DreamStart Labs: Keeping Your Data Safe and Secure

DreamStart Labs Data Privacy Policy

DreamStart Labs Commits to Protecting Your Privacy

DreamStart Labs, Inc. (the “Company”, “We”, “Our”) is committed to protecting the privacy of our users (“you”) and being a proactive advocate for consumer protection. Our data privacy policy is based on the European Union’s General Data Protection Regulation (GDPR1) standard – widely considered to be the most pro-consumer data privacy legislation in the world.

Four Key Commitments


We believe the most important measure of consumer protection is also the simplest – asking ourselves how we would want to be treated as customers. With this overall philosophy in mind, our data privacy policy is based on four simple commitments to our users:
  1. We will never disclose, share, or sell your data. Your data belongs to you. We will never share it without your explicit consent.
  2. We will keep your data secure at all times. We will use the highest industry-standard security technology to protect your data while it is stored on your phone, in transmission over the internet, and on our servers.
  3. Your data will always be available to you. You will always be able to access your personal data, even if you stop using our products. We will never charge you to access your own information.
  4. We will remove your data from our systems anytime you want If you decide to stop using our products and no longer want your historical information to be saved by us, we will immediately remove it from our servers.
Your Data Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have rights to access, correct, delete, and port your data, restrict and object to certain processing of your data, and withdraw consent. You can exercise these rights by contacting us directly at the contact information provided.

Your Data Rights under the California Consumer Privacy Act

Under the California Consumer Privacy Act, California residents may have the right to disclosure, deletion, access and nondiscrimination, as well as the right to opt out of having personal information shared or sold. You can exercise these rights by contacting us directly at the contact information provided.

Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: DreamStart Labs, Inc. 2907 Shelter Island Dr., Suite 105 San Diego, CA 92106, USA 

How We Collect Data

We collect information from our users in two ways:
  1. Directly when you provide it to us. When you create an account in our products, you enter personal information such as your name, phone number, and passcode. This information is used to complete your user profile, send you personalized transaction summaries, and allow you to securely log in and access your private information.
  2. Automatically as you use our products. When you use our products, we also collect information automatically to personalize your user experience and help us support you proactively when you have questions or problems. This data is kept secure at all times and is never disclosed to third parties. The following information may be collected automatically through the normal usage of our products. 
  • Usage Information: As you use our products, we may collect details such as network data, time stamps, and usage logs to better understand and support your experience.


  • Device Information: We may collect information about your mobile device and internet connection, including the phone’s unique device identifier, IP address, operating system, browser type, mobile network information, and telephone number.


  • Location Information: We may collect information about the location of your device when it connects to the internet.


  • Stored Information: We may access metadata and other information stored on your phone such as device settings to ensure we support your personal preferences.

How We Use Your Data

We use the information we collect in our products in several ways:


  • Help you use the product for its primary purpose.


  • Personalize your experience by storing helpful information about your preferences.


  • Provide personalized support when you have questions or problems.


  • Notify you when updates are available.


  • Improve our products by better understanding how people are using them.

We do not use automated decision-making or profiling that has legal or similarly significant effects using your personal data. If we decide to use such processes in the future, we will update this policy and inform you of the logic involved, as well as the significance and expected consequences of such processing.


Data Security and Loss Prevention


Our solutions incorporate a wide range of best-in-class security and data protection measures designed to secure your personal information from unauthorized access, alteration, disclosure, and data loss. All information you provide to us is encrypted and protected behind multiple layers of security. Your data is also protected from data loss and data corruption by industry-standard technologies and  processes. Additional details about our secure-by-design approach are available in our DreamSave Security Principles document.

Our users also play a key role in the security of their own personal information. We encourage users to avoid passcodes that are easy to guess, and to keep their passcodes confidential at all times. Sharing passcodes with others can lead to compromised data. 

While we do our best to protect your personal information using industry-standard security technology and processes, we cannot guarantee the security of your personal information and are not responsible for the circumvention of any privacy settings or security measures we provide.

