Pinwheel.

The arbitrator has exclusive authority to resolve any dispute relating to the interpretation, applicability, or enforceability of this binding arbitration agreement.

Notice of arbitration;  process. A party who wants arbitration must first send a written notice of the dispute to the other party by certified U.S. Mail or by Federal Express (signature required) or, only if that other party has not provided a current physical address, then by electronic mail (“Notice of Arbitration”).

Pinwheel’s address for Notice of Arbitration is: Underdog Technologies Inc, DBA Pinwheel, 335 Madison Ave, Floor 16, New York NY 10017. The Notice of Arbitration must: (a) describe the nature and basis of the claim or dispute; and (b) set forth the specific relief sought (“Demand”). The parties will make good faith efforts to resolve the claim directly, but if the parties do not reach an agreement within 30 days, you or Pinwheel may commence arbitration.  All arbitration proceedings will be confidential unless otherwise agreed in writing.  During the arbitration, the amount of any settlement offer made by you or Pinwheel must not be disclosed to the arbitrator until after the arbitrator makes a final decision and award, if any. If the arbitrator awards you an amount higher than the last written settlement amount offered by Pinwheel in settlement of the dispute prior to the award, Pinwheel will pay to you the higher of: (i) the amount awarded by the arbitrator; or (ii) $10,000.

Fees. If you commence arbitration in accordance with this Agreement, Pinwheel will reimburse you for your payment of the filing fee, unless your claim is for more than $10,000, in which case the payment of any fees will be decided by the AAA Rules. Any arbitration hearing will take place at a location to be agreed upon in New York County, New York, but if the claim is for $10,000 or less, you may choose whether the arbitration will be conducted: (a) solely on the basis of documents submitted to the arbitrator; (b) through a non-appearance based telephone hearing; or (c) by an in-person hearing as established by the AAA Rules in the county (or parish) of your billing address. If the arbitrator finds that either the substance of your claim or the relief sought in the Demand is frivolous or brought for an improper purpose (as measured by the standards set forth in Federal Rule of Civil Procedure 11(b)), then the payment of all fees will be governed by the AAA Rules. In that case, you agree to reimburse Pinwheel for anything already paid that was otherwise your obligation to pay under the AAA Rules.  Regardless of the manner in which the arbitration is conducted, the arbitrator must issue a reasoned written decision sufficient to explain the essential findings and conclusions on which the decision and award, if any, are based.  The arbitrator may make rulings and resolve disputes as to the payment and reimbursement of fees or expenses at any time during the proceeding and upon request from either party made within 14 days of the arbitrator’s ruling on the merits.

No class actions. YOU AND PINWHEEL AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. Further, unless both you and Pinwheel agree otherwise, the arbitrator may not consolidate more than one person’s claims and may not otherwise preside over any form of a representative or class proceeding.

Modifications to this arbitration provision. If Pinwheel makes any future change to this arbitration provision, other than a change to Pinwheel’s address for Notice of Arbitration, you may reject the change by sending us written notice within 30 days of the change to Pinwheel’s address for Notice of Arbitration, in which case your account with Pinwheel, and right to use the Services and functionality it enables in the App, will be immediately terminated and this arbitration provision, as in effect immediately prior to the changes you rejected will survive.

Enforceability. If any of this Section (“Arbitration”) is found to be unenforceable, or if Pinwheel receives an Opt-Out Notice from you, then the entirety of this Section will be null and void and, in that case, exclusive jurisdiction and venue described below will govern any action arising out of or related to this Agreement.

Notices

Pinwheel may provide notices or communications to you through the email associated with your Pinwheel profile, through pinwheelapi.com or through other reasonable methods. All notices, requests and other communications to Pinwheel under this Agreement must be in writing to hello@getpinwheel.com.

Miscellaneous

Entire agreement. This Agreement, together with Pinwheel’s Privacy Policy and any other agreements expressly incorporated by reference into this Agreement, are the entire and exclusive understanding and agreement between you and Pinwheel regarding your use of the Services.

Assignment. You may not assign or transfer this Agreement or your rights under this Agreement, in whole or in part, by operation of law or otherwise, without our prior written consent. We have the right to assign and otherwise transfer this Agreement at any time without notice or consent.

No waiver. No waiver will be valid unless in writing and signed by the party to be charged with the waiver.

Enforceability. If any part of these Terms is held to be illegal, invalid or unenforceable, the illegal, invalid or unenforceable part will be given effect to the greatest extent possible, and the remaining parts will remain in full force and effect.

Governing law. Subject to the Arbitration section above, this Agreement, and all disputes regarding your relationship with Pinwheel shall be governed by the laws of the State of New York without regard to conflict of law principles. You and Pinwheel submit to the personal and exclusive jurisdiction of the state courts and federal courts having within their jurisdiction New York County, New York.

Consent to electronic communications. You consent to receive certain electronic communications from us as further described in our Privacy Policy. Please read our Privacy Policy to learn more about our electronic communications practices. You agree that any notices, agreements, disclosures, or other communications we send to you electronically will satisfy any legal communication requirements, including those communications being in writing.

Contact information. The Services are offered by Underdog Technologies Inc., DBA Pinwheel, located at 335 Madison Ave, Floor 16, New York NY 10017. You may contact us by sending correspondence to that address or by emailing us at hello@pinwheelapi.com.

Use of Services limited to the United States of America.  The Services are intended only for individuals located within the United States.  We make no representation that the Services are appropriate or available for use outside of the United States.  Access to or use of the Services from anywhere or by anyone that would make the Services illegal or this Agreement invalid, is prohibited.

Privacy Policy

Last Updated: December 11, 2024.

Welcome to Pinwheel!

This Privacy Policy explains how we collect, use, and share your information to operate and improve our services.  By using Pinwheel, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy.  Beyond this Privacy Policy, your use of our Services is also subject to our Terms of Use.

About Pinwheel

Pinwheel enables you (“you” or “End Users”) to connect your financial and payroll data (e.g., income, paystubs, employment status, time and attendance, W2s, taxes, direct deposit allocations, identity information) to software applications that help you access credit, file taxes, switch bank accounts for direct deposits or bill payments, manage subscriptions, and access financial products. We do not offer these financial products ourselves, but we facilitate your access to them by helping you provide your data to the third-party companies that do.

Underdog Technologies Inc., d/b/a Pinwheel (“Pinwheel,” “we,” “our,” or “us”) provides services that enable you to connect your payroll, financial, and subscription services data to websites or applications (“Services”).

  • On one side, you have payroll, bank, or other accounts (each, an “Account”) with a third-party payroll provider, a government entity, a subscription service, a financial institution, etc. (an “Account Provider”).
  • On the other side, you have websites and applications (the “App(s)”) made by other third parties (the “App Provider”).  They need data to provide you with certain functions and features you want, such as direct deposit switching, bill pay switch, verification of employment and income information, and management of your subscriptions.  

Example 1: You work at EmployerCo and you want to get a financial product from FinancialCo. EmployerCo uses a payroll provider named PayrollCo (that’s the company whose product or website you use when you want to see your paystubs or change your benefits).  FinancialCo needs information from your payroll account (e.g., income, paystubs, employment status, time and attendance, W2s, taxes, direct deposit allocations, identity information).  You could log in yourself, take screenshots, search around, and download PDFs and email it to FinancialCo if you wanted (and if they accepted it).  Or you can use Pinwheel to pull your data about your employment at EmployerCo automatically.  We log into PayrollCo on your behalf, pull the data, and send it to FinancialCo.

Example 2: You work at EmployerCo and want to get a new bank account with BankCo.  You have PayrollCo as your payroll provider.  BankCo wants to help you switch your direct deposit from your old bank (or wherever else you sent your paychecks).  BankCo hires Pinwheel and tells us, “Help this user switch over their direct deposit allocation to this new bank account.”  With your permission, we pull information from your Account (via your Account Provider) and send it to BankCo, and then we also tell PayrollCo “here’s this user’s new bank account information, send their paychecks there from now on.”  We do not transmit or take custody of the money, but instead just enable you, the App, and your Account to communicate so that the money is transferred to your new account.

Example 3: You want to better manage subscription costs within your account at BankCo. You have bank accounts at OtherBank and OtherCreditUnion that you use to pay some subscriptions. You also have an old subscription at StreamingServiceInc. BankCo hires Pinwheel and asks us to help you “identify upcoming trial expirations and hidden subscriptions based on your payments data from your other bank accounts.” With your permission, we pull information from your bank accounts and streaming services (your Accounts) and send it to BankCo and allow you to manage your subscriptions with StreamingServiceInc through your account at BankCo.    

About This Privacy Policy (And Other Agreements You May Have)

This Policy is specific to your relationship with Pinwheel. It does not cover what others do with your data, such as developers of third party apps you use (reminder: we call them “Apps” and “App Providers”). The Apps, App Providers, and Accounts are not part of our Services and we’re not responsible for them.

We just mentioned examples where you are employed by EmployerCo, have your employment data held at PayrollCo, and want to get a product from FinancialCo or BankCo. You probably have contracts (e.g., terms and conditions, privacy policy, etc.) with each of these types of companies. You should review them. They’re separate from this Privacy Policy.

Data We Collect

The data we collect, use, and share depends on the Services you use.  We may collect:

  • Data you provide to us;
  • Data from your Accounts;
  • Data from the device you use to connect;
  • Data from the developer of the App you have connected to; and
  • Data from other sources, such as our service providers.

A. Data You Provide to Us

If you contact us directly, we receive personal information about you, such as your email address, anything you include in a ‘Contact Us’ or ‘Subscribe’ form, and your IP address.

If you apply for a job, we’ll collect whatever you send us . If you use a third-party platform (e.g., Glassdoor or LinkedIn), we may get whatever additional information they send us.

If you use our Services to connect to Accounts, we may collect: (a) identifiers like name, email address, and phone number, (b) login data, like your username and password, (c) account and routing number, or a security token, and (d) data to help verify your identity and connect your accounts, including your Social Security number, date of birth, security questions and answers, and one-time password (OTP).

When you provide this data, you also give us authority to act on your behalf to access and transmit it.  See our Term of Use for more information.

B. Data From Your Accounts

When you connect Account(s), we collect the personal information that your Account Provider has about you, but only to the extent that it is accessible within your Account. While this information can vary across Account Providers, it can include things like:

  • Income and employment status: paystubs, income, job title, employment status, time and attendance.
  • Information about the account owner: name, address, email, title, phone number, social security or other identifying number, date of birth, contact information.
  • Transaction history: purchases, account balances, statements.
  • Taxes: W2s, tax withholdings, statements, tax documents.
  • Benefits: benefit elections, insurance selections and cost basis, contributions to accounts like FSA and HSA, deferred compensation and 401k contributions.
  • Deposit allocations: existing direct deposit allocations (we can also update this information when requested).
  • Other information visible within your Account. In some cases, your Account may include other personal information about you. This information may be incidentally collected by us because of how our technology works, but it is only held briefly and is automatically deleted. We do not use this information for any purpose other than debugging.

C. Data From The Device You Use To Connect

When you use the Service, we collect information from your device:

  • Location Information: your IP address (which may indicate your general geographic region), timezone setting and location, device location.
  • Device information: hardware model and operating system, browser data, and other technical data about the device.
  • Information from cookies and other technology: we and our third-party partners may collect information using cookies, pixel tags, or similar technologies.  Our third-party partners, such as analytics and advertising partners, may use these technologies to collect information about your online activities over time and across different services.  Cookies are small text files containing a string of alphanumeric characters.  We may use both session cookies and persistent cookies.  A session cookie disappears after you close your browser.  A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our Services.

Please review your web browser’s “Help” file to learn the proper way to modify your cookie settings.  Please note that if you delete or choose not to accept cookies from our Services, you may not be able to utilize the features of our Services to their fullest potential.

  • Usage information: to help us understand how you use our Services and to help us improve it, we automatically receive information about your interactions with our Services, such as the pages or other content you view, the searches you conduct, objects with which you interact, and the dates and times of your visits.

D. Data from the App Provider

App Providers provide us with the identifiers for your financial accounts, such as routing number, account number, account type, etc.

We use this information solely to perform the actions requested by the App Provider (e.g., to edit the settings for your direct deposit allocations).

E. Data from Other Sources (e.g., Service Providers and Identity Verification Services); ‍

When needed to provide a service or to help prevent fraud, abuse, or security threats, we may also receive data about you directly from third parties, including our service providers or identity verification services.

We may receive additional information about you from third parties and combine it with other personal information we have about you.

How We Use The Information We Collect

We use your data for the following business and commercial purposes:

  • Provide, develop, and improve our Services: To operate, provide, and maintain our Services, make them better, and develop new ones.  
  • Help prevent fraud or protect privacy: To help protect you, us, App Providers, and others from fraud, malicious activity, and other privacy and security-related concerns.
  • Develop insights: To develop insights based on the data we’ve collected about you. This includes your income data and data from other sources, to help App Providers provide services and/or a better user experience to you, like providing you with faster access to your funds or helping detect and prevent potentially fraudulent activity.
  • Provide support: To provide support to you or to App Providers, including to help respond to your inquiries related to our services or Apps.
  • Communicate with you: To communicate with you, provide you with updates and other information relating to our Services, provide information that you request, respond to comments and questions, and otherwise provide customer support.
  • Investigate misuse and misconduct: To investigate any misuse of the Service or Apps.
  • For legal purposes: To comply with contractual and legal obligations under applicable law and for other legal purposes such as to establish and defend against claims.
  • With appropriate notice or consent: For other notified purposes with your consent (when necessary) or at your direction.
  • In de-identified and aggregated form (“Aggregated Data”) for any lawful purpose.
  • For compliance purposes: enforcing our Terms of Use or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

How We Share the Information We Collect

We do not share or otherwise disclose personal information we collect from you except as described below or otherwise disclosed to you at the time of the collection.  

