mmott
Find my money

mott.  /  Legal

Privacy Policy.

How mott collects, uses, discloses, retains, and protects Personal Information, and the rights you may exercise. Drafted to comply with U.S. federal law and every comprehensive state privacy law in force on the Effective Date.

Effective
May 15, 2026
Last updated
May 15, 2026

Notice

This Privacy Policy (the “Policy”) describes how Money on the Table, LLC, a Montana limited liability company (“mott,” “we,” “us,” or “our”), collects, uses, discloses, retains, and protects Personal Information (as defined below) in connection with the websites located at mott.money and mott-demo.vercel.app, any successor or related properties, and any related online or offline services operated by mott (collectively, the “Service”).

This Policy is incorporated by reference into, and forms a part of, the mott Terms of Service (the “Terms”). By accessing or using the Service, you agree to the collection, use, and disclosure of your Personal Information as described in this Policy. If you do not agree, do not access or use the Service.

To the extent any provision of this Policy conflicts with a non-waivable provision of a Privacy Law (as defined below) applicable to you, that non-waivable provision controls solely with respect to you and solely to the extent of the conflict.

1. Definitions

For purposes of this Policy:

1.1Aggregated Information” means information that relates to a group or category of individuals, from which individual identities have been removed in accordance with the de-identification standards of the applicable Privacy Law, and that is not maintained in a form that could reasonably be linked to any identified or identifiable natural person.

1.2CCPA” means the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100–1798.199.100, as amended by the California Privacy Rights Act of 2020 and the regulations promulgated thereunder by the California Privacy Protection Agency.

1.3Consumer Health Data” has the meaning given in the Washington My Health My Data Act (Wash. Rev. Code §§ 19.373.005–19.373.900), Nevada Senate Bill 370 (Nev. Rev. Stat. § 603A.400 et seq.), and the consumer-health-data amendments to the Connecticut Data Privacy Act (Public Act No. 23-56), each as applicable.

1.4De-Identified Information” means information that cannot reasonably be used to infer information about, or otherwise be linked to, an identified or identifiable natural person, provided that mott (a) takes reasonable measures to ensure that the information cannot be associated with a natural person, (b) publicly commits to maintain and use the information only in a de-identified fashion and not to attempt to reidentify the information, and (c) contractually obligates any recipient of the information to comply with clauses (a) and (b).

1.5Dependent” means a natural person on whose behalf a User uses the Service in reliance on a Parental Authority Representation made by the User.

1.6GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation), together with the United Kingdom General Data Protection Regulation as retained and amended under the UK European Union (Withdrawal) Act 2018.

1.7HIPAA” means the Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191, together with the Health Information Technology for Economic and Clinical Health Act (Pub. L. No. 111-5, Title XIII) and the regulations promulgated thereunder at 45 C.F.R. Parts 160, 162, and 164.

1.8Identity Data” means the categories of Personal Information described in Section 3.1.

1.9Behavioral Data” means the categories of Personal Information described in Section 3.3.

1.10Opportunity” means any grant, scholarship, charity care program, government benefit, tax credit, subsidy, sign-up bonus, referral reward, survey, paid task, or similar offering surfaced by the Service.

1.11Parental Authority Representation” means a User's representation and warranty, made by submission of Dependent information through the Service, that the User is the parent or legal guardian of the Dependent and has the authority under applicable law to provide the Dependent's information for the purposes contemplated by this Policy.

1.12Partner” means an institution, government program, business, or other third party that operates an Opportunity surfaced by the Service or that contracts with mott as a Service Provider, a recipient of Aggregated Information, or a consumer-facing partner pursuant to Section 5.

1.13Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular natural person or household. Personal Information does not include De-Identified Information or Aggregated Information.

1.14Privacy Law” means any federal, state, or non-U.S. statute, regulation, or rule governing the collection, use, disclosure, or protection of Personal Information that is applicable to mott, the Service, or you, including, without limitation, the laws enumerated in Section 14.

1.15Process,” “Processing,” and “Processed” mean any operation or set of operations performed on Personal Information, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

1.16Profile Data” means the categories of Personal Information described in Section 3.2.