In the unlikely event of a data breach, we will notify you and any applicable regulator of a breach where we are legally required to do so, within 72 hours, providing details of the breach, the likely consequences, and the measures being taken to mitigate any adverse effects.

Sharing General and Aggregate Data

When DreamSave groups enter the Partner ID and agree to allow the partner to view their records, that Partner and its affiliates will be able to view aggregated information about the group through the DreamSave Insights dashboard for monitoring and evaluation purposes. Partners with registered groups and accounts on the Insights dashboard will only have permission to view specific types of information about your group based on the consent given during the creation of your DreamSave account. Such information includes group transactions, saving and loan history, gender, age, education profile, as well as activity levels. 


No person or organization will ever be able to access or view user data through DreamSave Insights unless they are an official partner or affiliate of DreamStart Labs with a verified account. Each Insights user account will only be able to view data for the groups they support within a given partner project/program and country. 


We engage with various third-party service providers to perform certain processing activities on our behalf. These providers include cloud hosting services, customer support services, and analytics tools. All third-party service providers are contractually obligated to protect your data as stipulated by this privacy policy and are only permitted to process your personal data for specified purposes and in accordance with our instructions.

Your personal data may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Aggregated data shared with partners and/or their affiliates will never identify, reveal, or expose the private information of any individual user or group of users in any way without their explicit consent. 


Lastly, as a thought leader in our industry, we may at times also share broad general trends and insights based on aggregate data from our systems, in the public domain in the form of blogs or news articles.  Such data will never identify, reveal, or expose the private information of any individual user. 



Accessing, Correcting, or Deleting Your Personal Data


You are welcome to review and change your personal information at any time by logging in and visiting your personal profile page. You can remove any personal information that you have provided to us at any time, including deleting your user account if desired. Please note that to ensure the data integrity and accuracy of group account financial records, the history of your previous individual transactions will remain viewable in the historical records of savings groups that you were a member of until the end of the current cycle. Your account information and profile will be removed from all future cycles conducted by your savings group. Groups and members may request for their DreamSave account to be deleted. Please see the detailed steps and implications in the “Data Deletion” section below.

If you have given consent to the processing of your data, you can freely withdraw such consent at any time by unticking your agreement to the DreamSave End User License Agreement in your member profile in DreamSave. Once this action is taken, you will be required to remove yourself as a member of a group on DreamSave and delete your personal account with us.  These steps ensure that you are “forgotten” in our system and we no longer process your information for the purpose(s) you originally agreed to.

Data Deletion


DreamStart Labs aims to only retain data necessary to support the effective use of the DreamSave app and to tailor user experiences or assistance required from our support team. The need to retain data varies widely with the type of data and the purpose for which it was collected. DreamStart Labs strives to ensure that data is only retained for the period necessary to fulfill the purpose for which it was collected and is deleted from our records when no longer required for their intended purpose.

The type of data we consider necessary to retain, and eventually delete, includes all data collected by the DreamSave app and is stored on DreamStart Labs owned or leased systems and media, regardless of location. This applies to data directly collected from users when provided to us via the DreamSave app (such as user name, phone number, and encrypted passcode), as well as data shared automatically with us when using the app (such as usage, device, location, and stored information). 

Account data retained and duration: User account data linked to particular projects run by our partners will be retained for the lifetime of those projects by default. Once projects expire, DreamStart labs will retain both user-inputted and automatically-generated user data from the DreamSave app for as long as a group or individual account is actively used, or if the data continues to be deemed necessary by our partners for reporting, monitoring, and evaluation purposes.  