  • Marketing:  We do not rent, sell, or share information about you with nonaffiliated companies for their direct marketing purposes.
  • Affiliates: We may share any information we receive with our affiliates for any of the purposes described in this Privacy Policy.
  • Vendors and Service Providers: We may share any information we receive with vendors and service providers retained in connection with the provision of our Services.‍
  • Customers: We may provide the personal information you make available to us through our Services to the Apps and App Providers requesting it. For example, if your lender uses our Services for income verification purposes, we will provide the personal information you make available to us through our Services to your lender with your authorization.
  • Aggregated Data: We may generate or derive from personal information Aggregated Data regarding the general behavior and characteristics of the users of our Services, and we may share such Aggregated Data (e.g., aggregated user statistics) to the extent permitted by applicable law.
  • Analytics Partners:  We use analytics services such as Google Analytics, Retool, Segment, Looker, and Datadog to collect and/or process certain analytics data.  These services may also collect information about your use of other websites, apps, and online resources.  You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/ and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
  • As Required by Law and Similar Disclosures: We may access, preserve, and disclose your personal information if we believe it’s appropriate to: (a) comply with law enforcement requests and legal processes, such as a court order or subpoena; (b) respond to your requests; or (c) protect your, our, or others’ rights, property, or safety.
  • Merger, Sale, or Other Asset Transfers: We may disclose and transfer your personal information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company, or we sell, liquidate, or transfer all or a portion of our business or asset.
  • Consent:  We may also disclose personal information with your permission.

Your Choices

Marketing Communications:  You can unsubscribe from our promotional emails via the link provided in the emails.  Even if you opt out of receiving promotional messages from us, you will continue to receive administrative messages from us.

Do Not Track: There is no accepted standard on how to respond to Do Not Track signals, and we do not respond to such signals.

If you choose not to provide us with the information we collect, some features of our Services may not work as intended.

Security

We take information security seriously. For information, please visit our Information Security page.

International Visitors

Our Services are hosted in the United States and intended for visitors located within the United States.  If you choose to use our Services from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal information outside of those regions to the United States for storage and processing.  Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating our Services.  By providing any information, including personal information, on or to our Services, you consent to such transfer, storage, and processing.

Children's Privacy

We do not knowingly collect, maintain, or use personal information from children under 16 years of age, and no parts of our Services are directed to minors.  If you learn that a minor has provided us with personal information in violation of this Privacy Policy, please alert us at hello@pinwheelapi.com.

Changes to this Privacy Policy

We will post any adjustments to the Privacy Policy on this page, and the revised version will be effective when it is posted.  If we materially change the ways in which we use or share personal information previously collected from you through our Services, we will attempt to notify you through our Services, by email, or by other means.

Contact information

If you have any questions, comments, or concerns about our processing activities, please email us at privacy@pinwheelapi.com or write to us at:

Pinwheel
335 Madison Avenue
Floor 16
New York, NY 10017

Furnisher End User Terms of Use

Last Updated: June 20, 2023.

Welcome to Pinwheel!

This Agreement (“Agreement”) provides a simple explanation of what we do, the relationship between Pinwheel and you, and each of our rights and responsibilities.  If you don't agree with this Agreement, you can choose not to use Pinwheel.

Important Notice About Arbitration And Data Sharing

Before we get into the details, a few notes:

THIS AGREEMENT INCLUDES A BINDING ARBITRATION PROVISION THAT CONTAINS A CLASS ACTION WAIVER. IT WILL HAVE A SUBSTANTIAL EFFECT ON YOUR RIGHTS IN THE EVENT OF A DISPUTE UNLESS YOU OPT OUT. Please refer to the “Arbitration” section for more information.

Also, you’re asking us to share information about you with a third party (the company that sent you to this screen) and in order to do that, we have to share it with our internal Pinwheel company (an affiliate) that is set up to then pass it on to that third party.  We know that doesn’t sound that interesting, but we want to make sure this is clear for legal reasons.  So: PINWHEEL FURNISHER CO. D/B/A PINWHEEL SHARES DATA ABOUT YOU WITH PINWHEEL CRA CO. D/B/A PINWHEEL, AN AFFILIATE.

YOU HAVE THE RIGHT TO OPT OUT OF THIS INFORMATION SHARING by simply exiting the experience and not having us send your data to the third party. Please see How Pinwheel Uses Your Data for more detail.

About Pinwheel

Pinwheel enables you (“You” or “End Users”) to connect your financial and payroll data (e.g., income, paystubs, employment status, time and attendance, W2s, taxes, direct deposit allocations, identity information) to software applications that help you access credit, file taxes, switch bank accounts, and access financial products. We do not offer these financial products ourselves, but we facilitate your access to them by helping you provide your data to the third-party companies that do.

Pinwheel Furnisher Co. d/b/a Pinwheel (“Pinwheel,” “we,” “our,” or “us”) provides services that enable you to connect your payroll data to websites or applications (“Services”).

  • On one side, you have payroll or other accounts (each, an “Account”) with a third-party payroll provider, a government entity, etc. (an “Account Provider”).
  • On the other side, you have websites and applications (the “App(s)”) made by other third parties (the “App Provider”).  They need data to provide you with certain functions and features.  
  • In the middle of both sides is us. We engage with you to understand more about your employment and financial status by logging into your Accounts on your behalf. We then report our experiences to our affiliate, Pinwheel CRA Co. d/b/a Pinwheel, unless you opt out of such sharing. Our affiliate makes sure this information is sent to your App Provider though, so if you opt out, you’ll need to find another way to have your data sent to your App Provider.  

Example 1: You work at EmployerCo and you want to get a financial product from FinancialCo. EmployerCo uses a payroll provider named PayrollCo (that’s the company whose product or website you use when you want to see your paystubs or change your benefits).  FinancialCo needs information from your payroll account (e.g., income, paystubs, employment status, time and attendance, W2s, taxes, direct deposit allocations, identity information).  You could log in yourself, take screenshots, search around, and download PDFs and email it to FinancialCo, if you wanted (and if they accepted it).  Or you can use Pinwheel to pull your data about your employment at EmployerCo automatically.  We log into PayrollCo on your behalf, pull the data, and send it to FinancialCo.

Example 2: You work at EmployerCo and want to get a new bank account with BankCo.  You have PayrollCo as your payroll provider.  BankCo wants to help you switch your direct deposit from your old bank (or wherever else you sent your paychecks).  BankCo hires Pinwheel and tells us, “Help [this user] switch over their direct deposit allocation to [this new bank account].”  We pull information from your Account (via your Account Provider) and send it to BankCo, and then we also tell PayrollCo “here’s [this user’s] [new bank account information], send their paychecks there from now on.”  We do not transmit or take custody of the money, but instead just enable you, the App, and your Account to communicate so that the money is transferred to your new account.  

About this Agreement (And Other Ones You May Have)

This Agreement is specific to your relationship with Pinwheel.  It does not cover what developers of the apps you use do with your data (reminder: in this Agreement, we call them “Apps” and “App Providers”).  The Apps, App Providers, and Accounts are not part of our Services and we’re not responsible for them.

We just mentioned examples where you are employed by EmployerCo, have your employment data held at PayrollCo, and want to get a product from FinancialCo/BankCo.  You probably have contracts (e.g., terms and conditions, privacy policy, etc.) with each of them.  You should review them.  They’re separate from this Agreement.  

Pinwheel is not responsible for any nonpayment of funds, payment of funds to an incorrect direct deposit account, or any other issues related to the disbursement of funds to or from Accounts.

How Pinwheel Uses Your Data

Please review our Privacy Policy to learn how we collect, use, store, and disclose data and personal information. By entering into this Agreement, you agree to use of your personal information in accordance with our privacy policy. If you have questions, contact us at fcra@pinwheelapi.com.  The privacy policy of Pinwheel is incorporated by this reference into, and made a part of, this Agreement.

Pinwheel may also report information about your linked Account to Pinwheel CRA Co., a consumer reporting agency. In turn, Pinwheel CRA Co. may use that information to enable third parties, like your App Provider, to evaluate your eligibility for credit, insurance, employment or other purposes authorized under the Fair Credit Reporting Act, 15 U.S.C. 1681a et seq.You may contact us to opt out of our sharing of information about your Accounts to Pinwheel CRA Co. We do things this way to ensure that a consumer reporting agency is involved, which ensures that you can exercise the rights that you have when your data is shared for certain purposes, like to evaluate your eligibility for credit, insurance, employment.  If you think we reported erroneous information to Pinwheel CRA Co., contact us. We will promptly investigate the matter. We will then tell you if we agree or disagree with you. If we agree, we will contact Pinwheel CRA Co. and will request that they correct the information they have on file for you. If we disagree with you after our investigation, we will tell you in writing or by telephone and instruct you how to submit a statement of your position to Pinwheel CRA Co. Your statement will become a part of your record with Pinwheel CRA Co.

Some of Your Key Responsibilities and Consent

By using the Services, you agree that:

  • You’re at least 18 years old.
  • You haven’t been suspended or removed from using the Services.
  • You have all necessary rights to use our Services and are complying with all relevant terms that apply to your use of your Accounts, the App, and your relationship with the App Provider.  
  • You’re complying with all laws and regulations applicable to your use of the Services, as well as any rules and guidelines that we post.
  • You authorize Pinwheel to use your Account credentials as your agent in order to (a) access and use the information in your Account, and (b) operate the Services and enable communication between the App and your Account, including specifying or changing the account into which your paychecks and other payments will be deposited, all in accordance with your instructions and consent.  
  • You give Pinwheel durable consent (i.e., recurring access).  Some implementations/App Providers require it (e.g., tax providers may need recurring access to pull yearly tax forms).  Please refer to your App Provider for more detail on what data they collect and how it is used.
  • If you’re using Pinwheel to switch direct deposit providers, you also grant us, as your agent, the ability to control and change the destination account into which your paycheck or other payment to you is deposited from the Account.
  • You are giving Pinwheel, the App Provider, and your Account Provider accurate information (e.g., identity information, account and routing numbers, etc.).  You’re accessing your own Account(s) and information and not anyone else’s.  
  • You authorize us to rely on the information that you provide to us, the App Provider and your Account Provider and you waive all liability for inaccuracies or errors (which could cause delayed deposits or problems with signing up or using the App).
  • Your use of the Services doesn’t violate any laws, is not fraudulent or inappropriate, and doesn’t violate anyone’s rights (e.g., intellectual property).  
  • You will not (a) modify, reverse engineer or try to gain unauthorized access to the Services or related systems, data or source code, or (b) bypass or circumvent security or protective measures designed to prevent or limit access to any part of the Services.

Termination and Modifications

We may update or change this Agreement. If we do, we’ll post the new policy on our website and update the effective date at the top of the page.  

We can turn off your access to the Services at any time, without notice and in our discretion. Pinwheel will have no liability for any change to the Services or any suspension or termination of access.  

You may terminate your Pinwheel account and this Agreement at any time by contacting customer service at hello@pinwheelapi.com. Except for your right to use the Services, the following sections of the Agreement will survive any termination: Arbitration, Indemnity, Disclaimers & Limitations, and Miscellaneous.

Disclaimers and Limitations

The Services are provided "as is" and "as available.”  Your use of the Services is at your own discretion and risk.  Pinwheel, its affiliates, service providers, and vendors do not make any representations or warranties, whether express, implied, statutory, or otherwise. This includes any implied warranties of merchantability, title, fitness for a particular purpose, or non-infringement. Pinwheel does not warrant that the use of its Services will be uninterrupted or error-free. Additionally, Pinwheel cannot guarantee that your data will be accurate, complete, or secure, or that it will maintain any data without loss.

To the extent allowed by law, Pinwheel and its affiliates, service providers, and vendors are not responsible for:

  • any issues related to third-party products or services, including errors, defects, or security problems
  • any incorrect information you provide or any actions taken by third-party providers
  • any payment failures, late or incorrect payments, overdraft fees, or inaccurate delivery of information, even if caused by our Services
  • any indirect, special, incidental, reliance, exemplary, or consequential damages or any damages exceeding the amount you paid us to use the Services or $100, whichever is greater.

These limitations and disclaimers apply to the fullest extent permitted by law. Each provision in this agreement that limits liability or disclaims warranties is intended to allocate risks between the parties, and each provision is independent of all others.

Indemnity

You are responsible for using the Services, App, and Account properly, and you must defend and compensate Pinwheel and its employees, affiliates, and vendors (“Pinwheel Entities”) if someone claims that you did something wrong while using them (misusing the Services, App, or Account, breaking the rules in this Agreement, or violating a law or regulation). This includes compensating Pinwheel Entities for any expenses, such as legal fees, that result from the claim. You may also have to compensate Pinwheel Entities if you violate someone else's rights, such as their intellectual property, privacy, or publicity rights, or if you have a disagreement with someone else, such as the App Provider or Account Provider. Pinwheel has the right to take over the defense of any claim that requires indemnification, but you still need to cooperate with Pinwheel.