1.17Sensitive Personal Information” has the meaning given in the CCPA (Cal. Civ. Code § 1798.140(ae)) and the analogous defined terms in each other applicable comprehensive state Privacy Law (including “sensitive data” under the Virginia Consumer Data Protection Act, Va. Code § 59.1-575).

1.18Service Provider” means a third party that Processes Personal Information solely on behalf of mott, pursuant to a written contract that complies with the requirements of each applicable Privacy Law, and that is prohibited by such contract from Processing the Personal Information for any purpose other than the business purpose specified by mott.

1.19User,” “you,” and “your” mean a natural person who accesses or uses the Service.

Capitalized terms used but not defined herein have the meanings given in the Terms.

2. Mott's Status; Controllers and Processors

2.1 Except as expressly stated in Section 2.2, mott is the “controller” (under the GDPR), “business” (under the CCPA), and equivalent term under each other applicable Privacy Law with respect to the Personal Information Processed in connection with the Service.

2.2 Where you affirmatively initiate engagement with a Partner pursuant to Section 5.1, the Partner becomes a separate controller of the Personal Information you direct to it, and the Partner's own privacy policy governs the Partner's Processing of such information from and after that moment.

2.3 mott does not act as a “covered entity” or “business associate” under HIPAA in connection with the Service. Health information that you voluntarily submit to the Service does not constitute “protected health information” under HIPAA and is not subject to HIPAA. Such information is, however, subject to this Policy and, where applicable, to the laws referenced in Section 6.2.

2.4 mott does not act as a “financial institution” within the meaning of the Gramm-Leach-Bliley Act, 15 U.S.C. §§ 6801–6809, and the Service is not a “financial product or service” within the meaning of 12 U.S.C. § 5481(15). mott does not assemble or evaluate consumer credit information for the purpose of furnishing consumer reports to third parties and is not a “consumer reporting agency” within the meaning of the Fair Credit Reporting Act, 15 U.S.C. § 1681a(f).

3. Categories of Personal Information Collected

3.1 Identity Data. mott collects the following Identity Data: full name; email address; telephone number (if voluntarily provided); authentication credentials; and, if and when mott offers paid features, billing information Processed exclusively by mott's payment Service Provider.

3.2 Profile Data. mott collects the following Profile Data, in each case to the extent voluntarily provided by you: residential ZIP code; household composition; household income range; employment status; veteran status; student status; disability status; primary language; citizenship or work-authorization status; heritage or ethnicity (multi-select among broad OMB categories, with an optional sub-detail prompt for community-specific identification); existence and age of any Dependent; and answers to lifestyle and behavioral questions used to surface lifestyle-based subsidies (for example, whether you exercise regularly, drive an electric vehicle, are a non-smoker, or volunteer). Certain categories of Profile Data constitute Sensitive Personal Information and are governed by Section 6.

3.3 Behavioral Data. mott collects the following Behavioral Data: Opportunities you view, save, dismiss, or apply for; pathways selected; search terms entered; time spent on pages; referring URL; device and browser characteristics; approximate location (at the city or ZIP-code level) derived from your IP address; and standard server logs.

3.4 Dependent Information. A User who uses the dependent-search feature makes a Parental Authority Representation and, in reliance on that representation, submits limited Personal Information concerning the Dependent. Dependent information is treated as Profile Data subject to the additional protections set forth in Section 7.

3.5 Information mott Does Not Collect. mott does not collect biometric identifiers; government-issued identification numbers (including driver's license, passport, or military identification numbers); genetic information; the substance of any communication between you and a third-party institution; or Social Security numbers. mott does not perform identity-verification checks. mott does not purchase Personal Information about you from data brokers and does not enrich your profile from any external source.

3.6 Sources. Personal Information described in Sections 3.1 through 3.4 is collected (a) directly from you, (b) automatically from your device when you interact with the Service, and (c) in the case of Opportunity metadata only, from public datasets that mott catalogs to build the Opportunity database (which datasets do not contain Personal Information about you).

