PRIVACY POLICY
​
From its inception, slate has always been and will always remain committed to the privacy of Personal Information. Both Advisor and Client information will remain information of the Advisor and Client, only. As a WealthTech platform, we undertake to only collect the minimum amount of Personal Information necessary to provide a service to Advisors and Clients. Our staff and Authorised Service Providers are bound by confidentiality and privacy obligations that align directly with this Privacy Policy. They are given access only to the information they require to fulfill their responsibilities.
​
This Privacy Policy describes and explains what Personal Information we collect, how we use it and how we protect it. “Personal Information” means any information that is recognised as such under South African Law and includes any information which identifies an Advisor (our customer) or a Client (an Advisor’s customer) or which, when linked to other information, can personally identify an Advisor or a Client.
​
This Privacy Policy, and the Data FAQs form part of and must be read together with the slate Terms of service.
​
Contents
​
1. Personal Information
1.1. What data does Slate store?
1.2. Is your Personal Information deleted when you close your profile?
1.3. Do we retain your data for as long as we need it unless you ask us to delete it?
1.4. Can slate staff see your Personal Information?
1.5. Can I correct my Personal Information?
2. Collection, storage and Use of Data
2.1. How is data linked to a client?
2.2. Does slate ever disclose my Personal Information to 3rd parties?
2.3. Does slate use my information for any purpose other than providing the Service to me?
2.4. Will slate ever sell my Personal Information?
2.5. How does Slate store sensitive data? [only include once encryption is implemented]
2.6. Where and how are client passwords stored?
2.7. How is data communicated between the Slate app, servers and databases?
2.8. How are client bank and investment account passwords stored and used in Slate?
2.9. Can any bad actor use the account data to transact a client’s cash or investments?
2.10. Who is Yodlee?
2.11. Does slate encrypt and protect my information?
2.12. Do we use Cookies?
3. Privacy Policy Updates
3.1. Can we change our Privacy Policy and what happens if it does?
3.2. What happens if the ownership of slate changes hands?
4. Communication
4.1. Do we send you communication about slate with an option to opt out?
4.2. Can you have your name removed from our public forum/message board?
4.3. Who should I contact if I have any comments, questions, concerns or complaints?
1. Personal Information
​
1.1. What data does Slate store?
​
Slate only stores client data that is absolutely necessary for the effective function of Slate and the optimal user experience of advisor and client. To this end, Slate stores the minimal personal information required, such as client name, email and birth date. Elaborative data such as family structure, gender, ID number etc. is not required for the functioning of Slate but is made available to the advisor and client for enhanced user experience.
​
Slate only stores client account data that has been explicitly volunteered by the client and only the required amount of account data to allow a client to successfully link their goals to their accounts, and to monitor their investments.
​
1.1.1. Registration Information
​
Name, email address and password you provide when you register to use the Service so that we know who you are, can authenticate your use of the Service and are able to contact you about Service related matters.
​
1.1.2. Security Credentials
​
Your User ID, Password and any other required authentication information to automatically collect your Account Information from the secure websites and systems of your nominated Product/Service Providers on your behalf. From the time you submit this information to us it is always transferred and stored in encrypted form. It is stored only by Yodlee (our Authorised Aggregation Service Provider) and is only ever used to collect your account information from your nominated Product/Service Providers on your behalf to be used in the Service. Your Security Credentials are never disclosed to any other third party and at no time can employees of slate or Yodlee access them.
​
1.1.3. Account Information
​
Balances, transactions, debit orders, credit score, tax calculations, cover values, beneficiary details, trading margin, trading positions, asset & fund allocations and other account-specific details that Yodlee’s automated aggregation service collects from your Product/Service Providers on your behalf or that you provide directly to the slate Service via the Website or Mobile Applications. You will have full access to this information via the Service. You will also have access to the information and insights our automated algorithms derive from your Account Information.
​
1.1.4.Billing Information (applicable only after beta phase)
​
Bank account, credit card or other payment details you provide or may have provided. This information is handled separately from your Account Information and is disclosed to our authorised billing service providers during the collection process and is only used for this purpose.
​
1.1.5. Correspondence Information
​
Information we collect when we receive correspondence from you via email, social media, mobile text messages and phone calls. This includes your sender information, the content of the message and the metadata pertaining to the message. We use this information to communicate with you and to improve the Service.
​
1.1.6. Public Forum/Message Board Information
​
Your name (as provided at registration) as well as the messages you post on our public forum/message board. This information is visible to all users and will remain as such even if you terminate your use of the Service.
​
1.1.7. Website and Mobile Application connection information
​
Your IP address, type, version and language of Internet browser, operating system and version, type of device, screen resolution, referring and exit web pages. We use your IP address to understand the geographic makeup of our customer base and to assist with the identification of potential unauthorised access. We use the rest of this information to optimise the usability of the Service on your access device. We may also compile aggregate information to analyse usage patterns and make improvements to our Service.