Arbitration

By entering into the agreement, the parties waive the right to a trial by jury or participation in a class action.  Every dispute arising out of or relating to this Agreement, or use of the Services, will be resolved by binding arbitration (though there are a couple exceptions to this, see below).  

Exceptions.  Nothing in this Agreement will limit the right of either party to: (a) bring an individual action in small claims court; (b) pursue an enforcement action through the applicable federal, state, or local agency if that action is available; (c) seek injunctive relief in a court of law in aid of arbitration; or (d) to file suit in a court of law to address an intellectual property infringement claim.

Opting Out. You can opt out of this within 30 days after agreeing to this Agreement by sending a letter to Underdog Technologies Inc, DBA Pinwheel, Attention: Legal Department – Arbitration Opt-Out, 335 Madison Ave, Floor 16, New York NY 10017 that specifies: [your full legal name, the email address associated with your account on the Service, and a statement that you wish to opt out of arbitration] (“Opt-Out Notice”). Once we receive it, you won’t be obligated to use arbitration.  The remaining provisions of this Agreement will not be affected by your Opt-Out Notice.

Arbitrator. Any arbitration between you and Pinwheel will be settled under the Federal Arbitration Act and administered by the American Arbitration Association (“AAA”) under its Consumer Arbitration Rules (collectively, “AAA Rules”) as modified by this Agreement. The AAA Rules and filing forms are available online at www.adr.org, by calling the AAA at 18007787879, or by contacting Pinwheel.

The arbitrator has exclusive authority to resolve any dispute relating to the interpretation, applicability, or enforceability of this binding arbitration agreement.

Notice of arbitration; process. A party who wants arbitration must first send a written notice of the dispute to the other party by certified U.S. Mail or by Federal Express (signature required) or, only if that other party has not provided a current physical address, then by electronic mail (“Notice of Arbitration”).

Pinwheel’s address for Notice is: Underdog Technologies Inc, DBA Pinwheel, 335 Madison Ave, Floor 16, New York NY 10017. The Notice of Arbitration must: (a) describe the nature and basis of the claim or dispute; and (b) set forth the specific relief sought (“Demand”). The parties will make good faith efforts to resolve the claim directly, but if the parties do not reach an agreement within 30 days, you or Pinwheel may commence arbitration. All arbitration proceedings will be confidential unless otherwise agreed in writing. During the arbitration, the amount of any settlement offer made by you or Pinwheel must not be disclosed to the arbitrator until after the arbitrator makes a final decision and award, if any. If the arbitrator awards you an amount higher than the last written settlement amount offered by Pinwheel in settlement of the dispute prior to the award, Pinwheel will pay to you the higher of: (i) the amount awarded by the arbitrator; or (ii) $10,000.

Fees. If you commence arbitration in accordance with this Agreement, Pinwheel will reimburse you for your payment of the filing fee, unless your claim is for more than $10,000, in which case the payment of any fees will be decided by the AAA Rules. Any arbitration hearing will take place at a location to be agreed upon in New York county, New York, but if the claim is for $10,000 or less, you may choose whether the arbitration will be conducted: (a) solely on the basis of documents submitted to the arbitrator; (b) through a non-appearance based telephone hearing; or (c) by an in-person hearing as established by the AAA Rules in the county (or parish) of your billing address. If the arbitrator finds that either the substance of your claim or the relief sought in the Demand is frivolous or brought for an improper purpose (as measured by the standards set forth in Federal Rule of Civil Procedure 11(b)), then the payment of all fees will be governed by the AAA Rules. In that case, you agree to reimburse Pinwheel for anything already paid that was otherwise your obligation to pay under the AAA Rules. Regardless of the manner in which the arbitration is conducted, the arbitrator must issue a reasoned written decision sufficient to explain the essential findings and conclusions on which the decision and award, if any, are based. The arbitrator may make rulings and resolve disputes as to the payment and reimbursement of fees or expenses at any time during the proceeding and upon request from either party made within 14 days of the arbitrator’s ruling on the merits.

No class actions. YOU AND PINWHEEL AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. Further, unless both you and Pinwheel agree otherwise, the arbitrator may not consolidate more than one person’s claims, and may not otherwise preside over any form of a representative or class proceeding.

Modifications to this arbitration provision. If Pinwheel makes any future change to this arbitration provision, other than a change to Pinwheel’s address for Notice of Arbitration, you may reject the change by sending us written notice within 30 days of the change to Pinwheel’s address for Notice of Arbitration, in which case your account with Pinwheel, and right to use the Services and functionality it enables in the App, will be immediately terminated and this arbitration provision, as in effect immediately prior to the changes you rejected will survive.

Enforceability. If any of this Section (“Arbitration”) is found to be unenforceable, or if Pinwheel receives an Opt-Out Notice from you, then the entirety of this Section will be null and void and, in that case, exclusive jurisdiction and venue described below will govern any action arising out of or related to this Agreement.

Notices

Pinwheel may provide notices or communications to you through the email associated with your Pinwheel profile, through pinwheelapi.com or through other reasonable methods. All notices, requests and other communications to Pinwheel under this Agreement must be in writing to hello@getpinwheel.com.

Miscellaneous

Entire agreement. This Agreement, together with Pinwheel’s Privacy Policy and any other agreements expressly incorporated by reference into this Agreement, are the entire and exclusive understanding and agreement between you and Pinwheel regarding your use of the Services.

Assignment. You may not assign or transfer this Agreement or your rights under this Agreement, in whole or in part, by operation of law or otherwise, without our prior written consent. We have the right to assign and otherwise transfer this Agreement at any time without notice or consent.

No Waiver. No waiver will be valid unless in writing and signed by the party to be charged with the waiver.

Enforceability. If any part of these Terms is held to be illegal, invalid or unenforceable, the illegal, invalid or unenforceable part will be given effect to the greatest extent possible, and the remaining parts will remain in full force and effect.

Governing law. Subject to the Arbitration section above, this Agreement, and all disputes regarding your relationship with Pinwheel shall be governed by the laws of the State of New York without regard to conflict of law principles. You and Pinwheel submit to the personal and exclusive jurisdiction of the state courts and federal courts having within their jurisdiction New York County, New York.

Consent to electronic communications. You consent to receive certain electronic communications from us as further described in our Privacy Policy. Please read our Privacy Policy to learn more about our electronic communications practices. You agree that any notices, agreements, disclosures, or other communications we send to you electronically will satisfy any legal communication requirements, including those communications being in writing.

Contact information. The Services are offered by Underdog Technologies Inc., DBA Pinwheel, located at 335 Madison Ave, Floor 16, New York NY 10017. You may contact us by sending correspondence to that address or by emailing us at hello@pinwheelapi.com.

Use of services limited to the United States of America. The Services are intended only for individuals located within the United States. We make no representation that the Services are appropriate or available for use outside of the United States.  Access to or use of the Services from anywhere or by anyone that would make them illegal or this Agreement invalid is prohibited.

Furnisher Privacy Policy

Last Updated: June 20, 2023.

This Privacy Policy explains how we collect, use, and share your information to operate and improve our services.  By using Pinwheel, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy.  Beyond this Privacy Policy, your use of our Services is also subject to our Terms of Service.

About Pinwheel

Pinwheel enables you (“You” or “End Users”) to connect your financial and payroll data (e.g., income, paystubs, employment status, time and attendance, W2s, taxes, direct deposit allocations, identity information) to software applications that help you access credit, file taxes, switch bank accounts, and access financial products. We do not offer these financial products ourselves, but we facilitate your access to them by helping you provide your data to the third-party companies that do.

Pinwheel Furnisher Co. d/b/a Pinwheel (“Pinwheel,” “we,” “our,” or “us”) provides services that enable you to connect your payroll data to websites or applications (“Services”).

  • On one side, you have payroll or other accounts (each, an “Account”) with a third-party payroll provider, a government entity, etc. (an “Account Provider”).
  • On the other side, you have websites and applications (the “App(s)”) made by other third parties (the “App Provider”).  They need data to provide you with certain functions and features.  
  • In the middle of both sides is us. We engage with you to understand more about your employment and financial status by logging into your Accounts on your behalf. We then report our experiences to our affiliate, Pinwheel CRA Co. d/b/a Pinwheel, unless you opt out of such sharing. Our affiliate makes sure this information is sent to your App Provider though, so if you opt out, you’ll need to find another way to have your data sent to your App Provider.  

Example 1: You work at EmployerCo and you want to get a financial product from FinancialCo. EmployerCo uses a payroll provider named PayrollCo (that’s the company whose product or website you use when you want to see your paystubs or change your benefits).  FinancialCo needs information from your payroll account (e.g., income, paystubs, employment status, time and attendance, W2s, taxes, direct deposit allocations, identity information).  You could log in yourself, take screenshots, search around, and download PDFs and email it to FinancialCo, if you wanted (and if they accepted it).  Or you can use Pinwheel to pull your data about your employment at EmployerCo automatically.  We log into PayrollCo on your behalf, pull the data, and send it to FinancialCo.

Example 2: You work at EmployerCo and want to get a new bank account with BankCo.  You have PayrollCo as your payroll provider.  BankCo wants to help you switch your direct deposit from your old bank (or wherever else you sent your paychecks).  BankCo hires Pinwheel and tells us, “Help [this user] switch over their direct deposit allocation to [this new bank account].”  We pull information from your Account (via your Account Provider) and send it to BankCo, and then we also tell PayrollCo “here’s [this user’s] [new bank account information], send their paychecks there from now on.”  We do not transmit or take custody of the money, but instead just enable you, the App, and your Account to communicate so that the money is transferred to your new account.    

About This Privacy Policy (And Other Agreements You May Have)

This Policy is specific to your relationship with Pinwheel. It does not cover what others do with your data , such as developers of third party apps you use (reminder: we call them “Apps” and “App Providers”). The Apps, App Providers, and Accounts are not part of our Services and we’re not responsible for them.

We just mentioned examples where you are employed by EmployerCo, have your employment data held at PayrollCo, and want to get a product from FinancialCo/BankCo. You probably have contracts (e.g., terms and conditions, privacy policy, etc.) with each of these types of companies. You should review them. They’re separate from this Privacy Policy.

Data We Collect

The data we collect, use, and share depends on the Services you use.  We may collect:

  • Data you provide to us;
  • Data from your Accounts;
  • Data from the device you use to connect;
  • Data from the developer of the App you have connected to; and
  • Data from other sources, such as our service providers.

A. Data You Provide to Us

If you contact us directly, we receive personal information about you, such as your email address, anything you include in a ‘Contact Us’ or ‘Subscribe’ form, and your IP address.

If you apply for a job, we’ll collect whatever you send us[1] . If you use a third-party platform (e.g., Glassdoor or LinkedIn), we may get whatever additional information they send us.

If you use our Services to connect to Accounts, we may collect: (a) identifiers like name, email address, and phone number; (b) login data, like your username and password, (c) account and routing number, or a security token, and (d) data to help verify your identity and connect your accounts, including your Social Security number, date of birth, security questions and answers, and one-time password (OTP).

When you provide this data, you also give us authority to act on your behalf to access and transmit it.  See our Terms of Service for more information.

B. Data From Your Accounts

When you connect Account(s), we collect the personal information that your Account Provider has about you, but only to the extent that it is accessible within your Account. While this information can vary across Account Providers, it can include things like:

  • Income and employment status: paystubs, income, job title, employment status, time and attendance;
  • Information about the account owner: name, address, email, title, phone number, social security or other identifying number, date of birth, contact information;  
  • Taxes: W2s, tax withholdings, statements, tax documents;
  • Benefits: benefit elections, insurance selections and cost basis, contributions to accounts like FSA and HSA, deferred compensation and 401k contributions;
  • Deposit allocations: existing direct deposit allocations (we can also update this information when requested).
  • Other information visible within your Account. In some cases, your Account may include other personal information about you. This information may be incidentally collected by us because of how our technology works, but it is only held briefly and is automatically deleted. We do not use this information for any purpose other than debugging.

C. Data From The Device You Use To Connect

When you use the Service, we collect information from your device:

  • Location Information: your IP address (which may indicate your general geographic region), timezone setting and location, device location;
  • Device information: hardware model and operating system, browser data, and other technical data about the device;
  • Information from cookies and other technology: we and our third-party partners may collect information using cookies, pixel tags, or similar technologies.  Our third-party partners, such as analytics and advertising partners, may use these technologies to collect information about your online activities over time and across different services.  Cookies are small text files containing a string of alphanumeric characters.  We may use both session cookies and persistent cookies.  A session cookie disappears after you close your browser.  A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our Services.

Please review your web browser’s “Help” file to learn the proper way to modify your cookie settings.  Please note that if you delete or choose not to accept cookies from our Services, you may not be able to utilize the features of our Services to their fullest potential.

  • Usage information: to help us understand how you use our Services and to help us improve it, we automatically receive information about your interactions with our Services, such as the pages or other content you view, the searches you conduct, objects with which you interact, and the dates and times of your visits.

D. Data from the App Provider

App Providers provide us with the identifiers for your financial accounts, such as routing number, account number, account type, etc.

We use this information solely to perform the actions requested by the App Provider (e.g., to edit the settings for your direct deposit allocations).

E. Data from Other Sources (e.g., Service Providers and Identity Verification Services); ‍

When needed to provide a service or to help prevent fraud, abuse, or security threats, we may also receive data about you directly from third parties, including our service providers or identity verification services.

