Onsetto
Home Features How It Works Insights Press About Us
Contact Us

Privacy Policy

How we collect, use, and protect your information

Effective Date: October 27, 2025

Onsetto, Inc. (“Onsetto,” “we,” “our,” or “us”) provides financial technology solutions that enable financial institutions to facilitate business account transitions by automating the identification, migration, and re-establishment of account-related dependencies (the “Platform”). This Privacy Policy explains how we collect, use, disclose, and protect personal and business information through our website (onsetto.com) and the Onsetto Platform (collectively, the “Services”).

1. Overview and Scope

This Privacy Policy applies to information collected through our Services, including information provided by financial institutions, their employees, and their business customers (collectively, “Users”). It also covers information that may be collected through integrations with trusted third parties. This Policy applies regardless of how you access the Services, including via a web browser or API integration.

2. Information We Collect

We collect information, including personal information, directly from Users, from financial institutions that use the Platform, and from third-party integrations. The types of information we may collect include:

  • Contact Information: Name, business name, email address, phone number, and mailing address.
  • Account Information: Login credentials, user role, and access permissions.
  • Financial and Transactional Information: Account numbers, routing numbers, ACH templates, payee and payer information, and related financial metadata provided by the User or the financial institution.
  • Banking and Business Data: Payroll connections, accounting system data, business entity details (e.g., EIN, addresses), and configuration data necessary for account migration.
  • Device and Network Data: IP address, browser type, operating system, device identifiers, and platform usage analytics.
  • Support and Communication Data: Information provided in inquiries, feedback, or technical support interactions.
  • Compliance and Verification Data: Information used for identity verification or compliance purposes, where required by our financial institution partners.

For purposes of this Privacy Policy, “personal information” means any information that identifies, relates to, describes, or could reasonably be associated with a particular individual or, where applicable, a business contact person. This may include identifiers such as name, email address, telephone number, account credentials, or other data linked to a specific user or account.

Where required by applicable laws, such as the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), “personal information” also includes any data that falls within those statutory definitions. Certain information processed by Onsetto on behalf of financial institutions may be exempt from such laws under the Gramm-Leach-Bliley Act (GLBA) and other financial privacy regulations.

This definition is intended to be interpreted broadly to encompass the various privacy and data protection laws that may apply to Onsetto’s operations.

3. How We Use Information

We use collected information for legitimate business purposes, including to:

  • Provide, operate, and maintain the Services.
  • Enable secure data migration, account setup, and platform functionality.
  • Support customer service, technical support, and troubleshooting.
  • Conduct analytics to improve the Services and ensure compliance with financial institution requirements.
  • Enforce our agreements, comply with applicable laws, and protect the integrity and security of our Platform.
  • Communicate updates, product notices, and service-related information.
  • Perform data aggregation and anonymization for internal analysis and system improvement.

4. Legal Basis for Processing (if applicable)

Where required by applicable law (e.g., GDPR), our processing of personal data is based on one or more of the following legal grounds: (i) performance of a contract; (ii) compliance with legal obligations; (iii) legitimate interests; or (iv) consent, where applicable.

5. Data Sharing and Disclosure

We do not sell or rent personal information. We may share information in the following ways:

  • Financial Institution Partners: We provide the Platform as a service provider or data processor to financial institutions. Each institution is the controller of data within its tenant environment.
  • Service Providers: With vendors who support operations, including hosting (AWS), analytics, and customer support.
  • Plaid Integration: When Users choose to connect financial accounts, they interact directly with Plaid. Onsetto does not see or store bank credentials. For details, see Plaid’s Privacy Policy at https://plaid.com/legal/privacy-statement/.
  • Corporate Transactions: In connection with mergers, acquisitions, or sales of assets.
  • Legal and Regulatory Disclosures: To comply with applicable laws, respond to lawful requests, and protect Onsetto’s rights.

Relationship with Financial Institution Partners

When you use Onsetto’s Platform through your financial institution, Onsetto may collect and process certain information on behalf of that institution to facilitate account transitions and related services. In such cases, your financial institution is the entity responsible for your information and its use is governed by that institution’s privacy notice.

Onsetto acts as a service provider or data processor under applicable laws, including the Gramm-Leach-Bliley Act (GLBA) and relevant state privacy laws. Certain information processed by Onsetto on behalf of financial institutions may be excluded from consumer privacy laws that do not apply to information collected under the GLBA.

We encourage you to review your financial institution’s privacy policy for details on their privacy practices. Onsetto is not responsible for, and does not control, the data-handling practices of its financial institution partners.

6. International Data Transfers

Onsetto operates primarily in the United States, but data may be transferred to other jurisdictions for processing consistent with this Policy. When required, we use appropriate safeguards such as standard contractual clauses to ensure data protection.