4. Purposes of Processing; Legal Bases

4.1 Purposes. mott Processes Personal Information only for the following business purposes:

  • (a) Matching. To identify Opportunities for which you may be eligible and to rank them by anticipated relevance.
  • (b) Personalization. To preserve saved Opportunities, selected pathways, and stated preferences across sessions.
  • (c) Service Operation. To create and authenticate accounts, send transactional communications, and provide customer support.
  • (d) Product Improvement. To identify defects, measure feature usage, and improve match quality, in each case using internal analytics. mott does not use third-party advertising analytics.
  • (e) Safety and Integrity. To detect, prevent, and respond to fraud, abuse, security incidents, and violations of the Terms.
  • (f) Legal Compliance. To comply with mott's obligations under applicable law, respond to lawful requests from public authorities, and enforce mott's rights.
  • (g) Aggregate Analytics. To produce Aggregated Information and De-Identified Information describing trends across the Service's user base, including for the purposes described in Section 5.3.

4.2 No Cross-Context Behavioral Advertising; No Sale. mott does not Process Personal Information for purposes of cross-context behavioral advertising as defined in Cal. Civ. Code § 1798.140(k) and the analogous provisions of other Privacy Laws. mott does not sell Personal Information within the meaning of Cal. Civ. Code § 1798.140(ad) or any analogous provision.

4.3 Legal Bases Under the GDPR. Where the GDPR applies, mott Processes Personal Information on the following legal bases: (a) performance of a contract to which you are a party (Article 6(1)(b)) for Sections 4.1(a), (b), and (c); (b) legitimate interests pursued by mott (Article 6(1)(f)) for Sections 4.1(d), (e), and (g), where such interests are not overridden by your fundamental rights and freedoms; (c) compliance with a legal obligation (Article 6(1)(c)) for Section 4.1(f); and (d) your explicit consent (Article 9(2)(a)) for the Processing of special categories of Personal Information described in Section 6.

5. Disclosures of Personal Information

mott discloses Personal Information only as described in this Section 5.

5.1 Consent-Gated Disclosure to Partners. mott does not transmit Identity Data or Profile Data to any Partner unless and until you affirmatively elect to engage that Partner through a consent-gated interface element. Upon such election, mott transmits only the minimum Personal Information necessary to initiate the engagement (typically your name, email address, ZIP code, the Opportunity at issue, and the text of any consent you affirmed). mott does not transfer your full profile to any Partner.

5.2 Service Providers. mott discloses Personal Information to its Service Providers solely to enable them to perform services on mott's behalf. As of the Effective Date, mott's Service Providers include the following categories of providers: hosting (Vercel, Railway); database and authentication (Supabase); generative AI processing (Anthropic); payment processing (Stripe, if and when paid features are offered); transactional email (SendGrid); and error monitoring (Sentry or comparable). Each Service Provider is bound by a written contract that requires confidentiality, security commensurate with the sensitivity of the Personal Information, and a prohibition on Processing the Personal Information for any purpose other than the business purpose specified by mott. A current list of subprocessors is available on request to privacy@mott.money.

5.3 Aggregate Disclosures to Partners. mott discloses Aggregated Information and De-Identified Information to Partners in the form of intelligence and compliance reports.

Such reports do not contain Personal Information of identifiable individuals.

mott applies minimum cohort thresholds consistent with the de-identification standards required by applicable Privacy Law, contractually prohibits recipients from attempting to reidentify any individual, and itself commits not to attempt reidentification. If a cohort cannot be reported without a reasonable risk of reidentification, mott suppresses the cohort.

5.4 Compelled Disclosure. mott may disclose Personal Information in response to lawful process (including subpoenas, court orders, and search warrants) or where mott in good faith believes that disclosure is necessary to comply with applicable law, to protect the rights, property, or safety of mott or others, or to prevent fraud or imminent harm. Where lawfully permitted, mott will attempt to provide notice to you in advance of such disclosure.

5.5 Corporate Transactions. In the event of a merger, acquisition, financing, reorganization, dissolution, bankruptcy, or sale of all or a portion of mott's assets, Personal Information may be transferred to the surviving or acquiring entity. mott will require any successor in interest to honor this Policy in all material respects with respect to the Personal Information transferred, or to provide you with notice and a reasonable opportunity to delete your Personal Information prior to any materially different Processing.

5.6 Other Disclosures. mott does not disclose Personal Information to any third party except as described in this Section 5 or with your prior consent.