We may receive additional information about you from third parties and combine it with other personal information we have about you.

How We Use The Information We Collect

We use your data for the following business and commercial purposes:

  • Furnishing: To furnish it to Pinwheel CRA Co., which provides it to Customers for use for permissible purposes under the Fair Credit Reporting Act (as outlined in our Furnisher End User Terms);
  • Provide, develop, and improve our Services: To operate, provide, and maintain our Services, make them better, and develop new ones.  
  • Help prevent fraud or protect privacy: To help protect you, us, App Providers, and others from fraud, malicious activity, and other privacy and security-related concerns.
  • Develop insights: To develop insights based on the data we’ve collected about you. This includes your income data and data from other sources, to help App Providers provide services and/or a better user experience to you, like providing you with faster access to your funds or helping detect and prevent potentially fraudulent activity.
  • Provide support: To provide support to you or to App Providers, including to help respond to your inquiries related to our services or Apps.
  • Communicate with you: To communicate with you, provide you with updates and other information relating to our Services, provide information that you request, respond to comments and questions, and otherwise provide customer support.
  • Investigate misuse and misconduct: To investigate any misuse of the Service or Apps.
  • For legal purposes: To comply with contractual and legal obligations under applicable law and for other legal purposes such as to establish and defend against claims.
  • With appropriate notice or consent: For other notified purposes with your consent (when necessary) or at your direction.
  • In de-identified and aggregated form (“Aggregated Data”) for any lawful purpose.
  • For compliance purposes: enforcing our Terms of Service or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

How We Share the Information We Collect

We do not share or otherwise disclose personal information we collect from you except as described below or otherwise disclosed to you at the time of the collection.  

  • Furnishing: We may provide the personal information you make available to us through our Services to Pinwheel CRA Co, which then shares it with the App Provider who is requesting your personal information. For example, if your lender uses our Services for income verification purposes, we will provide the personal information you make available to us through our Services to Pinwheel CRA Co., who, in turn, provides it to your lender with your authorization.
  • Marketing:  We do not rent, sell, or share information about you with nonaffiliated companies for their direct marketing purposes.
  • Affiliates: We may share any information we receive with our affiliates for any of the purposes described in this Privacy Policy.
  • Vendors and Service Providers: We may share any information we receive with vendors and service providers retained in connection with the provision of our Services.‍
  • Customers: We may provide the personal information you make available to us through our Services to the Apps and App Providers requesting it. For example, if your lender uses our Services for income verification purposes, we will provide the personal information you make available to us through our Services to your lender with your authorization.
  • Aggregated Data: We may generate or derive from personal information Aggregated Data regarding the general behavior and characteristics of the users of our Services, and we may share such Aggregated Data (e.g., aggregated user statistics) to the extent permitted by applicable law.
  • Analytics Partners:  We use analytics services such as Google Analytics, Retool, Segment, Looker, and Datadog to collect and/or process certain analytics data.  These services may also collect information about your use of other websites, apps, and online resources.  You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/ and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
  • As Required by Law and Similar Disclosures: We may access, preserve, and disclose your personal information if we believe it’s appropriate to: (a) comply with law enforcement requests and legal processes, such as a court order or subpoena; (b) respond to your requests; or (c) protect your, our, or others’ rights, property, or safety.
  • Merger, Sale, or Other Asset Transfers: We may disclose and transfer your personal information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our business or assets.
  • Consent:  We may also disclose personal information with your permission.

Your Choices

Marketing Communications:  You can unsubscribe from our promotional emails via the link provided in the emails.  Even if you opt out of receiving promotional messages from us, you will continue to receive administrative messages from us.

Do Not Track: There is no accepted standard on how to respond to Do Not Track signals, and we do not respond to such signals.

If you choose not to provide us with the information we collect, some features of our Services may not work as intended.

Security

We take information security seriously. For information, please visit our Information Security page.

International Visitors

Our Services are hosted in the United States and intended for visitors located within the United States.  If you choose to use our Services from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal information outside of those regions to the United States for storage and processing.  Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating our Services.  By providing any information, including personal information, on or to our Services, you consent to such transfer, storage, and processing.

Children's Privacy

We do not knowingly collect, maintain, or use personal information from children under 16 years of age, and no parts of our Services are directed to Minors.  If you learn that a Minor has provided us with personal information in violation of this Privacy Policy, please alert us at hello@pinwheelapi.com.

Changes to this Privacy Policy

We will post any adjustments to the Privacy Policy on this page, and the revised version will be effective when it is posted.  If we materially change the ways in which we use or share personal information previously collected from you through our Services, we will attempt to notify you through our Services, by email, or by other means.

Contact information

If you have any questions, comments, or concerns about our processing activities, please email us at privacy@pinwheelapi.com or write to us at:

Pinwheel
335 Madison Avenue
Floor 16
New York, NY 10017

Whistleblower protection policy

Last Updated: June 23, 2020.

Underdog Technologies, Inc. dba Pinwheel (“Pinwheel”) requires directors, officers and employees to observe high standards of business and personal ethics in the conduct of their duties and responsibilities. As employees and representatives of the Pinwheel, we must practice honesty and integrity in fulfilling our responsibilities and comply with all applicable laws and regulations.


Reporting responsibility

This Whistleblower Policy is intended to encourage and enable employees and others to raise serious concerns internally so that Pinwheel can address and correct inappropriate conduct and actions. It is the responsibility of all board members, officers, employees and volunteers to report concerns about violations of Pinwheel’s code of ethics or suspected violations of law or regulations that govern Pinwheel’s operations.


No retaliation

It is contrary to the values of Pinwheel for anyone to retaliate against any board member, officer, employee or volunteer who in good faith reports an ethics violation, or a suspected violation of law, such as a complaint of discrimination, or suspected fraud, or suspected violation of any regulation governing the operations of Pinwheel. An employee who retaliates against someone who has reported a violation in good faith is subject to discipline up to and including termination of employment


Reporting procedure

Pinwheel has an open door policy and suggests that employees share their questions, concerns, suggestions or complaints with their supervisor. If you are not comfortable speaking with your supervisor or you are not satisfied with your supervisor’s response, you are encouraged to speak with the Board of Directors. All correspondences should go to hello@pinwheelapi.com. The Chief Compliance Officer is the only one who will receive access to that inbox. Supervisors and managers are required to report complaints or concerns about suspected ethical and legal violations in writing to the Pinwheel’s Chief Compliance Officer, who has the responsibility to investigate all reported complaints. Employees with concerns or complaints may also submit their concerns in writing directly to their supervisor or the Board of Directors or the organization’s Chief Compliance Officer.


Accounting and auditing matters

Pinwheel’s Chief Compliance Officer shall immediately notify the Board of Directors of any concerns or complaint regarding corporate accounting practices, internal controls or auditing and work with the committee until the matter is resolved.


Acting in good faith

Anyone filing a written complaint concerning a violation or suspected violation must be acting in good faith and have reasonable grounds for believing the information disclosed indicates a violation. Any allegations that prove not to be substantiated and which prove to have been made maliciously or knowingly to be false will be viewed as a serious disciplinary offense.


Confidentiality

Violations or suspected violations may be submitted on a confidential basis by the complainant. Reports of violations or suspected violations will be kept confidential to the extent possible, consistent with the need to conduct an adequate investigation.


Handling of reported violations

Pinwheel’s Chief Compliance Officer will notify the person who submitted a complaint and acknowledge receipt of the reported violation or suspected violation. All reports will be promptly investigated and appropriate corrective action will be taken if warranted by the investigation. Chief Compliance Officer: Curtis Lee, Member of the Board of Directors.

Pinwheel Vulnerability Disclosure Policy

Last Updated: April 8, 2022.

Pinwheel is committed to ensuring the safety and security of our users. Toward this end, Pinwheel has now formalized our policy for accepting vulnerability reports in our products. We hope to foster an open partnership with the security community, and we recognize that the work the community does is important in continuing to ensure safety and security for all of our customers. We have developed this policy to both reflect our company values and to uphold our legal responsibility to good-faith security researchers that are providing us with their expertise.


Initial scope

Pinwheel’s Vulnerability Disclosure Program initially covers the following products:

While Pinwheel may develop other products, we ask that all security researchers submit vulnerability reports only for the stated product list. We intend to increase our scope as we build capacity and experience with this process.

Within the above product list, we will address vulnerabilities, but the following issues are out of scope:

  • Any activity that could lead to the disruption of our service (DoS).
  • Attacks requiring MITM (Man in the Middle)
  • Clickjacking on pages with no sensitive actions.
  • Unauthenticated/logout/login CSRF.
  • Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS
  • User account enumeration
  • Vulnerabilities that require attackers to use social engineering to access another user's authenticated session, tokens, or require physical access to their devices.
  • Issues that depend on unpatched or outdated browsers or mobile platforms
  • Vulnerabilities as reported by automated tools without additional analysis as to how they're an issue.
  • Version disclosure, detailed error messages, and any other findings whose only security impact is ‘attacker reconnaissance’
  • SPF and email antispam 'hygiene' issues.


How to Submit a Vulnerability

To submit a vulnerability report to Pinwheel’s Product Security Team, please utilize the following email: security@pinwheelapi.com.


Preference, Prioritization, and Acceptance Criteria

We will use the following criteria to prioritize and triage submissions.  

What we would like to see from you:

  • Well-written reports in English will have a higher chance of resolution.
  • Reports that include proof-of-concept code equip us to better triage.
  • Reports that include only crash dumps or other automated tool output may receive lower priority.
  • Reports that include products not on the initial scope list may receive lower priority.
  • Please include how you found the bug, the impact, and any potential remediation.

What you can expect from us:

  • A timely response to your email (within 2 business days).
  • After triage, we will send an expected timeline and commit to being as transparent as possible about the remediation timeline as well as on issues or challenges that may extend it.
  • An open dialog to discuss issues.
  • Notification when the vulnerability analysis has completed each stage of our review.
  • Credit after the vulnerability has been validated and fixed.

Master Services Agreement

Last Updated: December 11, 2024

THIS MASTER SERVICES AGREEMENT (“AGREEMENT”) GOVERNS CUSTOMER’S ACQUISITION AND USE OF PINWHEEL’S PRODUCTS AND SERVICES. CAPITALIZED TERMS HAVE THE DEFINITIONS SET FORTH HEREIN.  BY EXECUTING AN ORDER THAT REFERENCES THIS MASTER SERVICES AGREEMENT CUSTOMER ACCEPTS AND AGREES TO BE BOUND BY THE TERMS OF THIS AGREEMENT. PINWHEEL MAY MODIFY THIS AGREEMENT FROM TIME TO TIME, SUBJECT TO THE TERMS SET FORTH IN SECTION 12.7 BELOW.

If an individual is accepting this Agreement on behalf of Customer, such individual represents that they have the authority to bind Customer to the terms of this Agreement. If the individual accepting this Agreement does not have such authority, such individual must not accept this Agreement and Customer may not use Pinwheel’s products or services.

This Agreement was last updated on December 11, 2024, and is effective between Customer and Underdog Technologies, Inc. dba Pinwheel as of the date of Customer accepting this Agreement.

Background

Pinwheel is in the business of developing and commercializing cloud-based products and services intended to simplify interactions with consumer payroll, financial, and subscription accounts.

Pinwheel Deposit Switch enables Pinwheel’s customers to offer a service to their clients, whereby such clients may quickly and easily direct their paycheck from their payroll provider to their account with Pinwheel’s customer. In providing this service, Pinwheel does not directly handle or store consumer funds, but instead provides a mechanism by which funds are allocated from the payroll provider to the consumer’s account with Pinwheel’s customer.

Pinwheel Verify allows Pinwheel’s customers to verify an individual’s income or employment, and Pinwheel Earnings Stream allows Pinwheel’s customers to enable the provision of wages to their clients on a more frequent cadence than a typical bi-weekly salary schedule.

Bill Navigator allows Pinwheel’s customers to offer a service to their clients whereby such clients may manage their subscription accounts and switch their bill payment accounts to their account with Pinwheel’s customers.  In providing this service, Pinwheel does not directly handle or store payments or manage subscriptions, but instead provides a mechanism by which bill payments are switched to and subscriptions are managed through the consumer’s account with Pinwheel’s customer.

In providing these services, Pinwheel obtains the Express Consent (defined below) of each individual consumer utilizing the services so that Pinwheel may utilize their Consumer Credentials (defined below) to access the consumer’s payroll provider platform, bank accounts, and subscription accounts to collect, capture, and access certain data from the user interface of those Account (defined below) providers. To enable such access, Pinwheel also relies upon Pinwheel’s customer to provide information about each consumer, including each consumer’s applicable Account and routing numbers.

Terms

1. Definitions

1.1 “Account” means any (i) account or government portal that describes salary, wages or benefits received by a Consumer from a payor and enables the Consumer to specify the deposit account into which the salary, wages or benefits will be deposited; (ii) deposit or card account with which a Consumer makes payments; and (ii) any account with a merchant offering goods or services on a subscription basis.

1.2 “Account Terms” means all terms under which Consumer is allowed to access and use his or her Account.

1.3 “API” means the proprietary application programming interface made available by Pinwheel to enable Services as described in the API Materials.

1.4 “API Key” means a digital credential issued by Pinwheel to Customer that enables access to and use of the API.

1.5 “API Materials” means all of the documentation, code and other materials related to the API that are made available by Pinwheel at docs.getpinwheel.com as such documentation, code, materials, and URL may be updated by Pinwheel from time to time.

