Green Privacy Policy

Last updated: February 2026

This Privacy Policy describes how Green, Inc. ("Green," "we," "us," or "our") collects, uses, discloses, and otherwise processes your personal information when you use the Green mobile application or visit our website at Green (collectively, the "Services"). By using our Services, you consent to the practices described in this Privacy Policy.

Information We Collect About You

We collect information about you to provide our Services, verify your identity, process transactions, and comply with applicable laws. The categories of information we collect include the following.

When you create an account or use our Services, we collect identification information such as your name, email address, phone number, date of birth, and mailing address. We also collect authentication information you use to log in to your account.

To verify your identity and comply with regulatory requirements, we may collect additional identification information such as your government-issued identification documents, including your passport, driver's license, or national identification card, as well as a government issued identification number, such as a Social Security Number, where required by law.

We collect financial information necessary to provide our Services, including bank account numbers, payment card numbers, and cryptocurrency wallet addresses that you link to your account.

When you use our Services to send or receive payments, we collect transaction information such as the names of the parties involved, the payment amounts, the date and time of transactions, and descriptions or notes associated with those transactions.

We automatically collect device and usage information when you access our Services, including your IP address, device type, operating system, browser type, unique device identifiers, and information about how you interact with our Services.

We may collect biometric information as part of our identity verification process. Specifically, when you submit a photograph of yourself during account verification, we may extract facial geometry data from that image to compare it against your identification documents. We describe our collection and use of biometric information in more detail below.

Biometric Information

As part of our identity verification process, we collect biometric information derived from photographs you submit. This biometric information consists of facial geometry data extracted from your selfie photograph, which is used to verify that you are the same person depicted in your government-issued identification document.

Before we collect any biometric information from you, we will ask for your consent through an in-app consent screen. You may decline to provide biometric information, but this may limit your ability to use certain features of our Services that require identity verification.

We use biometric information solely for purposes of verifying your identity, preventing fraud, and complying with applicable laws and regulations. We do not sell, lease, trade, or otherwise profit from your biometric information. Your biometric information is stored securely using encryption and is retained only for as long as necessary to fulfill the purposes for which it was collected. We will permanently destroy your biometric information within three years of your last interaction with our Services, or sooner if the purpose for which it was collected has been satisfied, unless a longer retention period is required by law.

If you have questions about our use of biometric information or wish to request deletion of your biometric information, you may contact us at privacy@Green.com.

How We Use Your Information

We use the information we collect to provide, maintain, and improve our Services. This includes processing your transactions, verifying your identity, displaying your transaction history, and responding to your requests for customer support.

We use your information to protect our Services and maintain a trusted environment. This includes detecting and preventing fraud, investigating suspicious activity, enforcing our terms of service, and complying with applicable laws and regulations.

We use your information to communicate with you about your account and our Services, including sending you transaction confirmations, security alerts, and other service-related messages.

We may use your information to personalize your experience with our Services and to develop new products and features.

We use your information to comply with legal obligations, respond to lawful requests from government authorities, and protect our rights and the rights of others.

When and With Whom We Share Your Information

We share your information with other users of our Services when you send or receive payments. For example, when you send a payment to another user, we share your name and other relevant transaction details with that user.

We share your information with service providers who help us operate our Services. This includes identity verification providers, cloud hosting providers, payment processors, and customer support providers. These service providers are contractually obligated to use your information only for the purposes of providing services to us and to maintain the confidentiality of your information.

We may share your information with financial partners such as banks and payment networks as necessary to facilitate transactions and provide our Services.

We may share your information with government authorities, law enforcement, or other third parties when we believe in good faith that disclosure is required by law, to comply with legal process, to protect the safety of any person, to address fraud or security issues, or to protect our rights or property.

We may share your information in connection with a merger, acquisition, reorganization, or sale of all or a portion of our assets, in which case the acquiring entity will be subject to the terms of this Privacy Policy.

International Data Transfers

Your information is stored and processed on servers located in the United States. If you are located outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

By using our Services, you consent to the transfer of your information to the United States. Where required by applicable law, we implement appropriate safeguards for international data transfers, including standard contractual clauses approved by relevant authorities.

How Long We Keep Your Information

We retain your information for as long as necessary to provide you with our Services and for as long as we have a legitimate business need to do so. After you close your account, we retain your information for a period of time consistent with our legal obligations, including obligations under anti-money laundering and tax laws, which generally require us to retain records for at least five years.

Even after you close your account, we may retain certain information as necessary to comply with legal obligations, resolve disputes, enforce our agreements, and for other legitimate business purposes.

Your Rights and Choices

You may access, correct, or update your account information at any time by logging into your account or by contacting us at privacy@Green.com.