6. Sensitive Personal Information; Consumer Health Data

6.1 Sensitive Personal Information. Certain categories of Profile Data may constitute Sensitive Personal Information under applicable Privacy Law, including: precise geolocation (which mott does not collect); citizenship or immigration status; racial or ethnic origin (collected on a voluntary opt-in basis solely to surface identity-based scholarships, grants, and benefits, with broad-category disclosure and an optional sub-detail prompt, and stored separately from Identity Data with the access controls described in Section 6.3); religious or philosophical beliefs (which mott does not collect); health information that you voluntarily disclose to identify health-related Opportunities; sexual orientation (which mott does not collect); and information that may reveal disability status. mott Processes Sensitive Personal Information solely for the matching purpose for which the information was provided and does not Process Sensitive Personal Information to infer characteristics about you or for any advertising purpose. You may exercise the right to limit the use of Sensitive Personal Information under Cal. Civ. Code § 1798.121 and analogous provisions of other Privacy Laws by submitting a request as described in Section 9.

6.3 Heritage and Ethnicity Specifics. Where you elect to provide heritage or ethnicity information through the Service: (a) disclosure is voluntary and the matching engine functions without it; (b) mott records the moment of disclosure in an append-only consent log that captures the disclosure copy version you saw, the values you provided, and the timestamp; (c) the data is stored on the same row-level-security-isolated Profile record described in Section 8 and is readable only to you and to mott's matching engine running in your authenticated session; (d) the data is never transmitted to a Partner except in aggregated, de-identified form subject to the minimum cohort thresholds described in Section 5.3; and (e) you may revoke this category of disclosure and require its deletion at any time by written request to privacy@mott.money, and mott will complete such deletion within thirty (30) days of receipt of a verifiable request.

6.2 Consumer Health Data. Certain Profile Data may constitute Consumer Health Data. Where applicable:

  • (a) mott collects Consumer Health Data only on the basis of your affirmative opt-in consent, evidenced by your voluntary submission of such information through the Service;
  • (b) mott Processes Consumer Health Data solely for the purposes set forth in Section 4 and discloses Consumer Health Data solely as set forth in Section 5;
  • (c) mott does not sell Consumer Health Data and has never sold Consumer Health Data;
  • (d) you may revoke consent and require deletion of your Consumer Health Data at any time by written request to privacy@mott.money, and mott will complete such deletion within thirty (30) days of receipt of a verifiable request; and
  • (e) mott will, upon written request, furnish the separate Consumer Health Data Privacy Notice required by Wash. Rev. Code § 19.373.020.

7. Dependents; Children Under 13

7.1 Dependent Information. A User who submits Dependent information thereby makes a Parental Authority Representation. mott Processes Dependent information solely to surface Opportunities benefiting the Dependent or the household and solely for the purposes set forth in Section 4. mott does not display advertising to Dependents, does not transmit Dependent information to any Partner absent a separate affirmative consent gesture by the User, and will delete Dependent information upon written request from the User.

7.2 COPPA. mott does not knowingly collect Personal Information directly from a child under the age of 13 in violation of the Children's Online Privacy Protection Act, 15 U.S.C. §§ 6501–6506, and its implementing regulations at 16 C.F.R. Part 312. Where a User submits information about a Dependent under the age of 13, the User's Parental Authority Representation constitutes verifiable parental consent for the limited purposes of this Policy. If mott becomes aware that it has Processed Personal Information directly from a child under 13 without verifiable parental consent, mott will promptly delete such Personal Information.

7.3 Minors Aged 13 to 17. Where applicable Privacy Law imposes heightened restrictions on the Processing of Personal Information concerning a known minor under the age of 18 (including, without limitation, Cal. Civ. Code § 1798.120(c), the Maryland Online Data Privacy Act, and analogous provisions), mott complies with such restrictions.

8. Cookies, Local Storage, and Online Tracking Technologies

8.1 Categories. mott uses a limited set of first-party cookies and local storage entries, including: (a) a session cookie used solely to authenticate the User; (b) a preferences cookie that retains User-interface selections, expiring no later than ninety (90) days after issuance; (c) a profile cache stored in local storage to retain in-progress Profile Data inputs across page reloads, cleared upon sign-out or User request; and (d) a first-party anonymous analytics cookie used to count page views and clicks for the purpose described in Section 4.1(d).

8.2 No Third-Party Advertising Pixels. mott does not embed third-party advertising pixels, including Meta Pixel, Google Ads conversion tags, TikTok Pixel, or analogous tools, on the Service.