1.6 “Bill Navigator Services” means the particular Service designated as Bill Navigator on the Order.

1.7 “Consumer” means a natural person obtaining goods or services for personal, family, or household purposes from Customer and with whom Customer has a contractual relationship.

1.8 “Consumer Credentials” mean the applicable credentials and other Consumer information a Consumer utilizes to access such Consumer’s Account that are provided to Pinwheel by the Consumer via a user interface made available by Pinwheel through the Service.

1.9 “Consumer Data” means the data obtained from a Consumer’s Account.

1.10 “Customer Provided Information” means routing numbers and account numbers for Consumer bank accounts (or other financial institution accounts), as well as any other identifying information about a Consumer or other individual (including Personal Information), provided (or previously provided) to Pinwheel or the Service by Customer.

1.11 “Customer Solution” means any solution developed, marketed, and commercialized by Customer on its own behalf in or for which the API is used and integrated pursuant to this Agreement.

1.12 “Customer User” means an employee, contractor or agent of Customer that accesses and uses the Services or API Materials using Customer Credentials (defined in Section 2.2 below) solely on behalf of Customer or the Consumer (and not any third party).

1.13 “Express Consent” means the electronic or written communication, including acceptance of electronic “click through” or “browse-wrap” terms, from a Consumer to Pinwheel granting permission for Pinwheel to access and use such Consumer’s information, and other grants of authority, including an Open Banking Authorization (defined in Section 4.1(d)), either on a one-time or continuous basis.

1.14 “Order” means a mutually agreed and executed order form referencing and incorporating this Agreement and setting forth the particular Services to be provided pursuant to this Agreement, the fees therefor, and any additional terms applicable thereto.

1.15 “Party” means Pinwheel or Customer individually, and “Parties” means Pinwheel and Customer collectively.

1.16 “Personal Information” means any data or information from which a specific individual may be identified, contacted or located or that qualifies as “personal data,” “personal information,” or “personally identifiable information” under any Law (defined in 4.3(a)) applicable to the Processing of such data or information pursuant to this Agreement.

1.17 “Pinwheel” means Underdog Technologies, Inc. dba Pinwheel.

1.18 “Privacy Policy” means a policy of Pinwheel describing Pinwheel’s access to and use of Personal Information to which a Consumer is required to agree in connection with the Services, as such policy is updated by Pinwheel from time to time. As of the date first set forth above, the Privacy Policy is available at https://www.pinwheelapi.com/terms-and-policies#privacyPolicy.

1.19 “Process” means any disclosure, use, processing or action with respect to Personal Information.

1.20 “Provided Information” means Consumer Credentials, Customer Provided Information, Consumer Data, and any other data and information provided or obtained by a party other than Pinwheel to or through the API or Service in connection with the operation or use of any Customer Solution.

1.21 “Services” means the API and all other products, services and solutions made available by Pinwheel to Customer from time to time as set forth in an Order.

1.22 “Subscription Term” means the subscription term for Services as set forth in the applicable Order.

1.23 “Terms of Use” means the terms of Pinwheel to which a Consumer is required to agree as a condition to accessing or using the Services as part of a Customer Solution; as such terms are updated by Pinwheel from time to time. As of the date first set forth above, the Terms of Use are available at https://www.pinwheelapi.com/terms-and-policies#termsOfUse.

1.24 “Territory” means the United States of America.

2. Services

2.1 License. Subject to the terms of this Agreement (including any additional limitations or restrictions set forth in the applicable Order and timely payment of all applicable fees), Pinwheel hereby grants to Customer a non-exclusive, non-transferable, non-sublicensable right during the applicable Subscription Term to: (a) allow Customer Users in the Territory to use the API Materials and access the API through use of an API Key, in each case solely as necessary to integrate the API into the Customer Solution; and (b) use the integrated API to enable the Customer Solution to communicate with Accounts of Consumers in the Territory.

2.2 Customer Account Credentials. Subject to the terms of this Agreement Pinwheel will issue “production” account credentials to Customer for Customer Users after the “Start Date” set forth in the applicable Order (“Customer Credentials”). Customer must cause all Customer Credentials to be maintained confidentially within Customer and to be used only by the individual to which the Customer Credential is registered by Pinwheel. Customer must cause Customer Credentials to be terminated if compromised or otherwise desired by Customer (e.g., an individual is no longer employed by Customer). Customer is solely responsible for all activities and use of the Services under any Customer Credential or by any individual to which a Customer Credential has been issued, including unauthorized access and use, in each case as if by Customer.


2.3 Service Providers. Customer acknowledges and agrees that Pinwheel may use service providers in connection with its provision of the Services.

2.4 Terms of Use; Privacy Policy. All Consumers will be required to agree to the applicable Terms of Use and Privacy Policy. Pinwheel has the right to update and modify all Terms of Use and Privacy Policies at any time in its sole discretion. If Pinwheel does so, then the Consumers will be required to agree to the updated Terms of Use and Privacy Policy.


2.5 Restrictions. All use of the Services, API Materials and Pinwheel Property other than in accordance with this Agreement is hereby prohibited. Without limiting the foregoing, Customer must not, and must not authorize or enable any party to: (a) reverse engineer, decompile, disassemble or otherwise attempt to discover the object code, source code or underlying ideas or algorithms of the Services (unless provided in the API Materials and except to the extent such restriction is prohibited by Law); (b) except as authorized in Section 2.1, modify, translate, or create any derivative works based on any element of the Services; (c) write or develop any portion of a competing product or service based upon or with reference to the Services or API Materials; (d) except as authorized in Section 2.1, rent, lease, distribute, sell, assign, or otherwise transfer any rights to use, access or install any Services or API Materials; (e) submit or transmit false or inaccurate, unlawful, harmful, or unauthorized Provided Information or other content to or using the Services; (f) use or enable use of the Services, the API Materials, or any Customer Solution that uses the API, for any Consumer or Account outside the Territory; (g) attempt to obscure, alter or remove any trademark or proprietary rights notices in or on the Services, or API Materials; (h) circumvent, disrupt or interfere with any authentication, security, or other aspect of the Services or any third party system that provides an Account, or disable, interfere with, or disrupt the performance of any aspect of the Services (including without limitation any security or license protection feature) or third-party data contained therein; (i) remove, modify, obscure or otherwise prevent Consumers from viewing or accessing the links to the Terms of Use and Privacy Policy and solicitation of Express Consent in the Customer Solution (and to the extent Customer has the ability to modify the API or Service, Customer must ensure that the applicable Terms of Use and Privacy Policy and solicitation of Express Consent are included in the Service or Customer Solution and agreed to by the Consumers); (j) attempt to probe, scan or test the vulnerability of the Services, breach the security or authentication measures of the Services or any payroll system without proper authorization or willfully render any part of the Services or any payroll system unusable; or (k) store or use API Keys in client-side software as further detailed in the API Materials.

2.6 Service Modifications. Pinwheel has the right to update, upgrade, and modify (including through additions, replacements, substitutions, removal and other changes to any functionality and features) the Services and API Materials at any time in its sole discretion, provided that no such modification during the Subscription Term will materially decrease the overall functionality of the applicable Service. Pinwheel will use commercially reasonable efforts to provide Customer with at least thirty (30) days’ advance notice of changes that break API functionality in the manner described in Pinwheel’s change management policy available on its website; but Pinwheel may be unable to provide such notice in exigent circumstances or for changes driven by factors external to Pinwheel. Updates and improvements may be subject to additional terms, conditions, and fees. In addition, Customer acknowledges that Consumers, not Pinwheel, have the applicable contractual relationship with the Account providers and that Pinwheel therefore cannot guarantee the continued availability of the Services, and may cease providing them with respect to any Consumer, if any such provider ceases to make its platform or an applicable Account available for interoperation with the corresponding Service features in a manner acceptable to Pinwheel.

2.7 Suspension of Services. Pinwheel’s standard practice is to provide notice of Service down time, if known in advance, unless Pinwheel believes in good faith there are exigent circumstances. Without limitation, Pinwheel has the right to suspend access and use of the Services and API Materials without notice if: (a) Pinwheel suspects fraud, misuse, illegality, or otherwise determines advisable to protect any Provided Information, Personal Information, the Services, or any party; (b) Pinwheel believes necessary avoid undue risk of liability or reputational harm; (c) Pinwheel has a good faith basis for believing there is a breach of this Agreement, Terms of Use or any Law; (d) Customer fails to pay any amounts due, except those subject to a good faith dispute, in accordance with the payment terms of this Agreement; (e) there is a threat or attack on any of Pinwheel’s or its service providers’ systems or services, or on the systems or services of an Account provider; (f) Pinwheel’s provision of the Services to Customer is prohibited by applicable Law, or (g) any vendor of Pinwheel has suspended or terminated Pinwheel’s access to or use of any third-party services, products, or technology reasonably required to enable Customers to access the Services. Pinwheel will promptly restore the Service once any of the above circumstance are, in Pinwheel’s discretion, resolved. Pinwheel will have no liability for any damage, liabilities, losses (including any loss of use, loss of data, lost profits, or any business interruptions), or any other consequences that Customer may incur as a result of such a service suspension.

2.8 Responsibility for Funds. Pinwheel does not transmit, transfer, or take possession of any funds. Rather, the Service is limited to enabling communications with Account providers of Consumers. To the extent the Service involves deposit, transfer or transmission of funds from an Account into the account of a Consumer via a Customer Solution, Customer (and not Pinwheel) is responsible for ensuring compliance with all applicable Laws, including those regarding the Customer Solution, the funds, and deposit and transmissions of funds (e.g., anti-money laundering, know your customer, and any federal, state and other Laws applicable to money transmitters or depository institutions).

3. Additional Customer Responsibilities.

3.1 Records. Customer will create and maintain records of all deposit, transfer, and payment instructions from Consumers and from Customer to Pinwheel, in a manner sufficient to resolve all disputes regarding such instructions. Customer will provide a copy of such records to Pinwheel upon request. Pinwheel is hereby authorized to disclose such records to Consumers, service providers, Account providers, and payors as reasonably necessary to resolve any disputes.

3.2 Accuracy and Completeness of Information. As between the Parties, Customer is responsible for the accuracy and completeness of all Customer Provided Information and must not alter the substance of any routing numbers or account numbers for Consumer bank accounts (or other financial institution accounts) or any other identifying information about a Consumer or other individual. Customer agrees that Pinwheel is, and Consumers, Account providers, and Pinwheel service providers are, entitled to rely on, and that Pinwheel is not obligated to confirm, any Customer Provided Information.

3.3 Customer Systems. Customer is solely responsible for obtaining, configuring, operating and maintaining, at its own cost and expense, all hardware, software, network connectivity, and other technology and services (collectively, “Customer Systems”) necessary or desirable for enabling and implementing the Customer Solution or using the Service or API Materials. Pinwheel will have no obligation or responsibility with respect to the Customer Systems, whether for security, performance, connectivity, or otherwise except as expressly set forth in this Agreement.

3.4 Responsibility for Affiliates. Subject to the terms of this Agreement, the Services may be used by and for the benefit of Customer affiliates, provided that Customer causes each affiliate to be bound by the terms of this Agreement in the same manner as Customer, including sufficient to enable Pinwheel to enforce the terms of this Agreement against the affiliate. Customer is responsible for all actions and inactions of affiliates, individuals using Customer Credentials, and actions performed with API Keys issued to Customer, as if by Customer.

4. Information Rights and Obligations

4.1 Customer Obligations.

  1. Customer must not use, and must not enable the Customer Solution to use, the Service to transmit or provide any Provided Information except as required to use the API in accordance with the API Materials.  With respect to Consumer Data provided to Customer in connection with the Bill Navigator Services, or generated thereof, Customer agrees (i) not to access, collect, store, retain, transfer, use, disclose, or otherwise process such data in any manner except as required to deliver and support the Bill Navigator Services on behalf of Consumers; and (ii) that all such data is owned exclusively by Pinwheel, as between Customer and Pinwheel.
  2. To the extent that Customer is providing Pinwheel with Customer Provided Information and/or processing Provided Information utilizing the Customer Solution, Customer will obtain all necessary consents and authorizations, and will provide all notices required for such activities, either by way of ensuring Customer’s own privacy policies address such activities or as otherwise desired by Customer. Customer hereby grants and will grant to Pinwheel the right to Process Customer Provided Information for the Customer Solution, including on behalf of Consumers. Customer is not required to otherwise obtain consents or authorizations, or provide notices, for other activities conducted pursuant to Pinwheel’s Privacy Policy.
  3. Customer must provide all disclosure, access, and communications regarding Processing of Personal Information in connection with the Customer Solution as required by Law.
  4. Customer acknowledges that Pinwheel may constitute a “data aggregator” for the purposes of 12 C.F.R. Part 1033. Customer agrees that Pinwheel may determine, in its sole discretion, that in order for Customer to obtain Consumer Data, Consumers must receive an authorization disclosure described in 12 C.F.R. § 1033.411(b)(5) (an “Open Banking Authorization”). Customer will act as an authorized third party and comply with the obligations of such persons set forth in 12 C.F.R. Part 1033 upon notice of such a determination regarding the foregoing and Pinwheel agrees to perform the authorization procedures described in 12 C.F.R. § 1033.401 on behalf of Customer, unless otherwise set forth in such notice.  Pinwheel and Customer agree not to use, share, or retain the Consumer Data obtained pursuant to an Open Banking Authorization, except as permitted by the Open Banking Authorization and 12 C.F.R. Part 1033.

