How We Use Your Data
We use the information we collect in our products in several ways:
- Help you use the product for its primary purpose.
- Personalize your experience by storing helpful information about your preferences.
- Provide personalized support when you have questions or problems.
- Notify you when updates are available.
- Improve our products by better understanding how people are using them.
Data Security and Loss Prevention
Our solutions incorporate a wide range of best-in-class security and data protection measures designed to secure your personal information from unauthorized access, alteration, disclosure, and data loss. All information you provide to us is encrypted and protected behind multiple layers of security. Your data is also protected from data loss and data corruption by industry-standard technologies and processes. Additional details about our secure-by-design approach are available in our DreamSave Security Principles document.
Our users also play a key role in the security of their own personal information. We encourage users to avoid passcodes that are easy to guess, and to keep their passcodes confidential at all times. Sharing passcodes with others can lead to compromised data.
While we do our best to protect your personal information using industry-standard security technology and processes, we cannot guarantee the security of your personal information and are not responsible for the circumvention of any privacy settings or security measures we provide.
Sharing General and Aggregate Data
When DreamSave groups enter the Partner ID and agree to allow the partner to view their records, that Partner and its affiliates will be able to view aggregated information about the group through the DreamSave Insights dashboard for monitoring and evaluation purposes. Partners with registered groups and accounts on the Insights dashboard will only have permission to view specific types of information about your group based on the consent given during the creation of your DreamSave account. Such information includes group transactions, saving and loan history, gender, age, education profile, as well as activity levels.
No person or organization will ever be able to access or view user data through DreamSave Insights unless they are an official partner or affiliate of DreamStart Labs with a verified account. Each Insights user account will only be able to view data for the groups they support within a given partner project/program and country.
Aggregated data shared with partners and/or their affiliates will never identify, reveal, or expose the private information of any individual user or group of users in any way without their explicit consent.
Lastly, as a thought leader in our industry, we may at times also share broad general trends and insights based on aggregate data from our systems, in the public domain in the form of blogs or news articles. Such data will never identify, reveal, or expose the private information of any individual user.
Accessing, Correcting, or Deleting Your Personal Data
You are welcome to review and change your personal information at any time by logging in and visiting your personal profile page. You can remove any personal information that you have provided to us at any time, including deleting your user account if desired. Please note that to ensure the data integrity and accuracy of group account financial records, the history of your previous individual transactions will remain viewable in the historical records of savings groups that you were a member of until the end of the current cycle. Your account information and profile will be removed from all future cycles conducted by your savings group. Groups and members may request for their DreamSave account to be deleted. Please see the detailed steps and implications in the “Data Deletion” section below.
Data Deletion
DreamStart Labs aims to only retain data necessary to support the effective use of the DreamSave app and to tailor user experiences or assistance required from our support team. The need to retain data varies widely with the type of data and the purpose for which it was collected. DreamStart Labs strives to ensure that data is only retained for the period necessary to fulfill the purpose for which it was collected and is deleted from our records when no longer required for their intended purpose.
The type of data we consider necessary to retain, and eventually delete, includes all data collected by the DreamSave app and is stored on DreamStart Labs owned or leased systems and media, regardless of location. This applies to data directly collected from users when provided to us via the DreamSave app (such as user name, phone number, and encrypted passcode), as well as data shared automatically with us when using the app (such as usage, device, location, and stored information).
Account data retained and duration: User account data linked to particular projects run by our partners will be retained for the lifetime of those projects by default. Once projects expire, DreamStart labs will retain both user-inputted and automatically-generated user data from the DreamSave app for as long as a group or individual account is actively used, or if the data continues to be deemed necessary by our partners for reporting, monitoring, and evaluation purposes.
Account data validation: Data validation will be performed by DreamStart Labs Customer Success (CS) Representatives with our partners at least once every month and at the end of their respective projects with saving group cohorts. If a Partner directly requests for groups to be disabled from the Partner’s Insights account, DreamStart Labs can disable the groups so that they do not show on a Partner’s Insights account. Disabling means groups will not show up on the Partner’s Insights account or other other platforms but it does not mean the group account is deleted.
Account data deletion: DreamStart Labs intends to uphold each account deletion request for data privacy and minimization purposes while also maintaining the integrity and correctness of the financial history recorded for each savings group. For this reason, all personal and financial information related to a deleted account is permanently deleted from internal systems accessible by end users and external partners of DreamSave Platform. Information stored within our backup system is only retained for security purposes and to preserve the functioning of financial calculations applied within the DreamSave app. This data is not accessed by DreamStart Labs for any reason, including account restoration processes.
There are two ways user accounts may be deleted:
- User-Requested Account Deletion: Savings groups who wish to permanently delete their group account information from our systems can do so by choosing the “Delete Group Account” option under the account setup tab. This process will require two of the group's elected officers and one other member to enter their respective passcodes on the DreamSave app to authorize the account deletion. An SMS will be sent out to alert members of group account deletions. Individual members with personal accounts can also request for their data to be permanently deleted by clicking on the “Delete My Account” button at the bottom of the account dashboard screen from their Personal Login.