8.3 Global Privacy Control. mott honors the Global Privacy Control signal transmitted by a User's browser as an opt-out of “sale” and “share” within the meaning of the CCPA and analogous laws that recognize such signal. Because mott does not sell or share Personal Information for cross-context behavioral advertising, the operational effect of a Global Privacy Control signal is to suppress mott's anonymous analytics cookie for the duration of the User's session.

9. User Rights

9.1 Rights. Subject to the applicable Privacy Law of your jurisdiction, you have the following rights with respect to Personal Information mott has Processed about you:

  • (a) the right to confirm whether mott is Processing Personal Information about you and to know the categories and specific pieces of Personal Information Processed (right to know / access);
  • (b) the right to obtain a copy of your Personal Information in a portable, structured, commonly used, and machine-readable format (right to portability);
  • (c) the right to correct inaccurate Personal Information;
  • (d) the right to delete Personal Information, subject to the exceptions enumerated in the applicable Privacy Law and to the retention obligations set forth in Section 11;
  • (e) the right to opt out of the sale or sharing of Personal Information for cross-context behavioral advertising (which mott does not do);
  • (f) the right to limit the use and disclosure of Sensitive Personal Information (see Section 6.1);
  • (g) the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning you (see Section 10);
  • (h) the right to withdraw consent at any time, including consent to Process Consumer Health Data;
  • (i) the right not to be subject to retaliation or adverse treatment for exercising any right under this Policy or applicable Privacy Law; and
  • (j) the right to appeal a denial of any request submitted under this Section 9, as described in Section 9.4.

9.2 Submitting a Request. To exercise any right described in Section 9.1, send a written request to privacy@mott.money with the subject line “Privacy Request.” mott will verify your identity using the minimum information reasonably necessary (typically the email address associated with your account and a confirmation email), and will respond to your request within the period required by the applicable Privacy Law, generally not exceeding forty-five (45) days from the date of receipt of a verifiable request, subject to one extension of no more than forty-five (45) additional days where reasonably necessary. mott will not charge a fee for a request unless the request is manifestly unfounded or excessive, in which case mott will notify you of the basis for the fee or refusal in advance.

9.3 Authorized Agents. You may designate an authorized agent to submit a request on your behalf where applicable Privacy Law permits. mott may require (a) signed written authorization from you, in a form sufficient under the applicable Privacy Law, and (b) verification of your identity directly with mott.

9.4 Appeal. If mott declines a request submitted under Section 9.2, you may appeal by replying in writing to the denial within sixty (60) days. mott will review the appeal and issue a written response within forty-five (45) days of receipt. If the appeal is denied, mott will provide instructions for submitting a complaint to the attorney general of your state of residence or the relevant supervisory authority.

9.5 California “Shine the Light” Notice. California Civil Code § 1798.83 entitles California residents to request, once per calendar year, a notice describing the categories of Personal Information mott disclosed to third parties for the third parties' direct marketing purposes in the preceding calendar year.

mott has not disclosed Personal Information to third parties for direct marketing purposes, and the response to any such request will accordingly state that the number of disclosures is zero.

10. Automated Decision-Making and Profiling

10.1 Use of AI. mott uses the Anthropic Claude API as a Service Provider to power matching and to generate plain-language eligibility explanations. mott transmits to the Claude API the minimum information reasonably necessary to perform the requested operation, which is generally a structured summary of Profile Data and the metadata of the Opportunities being evaluated. mott does not transmit Identity Data to the Claude API. Anthropic is contractually prohibited from using Personal Information transmitted by mott to train its models.

10.2 No Solely Automated Significant Decision. The matching output produced through use of the Claude API is advisory only and does not, of itself, produce a legal or similarly significant effect concerning you within the meaning of Cal. Civ. Code § 1798.185(a)(16), GDPR Article 22, or analogous provisions. Decisions regarding eligibility, approval, award amount, and disbursement are made by the institution that operates the Opportunity at issue, on its own terms and using its own criteria.

10.3 Right to Opt Out. Notwithstanding Section 10.2, a User may request that mott surface Opportunities using its rule-based matcher only, without Claude-layer ranking, by submitting a written request to privacy@mott.money. mott will honor such request.