4.2 Pinwheel Rights and Obligations.

  1. Pinwheel, through the applicable Terms of Use and Privacy Policy to be agreed by Consumers, will obtain Express Consent from Consumers as required under applicable Law for Pinwheel to communicate with Account providers through the Consumers’ respective Accounts. Pinwheel has no obligation to provide any of the Services in connection with which a Consumer refuses to provide Express Consent or revokes their Express Consent.
  2. Customer agrees that Pinwheel has the right to Process Provided Information and solicit Express Consent to use data pertaining to a consumer through the Customer Solution in accordance with its Privacy Policies and Terms of Use and Express Consent, and will have no responsibility for storing, or providing access to, any Provided Information, except in accordance with its Privacy Policy. Without limitation to Pinwheel’s rights under its Privacy Policies, Pinwheel is not a reseller of data and acknowledges that (i) each Consumer (and, to the extent applicable, Account provider) owns all right, title, and interest in and to its data included in the Consumer Data; and (ii) nothing in this Agreement grants Customer any rights in or to such data except for the limited right to use same as permitted by this Agreement and any consent from the Consumer as Customer may deem necessary.
  3. Customer acknowledges that Pinwheel has the right, but is not obligated, to access, archive, and monitor use of the Service and all Provided Information, including to operate, evaluate, maintain, develop, and improve the Service, API Materials, quality, and security, and to evaluate compliance with this Agreement and applicable Laws. Customer acknowledges that tools, scripts, software, cookies, utilities, and other technology may be used for such purpose, including with respect to the Customer Solution.
  4. Notwithstanding anything to the contrary set forth in this Agreement, Pinwheel reserves the right to access, preserve, and disclose any Provided Information as Pinwheel believes in good faith is necessary to (i) satisfy any applicable Law, legal process, or governmental or similar request; (ii) enforce this Agreement, including investigation of potential violations hereof; (iii) detect, prevent, or otherwise address fraud, security, legality, liability or technological or security issues; (iv) respond to support requests from Customer; or (v) protect the rights, property, or safety of Pinwheel, its contractors or their employees, Consumers, Account providers, or any other users or customers of Pinwheel’s services. Nothing in this Agreement will be construed to limit Pinwheel’s right to make information about an individual that is in the possession or control of Pinwheel available at any time to that individual.
  5. To the extent Pinwheel stores, processes, or transmits credit card holder data on behalf of the Customer, or to the extent Pinwheel could impact the security of Customer’s cardholder data environment, Pinwheel will maintain all applicable PCI DSS requirements.

4.3 Mutual Responsibilities.

  1. Subject to the following sentence, each Party will comply with all laws, regulations and orders (“Laws”) applicable to it in connection with its performance under or exercise of rights under this Agreement, including (to the extent applicable): (i) anti-bribery and recordkeeping laws, including the U.S. Foreign Corrupt Practices Act; and (ii) privacy Laws, including but not limited to the California Consumer Privacy Act. Notwithstanding anything to the contrary, with respect to operation of the Services, Pinwheel will comply with all Laws that are applicable to Pinwheel’s operation of the Services but will not have any liability for any provision of Customer Provided Information in violation of applicable Law or for Customer’s integration of the API into the Solution in a manner that violates applicable Law. Customer will comply with all Laws applicable to the Customer Solution and use of the Services, API Materials, and Provided Information.
  2. The Parties will comply with their respective obligations set forth in the Data Processing Addendum (the “DPA Addendum”), which is attached hereto as Exhibit A. The DPA Addendum is incorporated into and made part of the Agreement, and it will apply to the extent Pinwheel processes Customer Personal Information (as defined by the DPA Addendum) to provide the Services to Customer.

5. Fees and Payment Terms

5.1 Fees. Fees will be calculated in accordance with each applicable Order. Customer is responsible for all fees under this Agreement, even if incurred due to unauthorized use of the Customer Solution. All payments obligations are non-cancellable, and all fees paid are non-refundable and non-creditable.

5.2 Payment Terms. Pinwheel will invoice Customer for all fees incurred in a calendar month (and associated Taxes) following the end of the calendar month. Subject to Section 5.4, Customer will pay invoiced amounts no later than thirty (30) days after Pinwheel’s invoice by bank wire transfer in immediately available funds to Pinwheel’s bank account specified in its invoice or otherwise in writing. Unless expressly indicated to the contrary, all amounts set forth in each Order are in US dollars. Late payments will accrue interest at a rate of one and one-half percent (1.5%) per month.  Customer shall be responsible for any reasonable costs resulting from collection by Pinwheel of any such amounts, including, without limitation, reasonable attorneys’ fees, collections agency fees, and court costs.

5.3 Taxes. Fees invoiced by Pinwheel under this Agreement are exclusive of any taxes (including any sales, use, value-added withholding, and similar taxes), customs duties, or other government fees or charges (“Taxes”). Subject to the following sentence, Customer is responsible for all Taxes paid or payable, however designated or levied, based on amounts payable to Pinwheel hereunder or on any use or possession of any Service, Customer Solution, or API Materials under or in connection with this Agreement, and will indemnify Pinwheel for Customer’s non-payment thereof. Customer will not be responsible for United States federal or any state and local taxes based on Pinwheel’s net income.

5.4 Payment Disputes. If Customer reasonably and in good faith disputes any amount in an invoice, it will provide a written explanation of the dispute to Pinwheel before the due date of the payment and will timely pay any undisputed amounts set forth in the invoice. Payment of any amounts disputed in accordance with this Section 5.4 may be withheld pending resolution of the dispute.

6. Proprietary Rights

6.1 IP Ownership. Customer agrees that (a) all right, title, and interest in and to the Services and API Materials, including all related intellectual property rights (collectively “Pinwheel Property”), are owned by Pinwheel, its affiliates, and its licensors, and nothing herein will restrict Pinwheel from sharing, using or otherwise exploiting Pinwheel Property for any purpose or in any manner; and (b) no rights or licenses are granted by Pinwheel, including by implication or estoppel, except those expressly granted in Section 2.1.  Customer understands that it is not required to provide or suggest any modifications, improvements, extensions or other changes (“Feedback”) regarding the Services or API Materials. If any Feedback is provided, however, Pinwheel is hereby granted a non-exclusive, world-wide, irrevocable right to use, disclose and commercialize such Feedback, and related intellectual property rights, for any purpose without restriction.

6.2 Customer Solution. Subject to Pinwheel’s, its affiliates’, and its licensors’ ownership of all right, title and interest in and to the Pinwheel Property, as between the Parties, any materials or technology contributed to the Customer Solution by Customer are owned by Customer.

6.3 Reservation of Rights. All rights not expressly granted in this Agreement are reserved to the Party owning the applicable intellectual property, and no implied rights or licenses are granted.

6.4 Proprietary Rights Notices; Trademarks. Customer agrees that no proprietary rights notices on the Service or API Materials will be removed, modified, or obscured, and Customer will not use any trademark, service mark or logo of Pinwheel or of Pinwheel’s licensors, without Pinwheels prior written consent, in each instance. Similarly, Pinwheel agrees that no proprietary rights notices on materials provided by Customer to Pinwheel under this Agreement will be removed, modified, or obscured by Pinwheel without Customer’s prior written consent, in each instance.

7. Confidentiality

7.1 Definition. “Confidential Information” means any non-public, confidential, or proprietary information that is disclosed by one Party to the other Party, directly or indirectly, and that is either (a) clearly marked or designated as proprietary or confidential at the time of disclosure; or (b) disclosed in a manner or under circumstances that the information would reasonably be understood to be proprietary or confidential in nature, but in each case excluding information that is or becomes (i) generally publicly known other than due to a breach of this Agreement or Terms of Use; (ii) disclosed or provided to the receiving Party by a third party not under an obligation of confidentiality to the disclosing Party; or (iii) independently developed by the receiving Party without use of and without reference to such information of the disclosing Party. For clarity, (x) when Pinwheel is the disclosing Party, Confidential Information includes the API Materials and other information and materials disclosed by or on behalf of Pinwheel or the Services, subject in each case to the foregoing exclusions in (i) through (iii); and (y) Provided Information does not constitute Confidential Information of either Party.

7.2 Restriction on Use and Disclosures. A Party receiving Confidential Information (“Recipient”) from the other (the “Disclosing Party”) must not (and Customer must cause the Customer Users not to) use Confidential Information of the Disclosing Party except as reasonably necessary for purposes of exercising its rights and performing its obligations under this Agreement. Similarly, Recipient must not disclose (and Customer must cause the Customer Users not to disclose) any Confidential Information of the Disclosing Party except (a) as expressly authorized in this Agreement; (b) pursuant to a subpoena, Law or similar requirement, provided that Recipient will provide prompt written notice of such required disclosure to Disclosing Party before the disclosure; or (c) with respect to Pinwheel as the Recipient, as reasonably necessary to provide the API and Services, including to third party service providers and vendors that Pinwheel uses to provide the Services.

7.3 Confidentiality of Agreement. Each Party agrees that the terms, but not the existence, of this Agreement must be treated as Confidential Information of the other Party and that no disclosure of such terms will be made without the prior written consent of the other; except that each Party may disclose the terms of this Agreement (a) as permitted by Section 7.2; (b) to its legal counsel; (c) in connection with the requirements of a public offering or securities filing; (d) in confidence, to accountants, banks, and actual or potential financing sources and their advisors; (e) in confidence, in connection with the enforcement of this Agreement or rights under this Agreement; and (f) in confidence, in connection with a merger or acquisition, proposed merger or acquisition, or similar transaction.

8. Warranties and Disclaimers

8.1 Mutual. Each Party represents and warrants to the other that: (a) it is duly organized, validly existing, and in good standing as a corporation or other entity under the Laws of the jurisdiction of its incorporation or organization; (b) it has the corporate right, power, and authority to enter into and perform its obligations under this Agreement; (c) the execution of an Order by its representative whose signature is set forth on the Order has been duly authorized by all necessary corporate or organizational action of such Party; and (d) when an Order has be executed by each Party, this Agreement and each Order will constitute the legal, valid, and binding obligation of such Party, enforceable against such Party in accordance with its terms.

8.2 By Pinwheel. Pinwheel represents, warrants, and covenants to Customer that: (a) Services will be provided in a professional and workmanlike manner consistent with generally accepted professional standards; (b) Pinwheel has the experience, skill and ability as necessary to perform the Services under this Agreement; (c) the Services will conform in all material respects to the API Materials; (d) Pinwheel maintains physical, network, and data security measures designed to ensure (i) the confidentiality, integrity, and availability of Provided Information; and (ii) the security of systems used by Pinwheel to Process Provided Information to provide the Services to Customer that are consistent with the reasonable commercial practices of similarly situation companies; and (e) Pinwheel will not knowingly introduce into the API or Services any virus, malware or other harmful or malicious code.

8.3 By Customer.

  1. Customer represents, warrants, and covenants to Pinwheel that: (i) except as set forth in Section 4.2, Customer has received all registrations, consents, licenses, and other approvals necessary for Customer, Customer Users, and Consumers to use the Customer Solution and Services pursuant to this Agreement, including to upload, view and access all Provided Information, and to have Pinwheel and the Services Process Customer Provided Information for purposes of the Customer Solution, including Pinwheel making Customer Provided Information available to third parties for purposes of the Customer Solution; (ii) the Customer Solution and Services will be used solely in accordance with applicable Laws; (iii) all Processing of Provided Information by or on behalf of Customer on, by or through any Customer Solution or Service will be in accordance with applicable Laws; (iv) each Customer User and Consumer is duly authorized to use the Customer Solution, the Services, and Provided Information, as applicable; (v) Customer Users will use the Customer Solution, the Services, and any Provided Information in accordance with this Agreement, the API Materials, and applicable Laws; (vi) Customer will not access the API in any manner other than through the API Key; (viii) Customer will not provide any API Key to any third party; and (viii) Customer will use security best practices to protect API Keys including but not limited to neither storing nor using API Keys in client-side software as further detailed in the API Materials. Customer will notify Pinwheel in writing before or as soon as practicable after it knows or has reason to know of the occurrence of, any event which causes any change in the correctness of any of the foregoing.
  2. Customer further represents, warrants, and covenants to Pinwheel that (i) except to the extent Customer has obtained all required additional authorizations, use of each Account or Provided Information by or under authority of Customer in connection with this Agreement will be solely for the benefit of the Consumer that controls the respective Account or Provided Information; and (ii) Customer will not use any Consumer Data or Personal Information obtained by Customer or a Customer Solution in connection with this Agreement for purposes of making an eligibility determination, as defined by the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq.