​
1.1.8. Additional Verification Information
​
Copies of your identity documents or utility bills in order for us to verify your identity should you be unable to unlock your account through our standard online verification process.
​
1.1.9.Transaction and Financial Position Reporting
​
Upon your request, we may generate standardised financial reports or transaction reports for you to use and share as you choose. You may also change or revoke access to these reports at your sole discretion.
​
1.1.10. Financial Product Uptake and Pricing
​
We may require you to provide your cell phone number, date of birth, gender, smoker status, income level, level of education, occupation, occupation activities, residential address, housing details, vehicle details, driver’s license details and other similar details to enable you to take up and/or obtain personalised pricing of financial products.
​
1.1.11. Optional Personal Information
​
You may also opt to provide us with information such as your age, employment status, marital status, number of children, residential province & city, geolocation, credit score, financial objectives, savings goals, personal interests and other similar details that we may use to customise the Service for you and provide you with more accurate, personal and contextually relevant insights.
​
1.2. Is your Personal Information deleted when you close your profile?
​
Yes. When you close your profile we delete your Personal Information (including your Security Credentials for your Product/Service Provider websites and your profile information). There may be some information that we are required by South African law to retain.
​
1.3. Do we retain your data for as long as we need it unless you ask us to delete it?
​
Yes. We will keep your information for as long as you are an active customer of the Service. We delete your information when you terminate your use of the Service but will retain some Personal Information for so long as we are obliged to do so under South African law. Such information will always be maintained under the same security and privacy controls that are in place for other customers of the Service.
​
1.4. Can slate staff see your Personal Information?
​
No. slate staff are bound by comprehensive confidentiality obligations. Our staff are given access only to information they are required to see in order for them to fulfill their responsibilities. In all cases we provide access to the minimum amount of information. Given their role, our customer support team has access to the most amount of Personal Information – to enable them to answer your support questions. In addition to Service usage information, our internal systems provide them with secure access to:
-
Your name and email address
-
The names of your Product/Service Providers and account types
-
Your account names as well as the last four digits of your account and card numbers
-
Transaction dates and descriptions - no transaction or balance amounts
​
1.5. Can I correct my Personal Information?
​
Yes. You are able to correct inaccurate Personal Information via the Service once you have successfully logged in. Alternatively, you may request us to correct inaccurate information via email at support@slateadvisor.com. We will require that you verify you are in fact the owner of such Personal Information. Once the changes are made we will notify you by email at your nominated email address. If there is any Personal Information not accessible via the Service that you wish to have access to for purposes of correcting. Contact support@slateadvisor.com
2. Collection, storage and Use of Data
​
2.1. How is data linked to a client?
​
Client data on Slate is anonymized to every extent possible. This means that, aside from a small set of distinct personal client information (name, birth date and email etc. as above) that is stored on a separate database table, all other client data can in no way be identified as belonging to a specific client.
​
2.2. Does slate ever disclose my Personal Information to 3rd parties?
​
We disclose your Personal Information only to our Authorised Service Providers with whom we contract to assist us in providing the Service to you. We make use of Authorised Service Providers to automatically aggregate your Account Information, host and run our servers, send emails, manage support requests and enrich information. They process your Personal Information strictly in accordance with our instructions and for the purpose for which such Personal Information has been disclosed to them. They will always be under obligation to protect your Personal Information on terms that provide the same or equivalent protection as set out in this Privacy Policy.
​
In addition, we may disclose your Personal Information to law enforcement, other government officials, or other third parties as may be necessary in connection with an investigation of fraud, intellectual property infringements, cyber crime, or other activity that is illegal or may expose us or our Authorised Service Providers to legal liability.
​
2.3. Does slate use my information for any purpose other than providing the Service to me?
​
We may aggregate and analyse your ‘de-identified’ information (i.e. stripped of all uniquely identifiable attributes and that cannot subsequently be re-identified) with that of other customers and information received from other sources. We will do this to develop market insights, troubleshoot problems, detect and protect against error, fraud and other criminal activity, identify behaviour/usage patterns and improve our Service generally. We may publish or share the insights we develop through this process.
​
2.4. Will slate ever sell my Personal Information?
​
No. We collect and use your Personal Information only to provide the Service to you and as set out in this Policy. Your Personal Information remains exactly that – yours.
​
2.5. How does Slate store sensitive data? [only include once encryption is implemented]
​
Where client data stored by Slate is capable of identifying a certain client, that data has been encrypted using AES 256-bit encryption. This means that, in the hypothetical event of a data breach, the bad actor will be unable to read sensitive client data for unethical use.