11. Retention

11.1 Retention Periods. mott retains Personal Information only for so long as is reasonably necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, regulatory, or reporting requirement. Default retention periods are as follows:

  • (a) Identity Data: until thirty (30) days after deletion of the associated account;
  • (b) Profile Data: until thirty (30) days after deletion of the associated account, or eighteen (18) months following the User's most recent sign-in, whichever occurs first;
  • (c) Behavioral Data: twenty-four (24) months from collection in identifiable form, after which such data is aggregated or de-identified;
  • (d) Aggregated Information and De-Identified Information: indefinitely, on the basis that such information is no longer Personal Information;
  • (e) Consent records and consent-revocation records: seven (7) years from creation, retained as a defensive legal record and not containing Profile Data; and
  • (f) Records mott is required to retain by applicable law (including without limitation tax records associated with paid transactions): for the period required by such law.

11.2 Deletion on Request. Following receipt of a verifiable deletion request submitted under Section 9, mott will delete the requested Personal Information, except to the extent retention is required to comply with applicable law, complete a transaction that you initiated, detect or respond to malicious or fraudulent activity, or as otherwise permitted by Cal. Civ. Code § 1798.105(d) and analogous provisions.

12. Information Security

12.1 Safeguards. mott maintains administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, use, alteration, disclosure, or destruction. The safeguards include, without limitation: (a) encryption of Personal Information in transit using TLS 1.2 or higher, and at rest using AES-256 or an equivalent algorithm; (b) database row-level security policies on each table that contains Personal Information; (c) least-privilege access controls and multi-factor authentication for administrative access; (d) logical segregation of Identity Data, Profile Data, and Behavioral Data; (e) routine vulnerability scanning, dependency monitoring, and patch management; and (f) a documented incident response plan with a 72-hour notification target consistent with the most stringent applicable breach-notification Privacy Law.

12.2 No Guarantee. No security program is invulnerable. mott does not warrant that its safeguards will prevent every breach. In the event of a breach of security affecting Personal Information, mott will provide notice to affected Users and to relevant regulators in accordance with each applicable breach-notification law, including, without limitation, N.Y. Gen. Bus. Law § 899-aa, Cal. Civ. Code § 1798.82, and analogous statutes.

13. International Transfers

13.1 U.S. Processing. mott Processes Personal Information in the United States. If you access the Service from outside the United States, you acknowledge and consent to the transfer of your Personal Information to, and Processing in, the United States, which may not provide the same level of data-protection rights as your country of residence.

13.2 EEA, UK, and Swiss Users. mott does not market the Service to data subjects in the European Economic Area, the United Kingdom, or Switzerland and has not appointed a representative under GDPR Article 27 or UK GDPR Article 27. If you nonetheless access the Service from one of those jurisdictions, mott will honor the rights of access, rectification, erasure, restriction, portability, and objection, and your right to lodge a complaint with the supervisory authority of your country of residence. Requests should be sent to privacy@mott.money.

14. State-Specific Notices

14.1 California. This Policy is the notice at collection required by Cal. Civ. Code § 1798.100(b) and the privacy policy required by Cal. Civ. Code § 1798.130(a)(5). The following items summarize the disclosures required by Cal. Civ. Code § 1798.130(a)(5) for the twelve (12) months preceding the Effective Date:

  • (a) Categories of Personal Information collected: identifiers (Cal. Civ. Code § 1798.140(v)(1)(A)); commercial information (Cal. Civ. Code § 1798.140(v)(1)(D)); internet or other electronic network activity information (Cal. Civ. Code § 1798.140(v)(1)(F)); geolocation information at the city or ZIP-code level only (Cal. Civ. Code § 1798.140(v)(1)(G)); Sensitive Personal Information (Cal. Civ. Code § 1798.140(ae)), only where voluntarily provided; and inferences drawn from the foregoing (Cal. Civ. Code § 1798.140(v)(1)(K)).
  • (b) Sources of Personal Information: as described in Section 3.6.
  • (c) Business or commercial purposes for collection: as described in Section 4.1.
  • (d) Categories of third parties to whom Personal Information was disclosed for a business purpose: Service Providers only, as described in Section 5.2, plus any Partner you affirmatively elect to engage as described in Section 5.1.
  • (e) Categories of Personal Information sold or shared: none.
  • (f) Retention: as described in Section 11.1.
  • (g) Right to limit use of Sensitive Personal Information: as described in Section 6.1.