8.4 Disclaimers. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN THIS AGREEMENT AND AS OTHERWISE REQUIRED BY LAW, THE SERVICES AND API MATERIALS ARE PROVIDED “AS IS,” “AS AVAILABLE,” AND WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTIES IMPLIED BY COURSE OF PERFORMANCE OR USAGE OF TRADE, ALL OF WHICH ARE HEREBY DISCLAIMED, INCLUDING ON BEHALF OF PINWHEEL, ITS AFFILIATES AND THEIR CONTRACTORS AND SERVICE PROVIDERS. NONE OF SUCH PARTIES MAKES ANY REPRESENTATIONS OR WARRANTIES THAT (a) THE SERVICES OR API MATERIALS WILL BE UNINTERRUPTED, ERROR FREE, ACCURATE, SECURE OR AVAILABLE AT ANY PARTICULAR TIME OR LOCATION; (b) ANY SYSTEMS, EQUIPMENT, CONNECTIVITY, OR INFORMATION AVAILABLE ON OR THROUGH THE SERVICES WILL REMAIN AVAILABLE, FREE FROM CORRUPTION AND WILL BE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS; OR (c) THE RESULTS OF USING THE SERVICES OR ANY CUSTOMER SOLUTIONS BASED UPON THE SERVICES, WILL MEET CUSTOMER’S OR ANY EMPLOYEE’S, EMPLOYER’S, ACCOUNT PROVIDER’S OR OTHER PARTY’S REQUIREMENTS. PINWHEEL WILL HAVE NO RESPONSIBILITY OR LIABILITY FOR ANY DESTRUCTION, DISCLOSURE OR LOSS OF PROVIDED INFORMATION, EXCEPT TO THE EXTENT A DATA BREACH OF PINWHEEL’S SOFTWARE THAT PINWHEEL USES TO PROVIDE THE SERVICES IS CAUSED BY PINWHEEL’S GROSS NEGLIGENCE OR A FAILURE OF PINWHEEL TO COMPLY WITH APPLICABLE LAW FOR PROTECTING PROVIDED INFORMATION, AND IN EACH CASE APPLICABLE LAW REQUIRES PINWHEEL TO PROVIDE A REMEDY FOR THE FAILURE DIRECTLY TO AFFECTED INDIVIDUALS. ALL USE OF THE SERVICES IS SOLELY AT CUSTOMER’S OWN RISK. EXCEPT TO THE EXTENT OTHERWISE REQUIRED BY APPLICABLE LAW, THE SOLE REMEDY OF CUSTOMER, AND THE EXCLUSIVE LIABILITY OF PINWHEEL, FOR ANY DOWNTIME, UNAVAILABILITY, DEFECTS OR OTHER ISSUES WITH THE SERVICES OR API MATERIALS WILL BE THAT CUSTOMER HAS THE RIGHT TO DISCONTINUE ALL USE OF THE SERVICES AT ANY TIME.

8.5 Consumer Data and Accounts. PINWHEEL MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING ANY ACCOUNT OR ANY CONSUMER DATA OR INFORMATION DERIVED THEREFROM, ITS ACCURACY, COMPLETENESS, OR CURRENTNESS. CUSTOMER’S RELIANCE ON ANY CONSUMER DATA OR INFORMATION DERIVED THEREFROM IS AT ITS OWN RISK. INFORMATION CONTAINED IN A CONSUMER’S ACCOUNT MAY DIFFER FROM THE CONSUMER DATA OBTAINED BY WAY OF THE SERVICE DUE TO DIFFERENT REPORTING METHODS, DELAYS, INTERRUPTIONS, AND OTHER FACTORS OUTSIDE OF PINWHEEL’S CONTROL AND MAY IMPACT THE CONSUMER DATA. CUSTOMER SHOULD NOT TAKE ANY ACTION BASED ON THE CONSUMER DATA OR INFORMATION DERIVED THEREFROM WITHOUT FIRST CONFIRMING ITS ACCURACY AND COMPLETENESS WITH THE APPLICABLE CONSUMER.

9. Indemnification

9.1 Indemnity by Pinwheel.

  1. Defense. Pinwheel will defend Customer and its officers, directors, and employees (the “Customer Indemnitees”) from any actual or threatened claim, action, suit, or proceeding (each, a “Claim”) brought by a third party against a Customer Indemnitee: (i) arising from Pinwheel’s fraud, gross negligence, or willful misconduct; or (ii) alleging that Services for which there is an active Subscription Term at the time of the Claim, in the form made available by Pinwheel, infringes or misappropriates any United States intellectual property right of a third party, except to the extent the Claim (x) is covered by Customer’s obligations under Section 9.2 or (y) arises from (A) modification of the Services by any party other than Pinwheel without Pinwheel’s express written consent to the particular modification or (B) the combination, operation or use of the API or other Services with any application, product, services, or technology where the API and Services alone would not infringe.
  2. Indemnity. Pinwheel will indemnify the Customer Indemnitees from and pay:  (i) all damages, costs, and attorneys’ fees that are finally awarded by a court of competent jurisdiction or arbitration body, or that are imposed by a governmental or other regulatory authority, against the Customer Indemnities in any Claim that is subject to defense under Section 9.1(a); (ii) all out-of-pocket costs (including actual, reasonable attorneys’ fees) reasonably incurred by the Customer Indemnities in connection any such Claim (provided that with respect to costs incurred in the defense of such Claim, Pinwheel’s obligations hereunder will not extend to any such costs (including attorneys’ fees) incurred without Pinwheel’s consent after Pinwheel has accepted defense of the applicable Claim); and (iii) all amounts that Pinwheel agrees to pay to any third party to settle any such Claim.

9.2 Indemnification by Customer.

  1. Defense. Customer will defend each of Pinwheel, its Affiliate, and their officers, directors, employees, contractors and service providers (the “Pinwheel Indemnitees”) from any actual or threatened Claim brought by a third party against a Pinwheel Indemnitee as a result of: (i) any conduct by the Customer, Customer Users or their agents that is fraudulent, negligent, illegal or involves misuse of the of the API, Services, Customer Provided Information, Consumer Data or API Materials; (ii) any failure of a Customer Solution, or use thereof, to comply with any Account Terms or any instructions of any Consumer; (iii) the Customer Solution (except to the extent the Claim is caused by an infringement of third party intellectual property rights for which Pinwheel is responsible under Section 9.1) or any designs, guidelines, plans or specifications provided or requested by Customer; (iv) Customer Provided Information (except to the extent the Claim is caused by Pinwheel’s use of the Customer Provided Information beyond that which is permitted under this Agreement or the applicable Privacy Policy); (v) any unauthorized access to or use of Customer Credentials or any actions or inactions of any Customer User; (vi) the removal, modification or obscuring of, or interference with a Consumer’s ability to view or access, links to the Terms of Use or Privacy Policy or solicitation of Express Consent in the Customer Solution (or to the extent Customer has the ability to modify the API or Service, failure to include the applicable Terms of Use or Privacy Policy in the Service or Customer Solution or solicitation of Express Consent);  (vii) Customer’s modification or use of the Bill Navigator Services in a manner not contemplated by this Agreement or the API Materials, or not approved by Pinwheel; (viii) Customer’s breach of Sections 4.1(b) or 4.3; or (ix) any representations, warranties or commitments made by or on behalf of Customer with regard to any Customer Solution, the API or Services beyond the commitments made by Pinwheel in this Agreement.
  2. Indemnity. Customer will indemnify the Pinwheel Indemnities from and pay: (i) all damages, costs, and attorneys’ fees that are finally awarded by a court of competent jurisdiction or arbitration body, or that are imposed by a governmental or other regulatory authority, against the Pinwheel Indemnities in any Claim that is subject to defense under Section 9.2(a); (ii) all out-of-pocket costs reasonably incurred by the Pinwheel Indemnities in connection any such Claim (provided that with respect to costs incurred in the defense of such Claim, Customer’s obligations hereunder will not extend to any such costs (including attorneys’ fees) incurred without Customer’s consent after Customer has accepted defense of the applicable Claim); and (iii) all amounts that Customer agrees to pay to any third party to settle any such Claim.

9.3 Procedure. A Party that intends to seek defense or indemnification with respect to a Claim pursuant to this Section 9 (the “Indemnitee”) will promptly notify the Party from which defense or indemnification is sought (the “Indemnitor”) in writing of the Claim, and the Indemnitor will have sole control of the defense and settlement thereof. The Indemnitee will have the right to participate in the defense and settlement of a Claim with counsel of its own choosing at its own expense. The failure to deliver written notice to the Indemnitor within a reasonable time after the assertion or commencement of any Claim, if prejudicial to its ability to defend or settle such Claim, will relieve the Indemnitor of any liability to the Indemnitee under this Section 9, but will not relieve the Indemnitor of any liability that it may have to any Indemnitee other than under this Section 9. The Indemnitee will cooperate fully with the Indemnitor and the Indemnitor’s legal representatives in the investigation, defense and settlement of any Claim covered by this Section 9, including by providing reasonable information upon request. Notwithstanding anything to the contrary, neither Party will be responsible for any cost, expense or settlement incurred by the other without its prior written consent, such consent not to be unreasonably withheld, delayed, or conditioned.

9.4 Infringement Remedy. If the Services, or operation or use thereof, has become, or in Pinwheel’s opinion is likely to become, in whole or in part, the subject of any claim of infringement, Pinwheel may at its option and expense (a) procure for Customer the right to continue using and receiving the applicable Services; (b) replace or modify the applicable Services to make it non-infringing; or (c) terminate this Agreement or the applicable Order(s) and all use of the applicable Services upon notice to Customer. This Section 9 states Customer’s exclusive remedy, and Pinwheel’s sole liability and obligation, for any claim of any nature related to infringement or misappropriation of intellectual property, including if this Agreement is so terminated by Pinwheel.

10. Limitation of Liability

10.1 Disclaimer of Non-Direct Damages. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED IN THIS AGREEMENT, EXCEPT FOR CLAIMS BASED ON A PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, BREACH OF SECTIONS 5 OR 7, OR UNAUTHORIZED USE OF INTELLECTUAL PROPERTY, UNDER NO CIRCUMSTANCES WILL EITHER PARTY, ITS AFFILIATES, OR ANY OF THEIR OFFICERS, DIRECTORS, EMPLOYEES, CONTRACTORS, OR SERVICE PROVIDERS, HAVE ANY LIABILITY OR RESPONSIBILITY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF GOODWILL, LOST PROFITS OR REVENUE, LOST SALES OR BUSINESS, REGARDLESS OF THE THEORY OF LIABILITY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, AND EVEN IF EITHER PARTY HAS BEEN ADVISED OR KNEW OF THE POSSIBILITY OF SUCH DAMAGES.

10.2 Cap on Liability. EXCEPT FOR CLAIMS BASED ON A PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, BREACH OF SECTIONS 5 OR 7, OR INDEMNIFICATION OBLIGATIONS UNDER THIS AGREEMENT, UNDER NO CIRCUMSTANCES WILL THE TOTAL AGGREGATE LIABILITY OF EITHER PARTY, ITS AFFILIATES, AND THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, CONTRACTORS, AND SERVICE PROVIDERS FOR ANY AND ALL CLAIMS ARISING OUT OF OR RELATED TO THIS AGREEMENT (INCLUDING BUT NOT LIMITED TO WARRANTY CLAIMS), REGARDLESS OF THE FORUM AND REGARDLESS OF WHETHER ANY ACTION OR CLAIM IS BASED ON CONTRACT, TORT, STRICT LIABILITY, OR OTHER LEGAL OR EQUITABLE THEORY, EXCEED THE AMOUNTS PAID BY CUSTOMER TO PINWHEEL UNDER THE APPLICABLE ORDER GIVING RISE TO THE CLAIM DURING THE TWELVE (12) MONTHS PRECEDING THE EVENT FIRST GIVING RISE TO THE CLAIM. CUSTOMER AGREES THAT ANY CLAIM OR CAUSE OF ACTION ARISING IN CONNECTION WITH THIS AGREEMENT, THE API, OTHER SERVICES OR API MATERIALS MUST BE BROUGHT WITHIN ONE (1) YEAR AFTER SUCH CLAIM OR CAUSE OF ACTION ARISES OR WILL BE BARRED.

10.3 Additional Disclaimers. NOTWITHSTANDING ANYTHING TO THE CONTRARY, UNDER NO CIRCUMSTANCES WILL PINWHEEL HAVE ANY RESPONSIBILITY OR LIABILITY (a) AS A RESULT OF ANY ACCESS TO OR USE OF ANY ACCOUNT USING COMPROMISED, FAKE, OR OTHERWISE INVALID CREDENTIALS, EXCEPT FOR SUCH ACCESS OR USE THAT IS THE DIRECT RESULT OF PINWHEEL’S BREACH OF THIS AGREEMENT, GROSS NEGLIGENCE OR WILLFUL MISCONDUCT; (b) AS A RESULT OF ANY ENTRY OR TRANSMISSION TO THE SERVICES OF ANY INCORRECT ACCOUNT NUMBER, ROUTING NUMBER, MONETARY AMOUNT, OR THE LIKE; (c) TO PROVIDE ANY PAYMENT OR OTHER REMEDY FOR ANY PAYMENTS OR DEPOSITS; OR (d) FOR LOST OR INACCURATE INFORMATION OR DATA, IN EACH CASE IF RESULTING IN WHOLE OR IN PART FROM FAULT OR OTHER FACTORS ATTRIBUTABLE TO A PARTY OTHER THAN PINWHEEL.

10.4 Independent Allocations of Risk. EACH PROVISION OF THIS AGREEMENT THAT PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES, OR EXCLUSION OF DAMAGES IS TO ALLOCATE THE RISKS OF THIS AGREEMENT BETWEEN THE PARTIES. THIS ALLOCATION IS REFLECTED IN THE PRICING OFFERED BY PINWHEEL TO CUSTOMER AND IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. EACH OF THESE PROVISIONS IS SEVERABLE AND INDEPENDENT OF ALL OTHER PROVISIONS OF THIS AGREEMENT. THE LIMITATIONS IN THIS SECTION 10 WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY IN THIS AGREEMENT.

