DreamStart Labs: Keeping Your Data Safe and Secure

DreamStart Labs Data Privacy Policy

DreamStart Labs Commits to Protecting Your Privacy

DreamStart Labs, Inc. is committed to protecting the privacy of our users and being a proactive advocate for consumer protection. Our data privacy policy is based on the European Union’s General Data Protection Regulation (GDPR1) standard – widely considered to be the most pro-consumer data privacy legislation in the world.

Four Key Commitments

We believe the most important measure of consumer protection is also the simplest – asking ourselves how we would want to be treated as customers. With this overall philosophy in mind, our data privacy policy is based on four simple commitments to our users:
  1. We will never disclose, share, or sell your data. Your data belongs to you. We will never share it without your explicit consent.
  2. We will keep your data secure at all times. We will use the highest industry-standard security technology to protect your data while it is stored on your phone, in transmission over the internet, and on our servers.
  3. Your data will always be available to you. You will always be able to access your personal data, even if you stop using our products. We will never charge you to access your own information.
  4. We will remove your data from our systems anytime you want If you decide to stop using our products and no longer want your historical information to be saved by us, we will immediately remove it from our servers.

How We Collect Data

We collect information from our users in two ways:
  1. Directly when you provide it to us. When you create an account in our products, you enter personal information such as your name, phone number, and passcode. This information is used to complete your user profile, send you personalized transaction summaries, and allow you to securely log in and access your private information.
  2. Automatically as you use our products. When you use our products, we also collect information automatically to personalize your user experience and help us support you proactively when you have questions or problems. This data is kept secure at all times and is never disclosed to third parties. The following information may be collected automatically through the normal usage of our products. 
  • Usage Information: As you use our products, we may collect details such as network data, time stamps, and usage logs to better understand and support your experience.

  • Device Information: We may collect information about your mobile device and internet connection, including the phone’s unique device identifier, IP address, operating system, browser type, mobile network information, and telephone number.

  • Location Information: We may collect information about the location of your device when it connects to the internet.

  • Stored Information: We may access metadata and other information stored on your phone such as device settings to ensure we support your personal preferences.

How We Use Your Data

We use the information we collect in our products in several ways:

  • Help you use the product for its primary purpose.

  • Personalize your experience by storing helpful information about your preferences.

  • Provide personalized support when you have questions or problems.

  • Notify you when updates are available.

  • Improve our products by better understanding how people are using them.

Data Security and Loss Prevention

Our solutions incorporate a wide range of best-in-class security and data protection measures designed to secure your personal information from unauthorized access, alteration, disclosure, and data loss. All information you provide to us is encrypted and protected behind multiple layers of security. Your data is also protected from data loss and data corruption by industry-standard technologies and  processes. Additional details about our secure-by-design approach are available in our DreamSave Security Principles document.

Our users also play a key role in the security of their own personal information. We encourage users to avoid passcodes that are easy to guess, and to keep their passcodes confidential at all times. Sharing passcodes with others can lead to compromised data. 

While we do our best to protect your personal information using industry-standard security technology and processes, we cannot guarantee the security of your personal information and are not responsible for the circumvention of any privacy settings or security measures we provide.

Sharing General and Aggregate Data

When DreamSave groups enter the Partner ID and agree to allow the partner to view their records, that Partner and its affiliates will be able to view aggregated information about the group through the DreamSave Insights dashboard for monitoring and evaluation purposes. Partners with registered groups and accounts on the Insights dashboard will only have permission to view specific types of information about your group based on the consent given during the creation of your DreamSave account. Such information includes group transactions, saving and loan history, gender, age, education profile, as well as activity levels. 

No person or organization will ever be able to access or view user data through DreamSave Insights unless they are an official partner or affiliate of DreamStart Labs with a verified account. Each Insights user account will only be able to view data for the groups they support within a given partner project/program and country. 

Aggregated data shared with partners and/or their affiliates will never identify, reveal, or expose the private information of any individual user or group of users in any way without their explicit consent. 

Lastly, as a thought leader in our industry, we may at times also share broad general trends and insights based on aggregate data from our systems, in the public domain in the form of blogs or news articles.  Such data will never identify, reveal, or expose the private information of any individual user. 

Accessing, Correcting, or Deleting Your Personal Data

You are welcome to review and change your personal information at any time by logging in and visiting your personal profile page. You can remove any personal information that you have provided to us at any time, including deleting your user account if desired. Please note that to ensure the data integrity and accuracy of group account financial records, the history of your previous individual transactions will remain viewable in the historical records of savings groups that you were a member of until the end of the current cycle. Your account information and profile will be removed from all future cycles conducted by your savings group. Groups and members may request for their DreamSave account to be deleted. Please see the detailed steps and implications in the “Data Deletion” section below.