14.2 Comprehensive State Privacy Laws. If you are a resident of a state with a comprehensive consumer privacy law, you have the rights set forth in Section 9 to the extent and in the manner required by the applicable Privacy Law of your state. Such laws include, without limitation: the Virginia Consumer Data Protection Act, Va. Code §§ 59.1-575 to 59.1-585; the Colorado Privacy Act, Colo. Rev. Stat. §§ 6-1-1301 to 6-1-1313 and 4 Colo. Code Regs. § 904-3; the Connecticut Data Privacy Act, Conn. Gen. Stat. §§ 42-515 to 42-525 (as amended by Public Act No. 23-56); the Utah Consumer Privacy Act, Utah Code §§ 13-61-101 to 13-61-404; the Texas Data Privacy and Security Act, Tex. Bus. & Com. Code §§ 541.001 to 541.205; the Oregon Consumer Privacy Act, Or. Rev. Stat. §§ 646A.570 to 646A.589; the Montana Consumer Data Privacy Act, Mont. Code Ann. §§ 30-14-2801 to 30-14-2817; the Iowa Consumer Data Protection Act, Iowa Code §§ 715D.1 to 715D.9; the Delaware Personal Data Privacy Act, Del. Code tit. 6, §§ 12D-101 to 12D-111; the Tennessee Information Protection Act, Tenn. Code Ann. §§ 47-18-3201 to 47-18-3213; the New Jersey Data Protection Act, N.J. Stat. §§ 56:8-166.4 to 56:8-166.16; the New Hampshire Privacy Act, N.H. Rev. Stat. §§ 507-H:1 to 507-H:14; the Nebraska Data Privacy Act, Neb. Rev. Stat. §§ 87-1101 to 87-1116; the Minnesota Consumer Data Privacy Act, Minn. Stat. §§ 325O.01 to 325O.12; the Maryland Online Data Privacy Act, Md. Code Com. Law §§ 14-4601 to 14-4612; the Rhode Island Data Transparency and Privacy Protection Act, R.I. Gen. Laws §§ 6-48.1-1 et seq.; the Indiana Consumer Data Protection Act, Ind. Code §§ 24-15-1-1 to 24-15-12-3; and the Kentucky Consumer Data Protection Act, Ky. Rev. Stat. §§ 367.3611 to 367.3637.

14.3 Maryland. mott does not Process the Personal Information of a Maryland resident in a manner that is not reasonably necessary or proportionate to provide the Service; mott does not sell Sensitive Personal Information of a Maryland resident; and mott does not Process the Personal Information of a known minor under eighteen (18) years of age for purposes of targeted advertising, sale, or profiling that would produce legal or similarly significant effects, in accordance with Md. Code Com. Law § 14-4607.

14.4 Consumer Health Data Laws. Residents of Washington, Nevada, and Connecticut have the rights set forth in Section 6.2 in addition to those set forth in Section 9.

14.5 New York. mott implements the reasonable administrative, technical, and physical safeguards required by the New York Stop Hacks and Improve Electronic Data Security Act, N.Y. Gen. Bus. Law § 899-bb, and will provide breach notification consistent with N.Y. Gen. Bus. Law § 899-aa.

15. Modifications

mott may amend this Policy from time to time. The “Last Updated” date at the top of this Policy will reflect the date of the most recent material amendment. In the event of a material amendment, mott will provide notice not less than thirty (30) days prior to the effective date of such amendment by in-product banner, email to the address associated with your account, or both. Your continued use of the Service following the effective date of the amended Policy constitutes acceptance of the amendment. A change log of prior versions is available on written request to privacy@mott.money.

16. Contact

For any inquiry, request, or complaint under this Policy:

  • (a) Email: privacy@mott.money
  • (b) Postal Mail: Money on the Table, LLC, Attention: Privacy, c/o the Registered Agent on file with the Montana Secretary of State.

Residents of states with a dedicated privacy enforcement authority may also lodge a complaint with such authority. California residents may contact the California Privacy Protection Agency. Residents of other states may contact the office of their state attorney general.

Related pages