You may request deletion of your account and personal information by contacting us at privacy@Green.com. Please note that we may be required to retain certain information to comply with legal obligations or for other legitimate purposes.

You may opt out of receiving promotional communications from us by following the unsubscribe instructions included in those communications. Even if you opt out of promotional communications, we will continue to send you transactional and service-related communications.

You may control the collection of location information through your device settings. If you disable location services, certain features of our Services may not function properly.

Data Security

We implement technical and organizational measures designed to protect your information from unauthorized access, use, or disclosure. These measures include encryption of data in transit and at rest, access controls, and regular security assessments. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee the absolute security of your information.

Children's Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under the age of 13. If we learn that we have collected personal information from a child under the age of 13, we will take steps to delete that information as quickly as possible. If you believe that we may have collected personal information from a child under the age of 13, please contact us at privacy@Green.com.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes to this Privacy Policy, we will notify you by posting the updated policy on our website and, where required by law, by providing you with additional notice. Your continued use of our Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

Additional Information for Residents of Certain Jurisdictions

Depending on where you reside, you may have additional rights under applicable privacy laws. This section provides additional information for residents of certain jurisdictions.

United States

If you are a resident of California, you have certain rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act. You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected that information, the business or commercial purposes for which we collect or sell that information, and the categories of third parties with whom we share that information. You have the right to request deletion of your personal information, subject to certain exceptions. You have the right to correct inaccurate personal information. You have the right to opt out of the sale or sharing of your personal information. We do not sell your personal information. You have the right not to be discriminated against for exercising your privacy rights. To exercise these rights, please contact us at privacy@Green.

If you are a resident of Illinois, you have certain rights under the Illinois Biometric Information Privacy Act. Before collecting any biometric information, we will provide you with written notice of the specific purpose and length of time for which your biometric information will be collected, stored, and used, and we will obtain your written consent. We will not sell, lease, trade, or otherwise profit from your biometric information. We will store, transmit, and protect your biometric information using reasonable security measures. We will permanently destroy your biometric information when the initial purpose for collecting it has been satisfied or within three years of your last interaction with our Services, whichever occurs first.

If you are a resident of Texas, you have certain rights under the Texas Capture or Use of Biometric Identifier Act. We will not capture your biometric identifier for a commercial purpose without first informing you and receiving your consent. We will not sell, lease, or otherwise disclose your biometric identifier unless disclosure is required or permitted by law. We will store, transmit, and protect your biometric identifier using reasonable care and will destroy it within a reasonable time, but not later than the first anniversary of the date the purpose for collecting it expires.

European Economic Area, United Kingdom, and Switzerland

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data on the basis of contractual necessity to provide our Services to you, compliance with legal obligations, our legitimate interests in operating and improving our Services, and your consent where required. You have the right to access your personal data, rectify inaccurate data, erase your data in certain circumstances, restrict or object to certain processing, data portability, and to lodge a complaint with a supervisory authority. To exercise these rights, please contact us at privacy@Green.com. We transfer personal data from the EEA, UK, and Switzerland to the United States in accordance with the EU-US Data Privacy Framework and, where applicable, standard contractual clauses.

Argentina

If you are located in Argentina, we process your personal data in accordance with the Ley General de Proteccion de Datos Personales. You have the right to confirmation of the existence of your data, as well as correction of incomplete or inaccurate data, anonymization or blocking of unnecessary data, data portability, deletion of data processed, information about entities with whom we share your data, information about the possibility of denying consent and its consequences, and revocation of consent. To exercise these rights, please contact us at privacy@Greencom.

Brazil

If you are located in Brazil, we process your personal data in accordance with the Lei Geral de Protecao de Dados. You have the right to confirmation of the existence of your data, correction of incomplete or inaccurate data, anonymization or blocking of unnecessary data, data portability, deletion of data processed with your consent, information about entities with whom we share your data, information about the possibility of denying consent and its consequences, and revocation of consent. To exercise these rights, please contact us at privacy@Green.com.

Colombia

If you are located in Colombia, we process your personal data in accordance with the Ley General de Proteccion de Datos Personales, which includes the right to privacy and the right to data rectification. You have the right to confirmation of the existence of your data, correction of incomplete or inaccurate data, anonymization or blocking of unnecessary data, data portability, deletion of data processed with your consent, information about entities with whom we share your data, information about the possibility of denying consent and its consequences, and revocation of consent. Requests concerning the processing of financial data must be resolved within fifteen (15) working days from the date of receipt of the communication. If a prompt resolution is not given within this timeframe, the request is presumed accepted for all legal purposes. To exercise these rights, please contact us at privacy@Green.com.