11. Termination

11.1 Term. This Agreement will commence on the earliest “Start Date” set forth in an Order and, unless terminated earlier in accordance with this Agreement, will continue until all Orders have expired or been terminated. The term of each Order will begin on the “Start Date” set forth therein and continue, unless otherwise terminated in accordance with this Agreement, until the end of the last-to-expire Subscription Term of such Order.

11.2 Termination. Each Party has the right to terminate this Agreement or any Order at any time by providing notice of termination to the other Party if such other Party has materially breached any provision of this Agreement or such Order and the breach has not been cured within thirty (30) days after notice to the breaching Party.

11.3 Effect of Termination/Expiration.

  1. Confidential Information. Each Party will, to the extent reasonably practicable, delete or destroy all materials and media containing Confidential Information of the other Party within thirty (30) days after any termination or expiration of this Agreement; except that each Party may retain such Confidential Information to the extent contained in archived business records kept in the ordinary course and may retain other copies solely for record-keeping purposes or as necessary to comply with Law; provided that such Party will ensure that no retained Confidential Information is used or disclosed in any manner.
  2. Provided Information. Pinwheel has the right to retain Provided Information after termination or expiration of this Agreement, subject to its obligations under applicable Law, the terms of this Agreement and the applicable Privacy Policy. Except as required by applicable Law, Pinwheel has no obligation to retain or provide any access to or copies of any Provided Information, API Materials or Services after any termination or expiration of this Agreement.
  3. Survival. Upon any termination or expiration of this Agreement (i) all outstanding Orders and all of Customer’s (and Customer Users’) rights to access and use the Services and API Materials will automatically terminate, and Customer will cause all access and use to immediately cease; and (ii) all terms of this Agreement will terminate and have no further force or effect, except that Sections 2.2, 2.4, 3.1, 3.4, 4.1(b), 4.1(c), 4.2, 5, 6, 7, 8.3(b), 8.4, 8.5, 9, 10, 11.3 and 12 of this Agreement will survive any expiration or termination.

12. General

12.1 Relationship of the Parties. No agency, partnership, joint venture, or employment relationship is created as a result of this Agreement, and neither Party has any authority to bind the other in any respect. There are no third-party beneficiaries to this Agreement or any Terms of Use.

12.2 Press Releases. Pinwheel has the right to issue reasonable and accurate press releases reflecting that the Parties have entered into this Agreement, provided that Pinwheel will give Customer an opportunity to review and comment on any press release in advance if it mentions Customer by name. Customer will provide any comments to Pinwheel within ten (10) business days of Pinwheel’s request, and Customer will be deemed to not have comments except to the extent the comments have been received by Pinwheel during such period. Pinwheel also has the right to include Customer’s name in Pinwheel’s customer lists, including on Pinwheel’s web site.

12.3 Insurance. Customer will provide and maintain in effect general liability and products liability insurance policies issued by companies with a rating of A-/VII or better in the current Best’s Insurance Reports published by A. M. Best Company, Inc. or equivalent, naming Pinwheel as an “additional insured” and having minimum limits of coverage acceptable to Pinwheel. Certificates of Insurance will be furnished to Pinwheel by Customer prior to any distribution or marketing of any Customer Solution and thirty (30) days prior to each policy renewal. The policies will be endorsed to stipulate that Customer’s insurance will be primary to and noncontributory with any and all other insurance maintained or otherwise afforded to Pinwheel. Customer and its respective insurers waive all rights of recovery or subrogation against Pinwheel and its insurers except as prohibited by Law. These requirements do not limit any liability of Customer.

12.4 Notices. Any notice required or permitted under this Agreement or by Law will be delivered by (as elected by the Party giving notice): (a) hand; (b) postage-prepaid first-class, registered or certified mail, return receipt requested; (c) a prepaid, nationally recognized, courier service; or (d) facsimile or electronic mail, but only if subsequently confirmed by a duplicate delivered by one of options (a), (b), or (c). All notices will be deemed delivered on the date of receipt (or if delivery fails due to some failure by the recipient, the date of tender). Notices to each Party will be directed to the address (i) set forth in the Order, in the case of Customer, and (ii) set forth below, in the case of Pinwheel. Either Party may change its address for notice by providing written notice to the other Party. Notices to Pinwheel must also be sent to legal@pinwheelapi.com.

12.5 Force Majeure. Pinwheel will not be responsible for, or be considered in breach under this Agreement due to, any delays or failure of performance resulting from acts or causes beyond its reasonable control, including acts of God, acts of war, acts of terror, civil unrest, strikes or other labor problems, unforeseen epidemics or pandemics, power failures, floods, earthquakes, other natural disasters, denial-of-service attacks, networking and communication infrastructure and services failures, terrorism, war, cyber-attacks (e.g. denial of service), failure of vendors, contractors or service providers, inability to access Accounts, any change in or the adoption of any Law, judgment or decree, or other similar events.

12.6 Entire Agreement. This Agreement, together with all Orders (which are incorporated by reference into this Agreement), the Privacy Policies and Terms of Use, constitute the entire agreement and understanding between the Parties with respect to the Services and related subject matter and supersede all prior and contemporaneous agreements (whether written or oral) with respect thereto. No oral or written information or advice given by either Party, its agents or employees will create or expand any warranty by such Party. No terms or conditions of any purchase order, or other document issued by Customer, will apply in connection with the Services, or have any force or effect, whether or not such purchase order or document appears to have been accepted by Pinwheel, unless mutually agreed upon in writing by both Parties. In the event of a conflict between the terms set forth in the body of this Agreement and an Order, the terms set forth in the body of this Agreement will control unless the Order states that a specific provision of this Agreement will be superseded by a specific provision of the Order.

12.7 Waiver; Changes to Agreement. No waiver of any right, obligation, or remedy arising under this Agreement will be effective unless in writing signed by both Parties. Failure to enforce any provision of this Agreement will not constitute a waiver. Pinwheel may modify this Agreement on a go-forward basis at any time. If a modification is made to this Agreement, an updated version of this Agreement will be posted to Pinwheel’s website (which, notwithstanding Section 12.4, shall serve as adequate notice).  By continuing to access or use the Services or API Materials after Pinwheel posts such modification(s), Customer accepts and agrees to the Agreement as revised by such modification(s). Modifications are effective upon publication.  If there are any material modifications made to this Agreement that materially impact the Customer and are not made for the purpose of complying with Laws, Customer may, as a sole and exclusive remedy, terminate this Agreement or the applicable Order(s). Except as expressly permitted in this Section 12.7, this Agreement may be amended only by a written agreement signed by authorized representatives of the Parties. Disputes arising under this Agreement will be resolved in accordance with the version of this Agreement that was in effect at the time the dispute arose.

12.8 Severability. If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable.

12.9 Governing Law; Jurisdiction. This Agreement, and all disputes arising out of or relating to this Agreement, will be governed by the laws of the State of New York without regard to the conflict of law principles of any jurisdiction. The Parties hereby exclude the application of the UN Convention on the Sale of Goods or any another similar conventions or treaties to this Agreement or the activities hereunder. Each Party irrevocably submits to the exclusive jurisdiction and venue of the state and federal courts having within their jurisdiction New York County, New York, and agrees that service on it at its notice address will constitute valid service for any proceeding in any courts of that jurisdiction. THE PARTIES IRREVOCABLY AND UNCONDITIONALLY WAIVE THEIR RESPECTIVE RIGHTS TO A JURY TRIAL FOR ANY CLAIM OR CAUSE OF ACTION BASED UPON OR ARISING OUT OF THIS AGREEMENT OR THE SERVICES.

12.10 Assignment. This Agreement may not be assigned or transferred in whole or in part by either Party except with the other Party’s prior written consent, except that either Party may assign or transfer this Agreement to any affiliate and otherwise in connection with a sale or transfer of all or substantially all of such Party’s business or assets to which this Agreement relates, whether by sale of stock or assets, merger, operation of the law, or otherwise, in each case without the other Party’s consent. Any attempted assignment or transfer in violation of the foregoing will be void.

12.11 Construction. The words “include” and “including” when used in this Agreement are not exclusive and mean “include, without limitation” and “including, without limitation,” respectively. This Agreement will be interpreted without regard to which Party drafted this Agreement or any part hereof and without any strict construction against either Party.

Pinwheel Contact Information:

Underdog Technologies, Inc. dba Pinwheel
335 Madison Ave, Floor 16
New York NY 10017
Email: legal@pinwheelapi.com

Exhibit A
Data Processing Addendum

Pinwheel and Customer, in furtherance of obligations under the DPA and its implementing regulations, hereby adopt this Data Processing Addendum (“DPA Addendum”). This DPA Addendum prevails over any conflicting terms of the Agreement.

1. Definitions.  For the purposes of this DPA Addendum:

1.1 “Data Privacy Act” or “DPA” means the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (California Civil Code §§ 1798.100 to 1798.199) and its implementing regulations, as well as and other similar state consumer privacy laws that apply to the processing of Customer Personal Information.

1.2 “Business,” “Consumer,” “Personal Information,” “Processing,” “Process,” “Processed,” “Sale,” “Selling,” “Service Provider,” “Share,” “Shared,” and “Sharing” have the meaning defined in the DPA.

1.3 “Customer Personal Information” means Personal Information provided by Customer to, or which is collected on behalf of Customer by, Pinwheel to provide services to Customer pursuant to the Agreement.

2. Scope, Roles, and Termination.

2.1 Applicability.  This DPA Addendum applies only to Pinwheel’s Processing of Customer Personal Information for so long as Pinwheel processes Personal Information on behalf of Customer.

2.2 Roles of the Parties.  For the purposes of the Agreement and this DPA Addendum, Customer is the Party responsible for determining the purposes and means of Processing Customer Personal Information as the Business and appoints Pinwheel as a Service Provider to process Customer Personal Information on behalf of Customer for the limited and specific purposes of providing the Services specified in the Agreement.

3. Compliance.

3.1 Compliance with Obligations. In addition to the representations and warranties set forth in the Agreement, Pinwheel further represents and warrants that Pinwheel, its employees, agents, subcontractors, and sub-processors (a) shall comply with the obligations of the DPA, (b) shall provide the level of privacy protection required by the DPA, and (c) shall provide Customer with all reasonably-requested assistance to enable Customer to fulfill its own obligations under the DPA.

3.2 Compliance Assurance. Customer has the right to take reasonable and appropriate steps to ensure that Pinwheel uses Customer Personal Information consistent with Customer’s obligations under applicable DPA.

3.3 Compliance Remediation. Pinwheel shall promptly notify Customer if it determines that it can no longer meet its obligations under applicable DPA. Upon receiving notice from Pinwheel in accordance with this subsection, Customer may direct Pinwheel to take reasonable and appropriate steps to stop and remediate unauthorized use of Customer Personal Information.

3.4 Security. The Parties shall implement and maintain no less than commercially reasonable security procedures and practices, appropriate to the nature of the information, to protect Customer Personal Information from unauthorized access, destruction, use, modification, or disclosure.

4. Restrictions on Processing.

4.1 Limitations on Processing. Pinwheel will Process Customer Personal Information solely as instructed in the Agreement and this DPA Addendum. Except as expressly permitted by the DPA, Pinwheel is prohibited from (i) Selling or Sharing Customer Personal Information, (ii) retaining, using, or disclosing Customer Personal Information for any purpose other than for the specific purpose of performing the services specified in the Agreement,  (iii) retaining, using, or disclosing Customer Personal Information outside of the direct business relationship between the Parties, and (iv) combining Customer Personal Information with Personal Information obtained from, or on behalf of, sources other than Customer.

4.2 Subcontractors; Sub-processors. Pinwheel’s current subcontractors and sub-processors are available on Pinwheel’s website (currently posted at https://www.pinwheelapi.com/company/subprocessors). Pinwheel shall notify Customer of any intended changes concerning the addition or replacement of subcontractors or sub-processors.

5. Consumer Rights.

5.1 Pinwheel shall provide commercially reasonable assistance to Customer for the fulfillment of Customer’s obligations to respond to DPA-related Consumer rights requests regarding Customer Personal Information.

5.2 Where applicable, Pinwheel shall enable Customer to comply with any Consumer request made pursuant to the DPA. Alternatively, Customer shall inform Pinwheel of any Consumer request made pursuant to the DPA that they must comply with and Customer shall provide Pinwheel with the information necessary for Pinwheel to comply with the request.

6. Sale of Data.

6.1 The Parties acknowledge and agree that the exchange of Personal Information between the Parties does not form part of any monetary or other valuable consideration exchanged between the Parties with respect to the Agreement or this DPA Addendum.

7. Deidentified Information.

In the event that either Party discloses or makes available Deidentified Information to the other Party, the receiving Party shall: (i) take reasonable measures to ensure that the information cannot be associated with a Consumer or household; (ii) publicly commit to maintain and use such information in deidentified form and not to attempt to reidentify the information, except as permitted by CPRA; and (iii) contractually obligate any recipients of the information to comply with all provisions of this paragraph.

8. Exemptions.

Notwithstanding any provision to the contrary in the Agreement or this DPA Addendum, the terms of this DPA Addendum will not apply to Pinwheel’s Processing of Customer Personal Information that is exempt from the DPA.

9. Changes to the DPA.

The Parties agree to cooperate in good faith to enter into additional terms to address any modifications, amendments, or updates to the DPA.