Account data validation: Data validation will be performed by DreamStart Labs Customer Success (CS) Representatives with our partners at least once every month and at the end of their respective projects with saving group cohorts. If a Partner directly requests for groups to be disabled from the Partner’s Insights account, DreamStart Labs can disable the groups so that they do not show on a Partner’s Insights account. Disabling means groups will not show up on the Partner’s Insights account or other other platforms but it does not mean the group account is deleted

Account data deletion: DreamStart Labs intends to uphold each account deletion request for data privacy and minimization purposes while also maintaining the integrity and correctness of the financial history recorded for each savings group. For this reason, all personal and financial information related to a deleted account is permanently deleted from internal systems accessible by end users and external partners of DreamSave Platform. Information stored within our backup system is only retained for security purposes and to preserve the functioning of financial calculations applied within the DreamSave app. This data is not accessed by DreamStart Labs for any reason, including account restoration processes. 


There are two ways user accounts may be deleted:

  1. User-Requested Account Deletion: Savings groups who wish to permanently delete their group account information from our systems can do so by choosing the “Delete Group Account” option under the account setup tab. This process will require two of the group's elected officers and one other member to enter their respective passcodes on the DreamSave app to authorize the account deletion. An SMS will be sent out to alert members of group account deletions. Individual members with personal accounts can also request for their data to be permanently deleted by clicking on the “Delete My Account” button at the bottom of the account dashboard screen from their Personal Login.
    1. Groups or individual users are able to request the restoration of their accounts and data via the DreamSave app in one of two ways: within 30 days of the account being deleted. Account restoration requests can either be made by clicking on the “Restore Deleted Account” button on the homepage, or by requesting a group account be restored when prompted by the app when trying to log into a group account.
    2. If 30 days have lapsed since an initial account deletion request was made and no reactivation request has been received and a saving group’s cycle has come to an end and share-out has taken place, the account will be deleted immediately.
  2. Automatic Deletion due to Dormancy: If group accounts are found dormant after 6 months or more since being registered on DreamSave (no meeting recorded or data synced online) and those account owners have failed to reactivate their dormant account within 30 days, DreamStart Labs will permanently delete the account.
    1. User accounts are automatically flagged as dormant and temporarily deleted if not a single meeting has been synced or recorded on our system in over 6 months since registering the account.
    2. CS representatives confirm the intentional inactivity of accounts and permission for account deletion by 1) ensuring that no technical issues are preventing active use of the DreamSave app, and 2) groups fail to request reactivation of their accounts within 30 days of it being deleted. CS Representatives confirm account activity through monthly engagements between CS representatives and partners to discuss partner data and group validation.
    3. The account will be permanently deleted if: 1) 30 days have lapsed without a request for an account to be restored2, and 2) if a saving group’s cycle has come to an end and shareout has taken place, and 3) dormant accounts remain deleted after 30 days.
    4. Additionally, the DreamStart Labs engineering team conducts annual reviews to ensure the effective operation of automated data destruction protocols and alerts if preconditions mentioned above are met.

Data Storage & Retention

 
Electronic data is stored and retained in multiple servers on Google Cloud Platform and maintained by DreamStart Labs Engineering team. The DreamSave Platform stores data in three different ways for different use cases: 
  1. EventStore: This immutable storage, backed by MongoDB, directly receives data from DreamSave Mobile Applications. The immutable nature of EventStore ensures that data remains complete, secure, and auditable.
  2. Read Model: This normalized data model, backed by PostgreSQL, processes and stores events from the EventStore in optimized forms. It allows for faster retrieval for both internal and external users. However, upon receiving a user's group/account deletion request, the data is promptly removed from this storage, ensuring that no external user has access to the deleted data.
  3. Computed Data Read Model: DreamSave Insights, the analytics dashboard, showcases advanced analytics and user behaviors. Data from the EventStore undergoes advanced computations to calculate metrics and behaviors, stored in this MongoDB-backed storage.   
The following steps will be taken to validate the retention of user data:
  1. Group and individual user accounts will be monitored on a monthly basis by CS representatives to evaluate account activity and backup status
  2. CS representatives will engage with relevant users and partners to address any technical issues that may limit account activity
  3. CS representatives will affirm the retention of inactive group and user account data with partners on a monthly basis, and at the end of partner projects. 
  4. Data from user accounts will be retained if users request the reactivation of their accounts within 30 days of their deletion. 