Data Deletion

DreamStart Labs aims to only retain data necessary to support the effective use of the DreamSave app and to tailor user experiences or assistance required from our support team. The need to retain data varies widely with the type of data and the purpose for which it was collected. DreamStart Labs strives to ensure that data is only retained for the period necessary to fulfill the purpose for which it was collected and is deleted from our records when no longer required for their intended purpose.

The type of data we consider necessary to retain, and eventually delete, includes all data collected by the DreamSave app and is stored on DreamStart Labs owned or leased systems and media, regardless of location. This applies to data directly collected from users when provided to us via the DreamSave app (such as user name, phone number, and encrypted passcode), as well as data shared automatically with us when using the app (such as usage, device, location, and stored information). 

Account data retained and duration: User account data linked to particular projects run by our partners will be retained for the lifetime of those projects by default. Once projects expire, DreamStart labs will retain both user-inputted and automatically-generated user data from the DreamSave app for as long as a group or individual account is actively used, or if the data continues to be deemed necessary by our partners for reporting, monitoring, and evaluation purposes.  

Account data validation: Data validation will be performed by DreamStart Labs Customer Success (CS) Representatives with our partners at least once every month and at the end of their respective projects with saving group cohorts. If a Partner directly requests for groups to be disabled from the Partner’s Insights account, DreamStart Labs can disable the groups so that they do not show on a Partner’s Insights account. Disabling means groups will not show up on the Partner’s Insights account or other other platforms but it does not mean the group account is deleted

Account data deletion: DreamStart Labs intends to uphold each account deletion request for data privacy and minimization purposes while also maintaining the integrity and correctness of the financial history recorded for each savings group. For this reason, all personal and financial information related to a deleted account is permanently deleted from internal systems accessible by end users and external partners of DreamSave Platform. Information stored within our backup system is only retained for security purposes and to preserve the functioning of financial calculations applied within the DreamSave app. This data is not accessed by DreamStart Labs for any reason, including account restoration processes. 

There are two ways user accounts may be deleted:

  1. User-Requested Account Deletion: Savings groups who wish to permanently delete their group account information from our systems can do so by choosing the “Delete Group Account” option under the account setup tab. This process will require two of the group's elected officers and one other member to enter their respective passcodes on the DreamSave app to authorize the account deletion. An SMS will be sent out to alert members of group account deletions. Individual members with personal accounts can also request for their data to be permanently deleted by clicking on the “Delete My Account” button at the bottom of the account dashboard screen from their Personal Login.
    1. Groups or individual users are able to request the restoration of their accounts and data via the DreamSave app in one of two ways: within 30 days of the account being deleted. Account restoration requests can either be made by clicking on the “Restore Deleted Account” button on the homepage, or by requesting a group account be restored when prompted by the app when trying to log into a group account.
    2. If 30 days have lapsed since an initial account deletion request was made and no reactivation request has been received and a saving group’s cycle has come to an end and share-out has taken place, the account will be deleted immediately.
  2. Automatic Deletion due to Dormancy: If group accounts are found dormant within a 6-month period (no meeting recorded or data synced online) and those account owners have failed to reactivate their dormant account within 30 days, DreamStart Labs will delete the account.
    1. User accounts are automatically flagged as dormant if not a single meeting has been synced or recorded within 6 months of registering the account.
    2. CS representatives confirm the intentional inactivity of accounts and permission for account deletion by 1) ensuring that no technical issues are preventing active use of the DreamSave app, and 2) groups fail to request reactivation of their accounts within 30 days of it being deleted. CS Representatives confirm account activity through monthly engagements between CS representatives and partners to discuss partner data and group validation.
    3. The account will be permanently deleted if: 1) 30 days have lapsed without a request for an account to be restored2, and 2) if a saving group’s cycle has come to an end and shareout has taken place, and 3) dormant accounts remain deleted after 30 days.
    4. Additionally, the DreamStart Labs engineering team conducts annual reviews to ensure the effective operation of automated data destruction protocols and alerts if preconditions mentioned above are met.