- Groups or individual users are able to request the restoration of their accounts and data via the DreamSave app in one of two ways: within 30 days of the account being deleted. Account restoration requests can either be made by clicking on the “Restore Deleted Account” button on the homepage, or by requesting a group account be restored when prompted by the app when trying to log into a group account.
- If 30 days have lapsed since an initial account deletion request was made and no reactivation request has been received and a saving group’s cycle has come to an end and share-out has taken place, the account will be deleted immediately.
- Automatic Deletion due to Dormancy: If group accounts are found dormant within a 6-month period (no meeting recorded or data synced online) and those account owners have failed to reactivate their dormant account within 30 days, DreamStart Labs will delete the account.
- User accounts are automatically flagged as dormant if not a single meeting has been synced or recorded within 6 months of registering the account.
- CS representatives confirm the intentional inactivity of accounts and permission for account deletion by 1) ensuring that no technical issues are preventing active use of the DreamSave app, and 2) groups fail to request reactivation of their accounts within 30 days of it being deleted. CS Representatives confirm account activity through monthly engagements between CS representatives and partners to discuss partner data and group validation.
- The account will be permanently deleted if: 1) 30 days have lapsed without a request for an account to be restored2, and 2) if a saving group’s cycle has come to an end and shareout has taken place, and 3) dormant accounts remain deleted after 30 days.
- Additionally, the DreamStart Labs engineering team conducts annual reviews to ensure the effective operation of automated data destruction protocols and alerts if preconditions mentioned above are met.
Data Storage & Retention
Electronic data is stored and retained in multiple servers on Google Cloud Platform and maintained by DreamStart Labs Engineering team. The DreamSave Platform stores data in three different ways for different use cases:
- EventStore: This immutable storage, backed by MongoDB, directly receives data from DreamSave Mobile Applications. The immutable nature of EventStore ensures that data remains complete, secure, and auditable.
- Read Model: This normalized data model, backed by PostgreSQL, processes and stores events from the EventStore in optimized forms. It allows for faster retrieval for both internal and external users. However, upon receiving a user's group/account deletion request, the data is promptly removed from this storage, ensuring that no external user has access to the deleted data.
- Computed Data Read Model: DreamSave Insights, the analytics dashboard, showcases advanced analytics and user behaviors. Data from the EventStore undergoes advanced computations to calculate metrics and behaviors, stored in this MongoDB-backed storage.
The following steps will be taken to validate the retention of user data:
- Group and individual user accounts will be monitored on a monthly basis by CS representatives to evaluate account activity and backup status
- CS representatives will engage with relevant users and partners to address any technical issues that may limit account activity
- CS representatives will affirm the retention of inactive group and user account data with partners on a monthly basis, and at the end of partner projects.
- Data from user accounts will be retained if users request the reactivation of their accounts within 30 days of their deletion.
Data duplication
DreamStart Labs aims to avoid duplication in data storage whenever possible. However, there may be instances in which, for programmatic or other business reasons, it is necessary for data to be held in more than one place. This policy applies to all data in DreamStart Lab’s possession, including duplicate copies of data.
The DreamStart Labs engineering team is responsible for the technical retention and maintenance of stored data, as well as its deletion. DreamStart Labs is responsible for account validation and authorizing the process for account deactivation and deletion.
The DreamStart Labs Product Manager, Michaella Allen (michaella@dreamstartlabs.com), should be notified if a problem with retention and destruction activities is identified.
Children Under the Age of 13
Our products are not intended for children under 13 years of age, and we do not knowingly collect personal information from any child under 13. If we learn we have inadvertently collected or received personal information from an underage child without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at info@dreamstartlabs.com or DreamStart Labs, Inc., 2907 Shelter Island Dr, Suite 105, San Diego, CA 92106.
Additional Legal Disclaimers
In full accordance with the above guidelines and policies, please note that we also reserve the legal right to disclose data in the following specifically defined circumstances:
- When required by law to comply with a court order or legal process.
- If disclosure is necessary or appropriate to protect the legal rights, property, or safety of our customers, stakeholders, or other key parties, including fraud protection and credit risk reduction.
- To enforce legal rights arising from any contracts or license agreements entered into between DreamStart Labs and our users.
- Note that third-party service providers under contract with DreamStart Labs may at times need access to our systems to support our business. These entities are bound by strict contractual obligations to support our data privacy policy, to keep personal information confidential, and to use it only for the purposes for which we engage them in the full support of our users.
Changes to Our Privacy Policy
We may update our privacy policy from time to time. If we make material changes to how we treat our users’ personal information, we will post the new privacy policy on this page with a notice that the privacy policy has been updated. We will also include a direct link to this page from within the user interface of all relevant products.
To ask questions or comment about this privacy policy and our privacy
DreamStart Labs, Inc.
2907 Shelter Island Dr., Suite 105 San Diego, CA 92106, USA
Copyright © 2024 DreamSave Data Privacy Policy - All Rights Reserved.
-----------------------------------------------------------------------------------------------------
2. To enable account restoration requests, DreamStart Labs retains necessary group and group member data for 30 days after an account is deleted. If no request to restore the account is made, data is permanently deleted.