Mexico

If you are located in Mexico, we process your personal data in accordance with the Ley Federal de Proteccion de Datos Personales en Posesion de los Particulares. You have the right to access your personal data, rectify inaccurate data, request cancellation of your data, and object to certain processing. To exercise these rights, please contact us at privacy@Green.com.

Turkey

If you are located in Turkey, we process your personal data in accordance with the Kisisel Verilerin Korunmasi Kanunu. You have the right to learn whether your personal data has been processed, to request information about processing, to learn the purpose of processing, to know third parties to whom your data is transferred, to request correction of incomplete or inaccurate data, to request deletion or destruction of your personal data, and to object to processing. We transfer personal data from Turkey to the United States using standard contractual clauses approved by the Turkish Personal Data Protection Authority. To exercise these rights, please contact us at privacy@Green.com.

Saudi Arabia

If you are located in Saudi Arabia, we process your personal data in accordance with the Personal Data Protection Law. You have the right to be informed about the collection and use of your personal data, to access your personal data, to request correction of inaccurate data, and to request destruction of your personal data when it is no longer necessary. We transfer personal data from Saudi Arabia to the United States using standard contractual clauses and appropriate safeguards. To exercise these rights, please contact us at privacy@Green.com.

United Arab Emirates

If you are located in the United Arab Emirates, we process your personal data in accordance with applicable data protection laws. You have the right to access your personal data, request correction of inaccurate data, request deletion of your personal data, and withdraw your consent to processing. By using our Services, you consent to the transfer of your personal data to the United States. To exercise these rights, please contact us at privacy@Green.com.

How to Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at privacy@Green.com or by mail at Green, Inc., 180 Montgomery, Ste 1800, San Francisco, 94104, United States.

Privacy Notice

What do Green, Inc. and Erebor Bank, N.A. do with your personal information?

Green is not an FDIC-insured bank. FDIC insurance covers the failure of an FDIC-insured bank. Banking services are provided by Erebor Bank, N.A., Member FDIC.

Facts What does Erebor Bank, N.A. do with your personal information?
Why? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What? The types of personal information we collect and share depend on the product or service you have with us. This information can include:
  • Social Security number
  • Transaction history
  • Income
  • Payment history
  • Account balances
  • Wire transfer instructions

When you are no longer our customer, we continue to share your information as described in this notice.

How? All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons Erebor Bank, N.A. chooses to share; and whether you can limit this sharing.
Reasons we can share your personal information Does Erebor Bank, N.A. share? Can you limit this sharing?
For our everyday business purposes, such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus Yes No
For our marketing purposes, to offer our products and services to you Yes No
For joint marketing with other financial companies No We don't share
For our affiliates' everyday business purposes, information about your transactions and experiences No We don't share
For our affiliates' everyday business purposes, information about your creditworthiness No We don't share
For nonaffiliates to market to you No We don't share

Questions? Call 614-233-1797 or go to erebor.bank.

Who We Are

Who is providing this notice? Erebor Bank, N.A.

What We Do

How does Erebor Bank, N.A. protect my personal information? To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings. We also limit access to information to those employees for whom access is needed to perform their job responsibilities.
How does Erebor Bank, N.A. collect my personal information? We collect your personal information, for example, when you:
  • Open an account
  • Make deposits or withdrawals from your account
  • Apply for a loan
  • Deposit money
  • Make a wire transfer
Why can't I limit all sharing? Federal law gives you the right to limit only:
  • Sharing for affiliates' everyday business purposes, information about your creditworthiness
  • Affiliates from using your information to market to you
  • Sharing for nonaffiliates to market to you

State laws and individual companies may give you additional rights to limit sharing.

Definitions

Affiliates Companies related by common ownership or control. They can be financial and nonfinancial companies.
  • Erebor Bank, N.A. has no affiliates.
Nonaffiliates Companies not related by common ownership or control. They can be financial and nonfinancial companies.
  • Erebor Bank, N.A. does not share with nonaffiliates so they can market to you.
Joint Marketing A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
  • Erebor Bank, N.A. doesn't jointly market.

Other Important Information

California. In accordance with California law, we will not share information we collect about California residents with nonaffiliates except as permitted by law, such as with the consent of the customer or to service the customer's accounts. Vermont. In accordance with Vermont law, we will not share information we collect about Vermont residents with nonaffiliates except as permitted by law, such as with the consent of the customer or to service the customer's accounts.

For Alaska, Illinois, Maryland and North Dakota Customers. In accordance with applicable law, we will not share personal information with nonaffiliates either for them to market to you or for joint marketing without your authorization.

For Massachusetts, Mississippi and New Jersey Customers. In accordance with applicable law, we will not share personal information from deposit or share relationships with nonaffiliates either for them to market to you or for joint marketing without your authorization.