Data duplication 

DreamStart Labs aims to avoid duplication in data storage whenever possible. However, there may be instances in which, for programmatic or other business reasons, it is necessary for data to be held in more than one place. This policy applies to all data in DreamStart Lab’s possession, including duplicate copies of data. 

The DreamStart Labs engineering team is responsible for the technical retention and maintenance of stored data, as well as its deletion. DreamStart Labs is responsible for account validation and authorizing the process for account deactivation and deletion. 


The DreamStart Labs Product Manager, Michaella Allen (michaella@dreamstartlabs.com), should be notified if a problem with retention and destruction activities is identified.


Children Under the Age of 13



Our products are not intended for children under 13 years of age, and we do not knowingly collect personal information from any child under 13. If we learn we have inadvertently collected or received personal information from an underage child without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at info@dreamstartlabs.com  or DreamStart Labs, Inc., 2907 Shelter Island Dr, Suite 105, San Diego, CA 92106.



In full accordance with the above guidelines and policies, please note that we also reserve the legal right to disclose data in the following specifically defined circumstances:


  • When required by law to comply with a court order or legal process.


  • If disclosure is necessary or appropriate to protect the legal rights, property, or safety of our customers, stakeholders, or other key parties, including fraud protection and credit risk reduction.


  • To enforce legal rights arising from any contracts or license agreements entered into between DreamStart Labs and our users.


  • Note that third-party service providers under contract with DreamStart Labs may at times need access to our systems to support our business. These entities are bound by strict contractual obligations to support our data privacy policy, to keep personal information confidential, and to use it only for the purposes for which we engage them in the full support of our users.


Changes to Our Privacy Policy


We may update our privacy policy from time to time. If we make material changes to how we treat our users’ personal information, we will post the new privacy policy on this page with a notice that the privacy policy has been updated. We will also include a direct link to this page from within the user interface of all relevant products.



Contact Information


To ask questions or comment about this privacy policy and our privacy

practices, contact us at: info@dreamstartlabs.com



DreamStart Labs, Inc.

2907 Shelter Island Dr., Suite 105 San Diego, CA 92106, USA 

Copyright © 2024 DreamSave Data Privacy Policy - All Rights Reserved.

-----------------------------------------------------------------------------------------------------
2. To enable account restoration requests, DreamStart Labs retains necessary group and group member data for 30 days after an account is deleted. If no request to restore the account is made, data is permanently deleted.

    • Related Articles

    • DreamStart Labs End User License Agreement (EULA)

      DreamStart Labs Terms and Conditions for Users Before registering for a DreamSave account, users must review the agreement below that explains DreamStart Labs' terms of use. Here is the full agreement: Agreement Summary DreamStart Labs is giving you ...

    • DreamStart Labs Statement of Ethics

      DreamStart Labs is strongly committed to highest ethical and moral standards in all its activities and business practices. This Statement of Ethics outlines the general principles we expect from all DreamStart Labs employees, contractors, volunteers, ...

    • DreamSave Insights End User License Agreement (EULA)

      DreamSave Insights Terms and Conditions for Users This DreamSave Insights End User License Agreement (this "Agreement") is by and between DreamStart Labs, Inc., a Delaware public benefit corporation ("DSL," "we", or "us") and you or the entity that ...

    • DreamSave Security Principles

      How DreamSave Keeps Group and Member Data Secure DreamStart Labs, Inc. is committed to protecting the security of our users and being a proactive advocate for consumer protection. For more details about our approach to data privacy, see the ...

    • DreamSave Insights Glossary

      DreamSave Insights Glossary Definitions and Formulas for Terms found in DreamSave Insights Last Updated: November, 06, 2023 Below is a list of terms (in alphabetical order) from DreamSave Insights along with their descriptions and formulas. If you ...