Data Storage & Retention

Electronic data is stored and retained in multiple servers on Google Cloud Platform and maintained by DreamStart Labs Engineering team. The DreamSave Platform stores data in three different ways for different use cases: 
  1. EventStore: This immutable storage, backed by MongoDB, directly receives data from DreamSave Mobile Applications. The immutable nature of EventStore ensures that data remains complete, secure, and auditable.
  2. Read Model: This normalized data model, backed by PostgreSQL, processes and stores events from the EventStore in optimized forms. It allows for faster retrieval for both internal and external users. However, upon receiving a user's group/account deletion request, the data is promptly removed from this storage, ensuring that no external user has access to the deleted data.
  3. Computed Data Read Model: DreamSave Insights, the analytics dashboard, showcases advanced analytics and user behaviors. Data from the EventStore undergoes advanced computations to calculate metrics and behaviors, stored in this MongoDB-backed storage.   
The following steps will be taken to validate the retention of user data:
  1. Group and individual user accounts will be monitored on a monthly basis by CS representatives to evaluate account activity and backup status
  2. CS representatives will engage with relevant users and partners to address any technical issues that may limit account activity
  3. CS representatives will affirm the retention of inactive group and user account data with partners on a monthly basis, and at the end of partner projects. 
  4. Data from user accounts will be retained if users request the reactivation of their accounts within 30 days of their deletion. 

Data duplication 

DreamStart Labs aims to avoid duplication in data storage whenever possible. However, there may be instances in which, for programmatic or other business reasons, it is necessary for data to be held in more than one place. This policy applies to all data in DreamStart Lab’s possession, including duplicate copies of data. 

The DreamStart Labs engineering team is responsible for the technical retention and maintenance of stored data, as well as its deletion. DreamStart Labs is responsible for account validation and authorizing the process for account deactivation and deletion. 

The DreamStart Labs Product Manager, Michaella Allen (michaella@dreamstartlabs.com), should be notified if a problem with retention and destruction activities is identified.

Children Under the Age of 13

Our products are not intended for children under 13 years of age, and we do not knowingly collect personal information from any child under 13. If we learn we have inadvertently collected or received personal information from an underage child without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at info@dreamstartlabs.com  or DreamStart Labs, Inc., 2907 Shelter Island Dr, Suite 105, San Diego, CA 92106.

In full accordance with the above guidelines and policies, please note that we also reserve the legal right to disclose data in the following specifically defined circumstances:

  • When required by law to comply with a court order or legal process.

  • If disclosure is necessary or appropriate to protect the legal rights, property, or safety of our customers, stakeholders, or other key parties, including fraud protection and credit risk reduction.

  • To enforce legal rights arising from any contracts or license agreements entered into between DreamStart Labs and our users.

  • Note that third-party service providers under contract with DreamStart Labs may at times need access to our systems to support our business. These entities are bound by strict contractual obligations to support our data privacy policy, to keep personal information confidential, and to use it only for the purposes for which we engage them in the full support of our users.

Changes to Our Privacy Policy

We may update our privacy policy from time to time. If we make material changes to how we treat our users’ personal information, we will post the new privacy policy on this page with a notice that the privacy policy has been updated. We will also include a direct link to this page from within the user interface of all relevant products.

Contact Information

To ask questions or comment about this privacy policy and our privacy

practices, contact us at: info@dreamstartlabs.com

DreamStart Labs, Inc.

2907 Shelter Island Dr., Suite 105 San Diego, CA 92106, USA 

Copyright © 2024 DreamSave Data Privacy Policy - All Rights Reserved.

2. To enable account restoration requests, DreamStart Labs retains necessary group and group member data for 30 days after an account is deleted. If no request to restore the account is made, data is permanently deleted.

    • Related Articles

    • DreamStart Labs End User License Agreement (EULA)

      DreamStart Labs Terms and Conditions for Users Before registering for a DreamSave account, users must review the agreement below that explains DreamStart Labs' terms of use. Here is the full agreement: Agreement Summary DreamStart Labs is giving you ...
    • DreamSave Security Principles

      How DreamSave Keeps Group and Member Data Secure DreamStart Labs, Inc. is committed to protecting the security of our users and being a proactive advocate for consumer protection. For more details about our approach to data privacy, see the ...
    • The amount of data and storage DreamSave needs to run optimally

      Although DreamSave is designed to work both online and offline, there are a few elements that will need an internet connection such as regular updates, backup of user data or other services running in the background. We have carried out some rigorous ...
    • DreamSave Insights Glossary

      DreamSave Insights Glossary Definitions and Formulas for Terms found in DreamSave Insights Last Updated: November, 06, 2023 Below is a list of terms (in alphabetical order) from DreamSave Insights along with their descriptions and formulas. If you ...
    • What is DreamSave Insights?

      Learn More About DreamSave Insights DreamSave Insights  DreamSave Insights™ is the backend data analytics console for the DreamSave app. As savings groups use the free DreamSave app in the field, detailed data is automatically collected each time ...