​
2.6. Where and how are client passwords stored?
​
Slate explicitly does not store any client passwords. Slate is partnered with a third-party, Auth0 (see auth0.com) who are leading experts in user password storage and management and are aligned with cutting edge password security principles. Auth0 store client passwords in the form of a hash with bcrypt and are never stored in plain text. Passwords are checked by Auth0 which then verifies that the user password is correct before returning Slate a web token which allows the client access to the Slate system. Slate itself does not read, transfer or handle the client’s password in any way whatsoever. Please see Auth0’s password storage policies for advanced information.
​
2.7. How is data communicated between the Slate app, servers and databases?
​
Slate makes use of industry standard https protocols. This means that all transfer of client data is encrypted and cannot be exposed in “man-in-the-middle” attacks.
​
2.8. How are client bank and investment account passwords stored and used in Slate?
​
Slate is partnered with Yodlee who handle all client bank and investment account access, client account passwords and reading of client account data. To this end, Slate explicitly does not view client account passwords, save passwords or handle passwords in any step of the client account access process whatsoever. Slate will never be able to directly access a client’s account.
​
Slate is only able to gain ‘read’ rights of client account information when explicitly consented by the client (meaning Slate can read information on client accounts only and cannot edit or transact in any way). Slate is granted temporary read access of client account information only after (1) the client has consented through enabling access by logging into their account using their username and password, and (2) Slate requesting a temporary access token that allows Slate to read information from the client account.
​
Should a client leave the Slate app, Yodlee will handle the removal of the client’s account and any ability for Slate to read their account data in future. Should a client change their account password, Yodlee too will not be able to access their account information any longer.
​
2.9. Can any bad actor use the account data to transact a client’s cash or investments?
​
No. Should, hypothetically, a bad actor ever manage to intercept a temporary access token to view a client’s data, they would only be to do so for a brief period of time. They will not be able to transact on client’s accounts, withdraw funds, eft a client’s cash or perform any other action on a client’s account in any way whatsoever.
​
2.10. Who is Yodlee?
​
Envestnet | Yodlee is the leading data aggregation and data analytics platform, helping consumers live better financial lives through innovative products and services created for more than 1400 financial institutions and FinTech companies, including 15 of the top 20 U.S. banks. For more information on how Yodlee aggregates and manages user data, please see yodlee.com.
​
2.11.Does slate encrypt and protect my information?
​
Yes. We use a combination of technical, procedural and operational measures to keep your information safe and secure.
2.12. Do we use Cookies?
​
Yes, unless you have disabled Cookies in your Internet browser, we will store Cookies on your computer/device when you visit our website. These Cookies (small text files containing a string of characters) enable us to recognise you as a returning visitor, track your usage behaviour, as well as store your user preferences and other information. We do this to remember information so that you will not have to re-enter it during your visit or the next time you visit the Website. Cookies also allow us to provide custom, personalised content and information, monitor the effectiveness of our marketing campaigns and monitor aggregated metrics such as the total number of visitors and pages viewed.
3. Privacy Policy Updates
​
3.1. Can we change our Privacy Policy and what happens if it does?
​
Yes. We may change our Privacy Policy at any time. We will notify you of any lessening of your rights or our obligations regarding your Personal Information before such changes are made. We will post the new policy on the Website or Mobile Applications and if you are not happy with the new Privacy Policy you may terminate your use of the Service. The most current version of the policy will govern our use of your information and will always be available at https://www.slateadvisor.com/legal/privacy. By continuing to use the Service after changes to the Privacy Policy become effective, you agree to be bound by the revised Privacy Policy.
​
3.2. What happens if the ownership of slate changes hands?
​
If we become involved in any merger, consolidation, or sale of our assets and this involves the sharing in any way of your Personal Information, we will ensure the confidentiality of such information and let you know before your Personal Information is transferred and becomes subject to a different Privacy Policy. Should you not wish for your Personal Information to be so transferred, you may terminate your use of the Service by closing your account, which will result in the deletion of your Personal Information.
4. Communication
​
4.1. Do we send you communication about slate with an option to opt out?
​
Yes. You may opt out of disclosure of your Personal Information. Should you choose to do this and should the opt out be in respect of Personal Information necessary to provide the Service, we may not be able to extend certain features to you and in such circumstances, we will notify you of this. Should you still wish to opt out after such notification you will be entitled to do so or terminate your use of the Service, which will result in the deletion of your Personal Information. We also send you push notifications and alerts which can be switched on off inside the app.
​
4.2. Can you have your name removed from our public forum/message board?
​
Yes. If you wish to have your name removed from the messages you post to our public forum/message boards please contact us.
​
Contact: support@slateadvisor.com
​
4.3. Who should I contact if I have any comments, questions, concerns or complaints?
​
If you have any questions, comments or concerns about our Privacy Policy, please contact us at: support@slateadvisor.com.
In addition to above, we have appointed an Information Officer (in accordance with the terms set out in the POPI Act). Our Information Officer can be reached at: InformationOfficer@slateadvisor.com.
---------------------- End ----------------------
​
​