7. Data Security

Onsetto employs administrative, technical, and physical safeguards to protect data. We leverage Amazon Web Services (AWS) within a tenant-based environment, where each financial institution and its customers operate within logically isolated environments. Data is encrypted in transit and at rest. Onsetto follows the SOC 2 Trust Services Criteria for security and adheres to the AWS Shared Responsibility Model. However, please be aware that despite our best efforts, no security measures are perfect or impenetrable. No data transmission over the internet is 100% secure; we cannot ensure or warranty the security of the information you provide to us and you do so at your own risk.

8. Data Retention

We retain personal and business information as long as necessary for legitimate business purposes, to comply with our legal obligations, or as directed by our financial institution partners. Once retention is no longer required, we securely delete or anonymize the data.

9. Third-party websites

You should be aware that when you provide information to us using a third-party site or platform (e.g., a social media platform), the information you provide may be separately collected by the third-party site or platform and is subject to the third-party site or platform’s privacy practices. Please also keep in mind that our Services may contain links to other sites not owned or controlled by us and we are not responsible for the privacy practices of those sites. We encourage you to be aware when you leave our Services and to read the policies of other sites that may collect your personal information.

10. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal information, including rights to access, correct, or delete your data. You may also have the right to restrict or object to certain processing. Requests can be directed to support@onsetto.com.

We respect your right to make choices about the ways we collect, use, and disclose your information, so we try to offer you meaningful choices regarding your personal information. Some choices you have regarding personal information include the following.

  • Account Management – You can correct or update the information relating to your account by accessing your account settings. You can also use features in our Services to request the removal of any content you publish on our platform.
  • Marketing Emails – As required by applicable laws, you can opt-out of receiving promotional emails from us by clicking the “opt out,” “unsubscribe,” or similar link in any such promotional emails and following the instructions provided.
  • Cookies – Depending on your browser or device, you may have the option to set the browser to accept all cookies, reject all cookies, notify you when a cookie is set, or delete cookies. Each browser and device is different, so we recommend you evaluate the tools and settings available in your browser or device, as well as any available instructions for the same. Please note that if you disable or delete cookies, you may not be able to access or use certain features of the Services. Please also note that disabling cookies may not affect how pixels, tags, and web beacons function. Those technologies may still collect your personal information. To learn more, review our Cookie Policy at https://onsetto.com/cookie-policy/
  • Analytics – As discussed above, we use analytics tools in connection with the Services. If you would like to refrain from having your data collected by Google Analytics, Google has developed an opt-out browser that you can use at https://tools.google.com/dlpage/gaoptout?hl=en-US. You can find more information on how Google uses information it collects at https://policies.google.com/technologies/partner-sites.
  • Interest-Based Advertising – To opt-out of personalized or interest-based advertisements, you may be able to adjust the settings on your device. Please go to your device settings and opt-out through the controls provided through Google/Android or iOS, as applicable. Each operating system, iOS for Apple phones, Android for Android devices and Windows for Microsoft devices, has its own instructions on how to prevent the delivery of interest-based advertisements. (We cannot guarantee that these instructions will not change, or that they will continue to be available; they are controlled by each mobile platform, not us.). For any other devices and/or operating systems, please visit the privacy settings for the applicable device or contact the applicable platform operator. Users can opt out of Google’s use of cookies for advertising, including DoubleClick cookies, by visiting Google’s Ads Settings page. Users can opt out of third-party advertising cookies from a wide range of advertising services, including Google, by visiting the Network Advertising Initiative’s Opt-Out page. You can also visit https://optout.aboutads.info for more information about how to opt out of interest-based advertisements.
  • Declining to Provide Information – You can choose not to provide us with information we may request through our Services, but that may result in you being unable to use certain features of our Services, request information about us, or initiate other transactions with us.
  • Do Not Track Mechanisms – Please note that our Services do not honor “Do Not Track” signals, and such signals will not impact the operation of the Services.

Please be aware that if you do not allow us to collect personal information from you, we may not be able to deliver certain experiences, products, and services to you, and some of our Services may not be able to take account of your interests and preferences. If you have questions about the specific personal information about you that we process or retain, and your rights regarding that personal information, please contact us at support@onsetto.com.

11. Compliance with Applicable Laws

Onsetto complies with applicable privacy laws and regulations, including the Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act (CCPA), and other U.S. state laws. To the extent we process data subject to the GDPR, we act as a data processor on behalf of financial institutions that are data controllers.

California Residents
California Civil Code § 1798.83 (California’s Shine the Light Act) permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. If you are a California resident, you may ask us to refrain from sharing your personal information with certain of our affiliates and other third parties for their direct marketing purposes. Please tell us your preference by contacting us at the contact information below.

Nevada Residents
Under Nevada law, certain Nevada consumers may opt out of the sale of “covered information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Covered information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online. We do not engage in such activity; however, if you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law by emailing us.

12. Children’s Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we learn that we have collected personal data from a minor, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. Any updates will be posted on our website with the effective date revised accordingly. Continued use of the Services after updates constitutes acceptance of the revised Policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at support@onsetto.com.