Privacy Policy

Effective Date:  June 1, 2020

Spence knows that you care about the privacy of your information, and Spence takes your privacy seriously.  This Privacy Policy explains how we collect, use and disclose personal information of users of our Services.  “Services” means any products, services, websites, and mobile applications offered to you by Spence.  The terms “we” and “us” are used throughout this Privacy Policy to refer to Spence.  

This Privacy Policy is incorporated into our Terms of Use.  We understand that privacy disclosures are an ongoing responsibility, and so we will from time to time update this Privacy Policy as we change our practices related to personal information (as described below).  By accessing the Services or submitting your personal information in connection with the Services, you agree to the collection and processing of your personal information as described in this Privacy Policy.  If you do not agree with any part of this Privacy Policy, do not use the Services.  

Information We Collect

We use the term “personal information” throughout this Privacy Policy to refer to information that identifies you, that is related to you, that describes you, or that is linked with you.  We do not consider “personal information” to include information that has been deidentified or aggregated (meaning the information no longer identifies and is no longer linked with a particular individual).

We collect the following categories of personal information from you when you actively share it with us (such as during account creation) and when you provide it to us passively through use of our Services.  We collect personal information from our service provider when you choose to connect your bank account to transfer money.  We also collect certain categories of personal information listed below from you when you choose to sync a non-Spence account/service with your Spence account (through the services of our third party provider, Yodlee, discussed below in more detail). 

  • First name and last name;
  • Email address;
  • Cellular/wireless phone number;
  • Financial institution account username and password;
  • The PIN that you select to verify purchases;
  • Financial information (details of your financial transactions, such as when and where payment occurs, names of transacting parties, payment or transfer amounts, and account balance) based on your settings with your account/service provider;
  • Date of birth
  • Geolocation data (information that identifies with reasonable specificity your location by using, for instance, longitude and latitude coordinates obtained through GPS, Wi-Fi, or cell site triangulation) when you grant permission to do so in your device settings;
  • Device information (your Internet Protocol –“IP”- address, device type and unique device identifiers;
  • Purchasing history or tendencies, such as products you have bought and other information about you collected through automated means, such as cookies, web beacons, and web server logs, including IP address, browser characteristics, device IDs and characteristics and operating system version;
  • Browsing history, search history and information regarding your interaction with our Services; and
  • Inferences drawn from the information above, such as your preferences, characteristics and behavior. 

Please note that if you do not consent to the collection of geolocation information, certain Services will not function properly and you will not be able to use those Services.  

In addition, you may decide to provide us with the name and email address of another if you utilize our “Invite a Friend” feature.  You provide this information so that we can communicate with that person about our Services and we will use that information in accordance with the terms of this Privacy Policy.

How We Use Your Personal Information

We use the personal information that we collect for the following purposes:

  • To verify your identity or other information;
  • To access information as it relates to your financial account (note that we do not store your usernames or passwords for financial institutions on our servers);
  • To send you security codes for “multi-factor authentication” and help protect the security of your account; 
  • To fulfill transactions and provide the Services;
  • To create a connection between your Spence account and a third-party bank account through use of the third party’s API;
  • To operate, improve and personalize the Service;
  • If you elect to share your geolocation information, to provide you with location-specific information, functionality and offers;
  • To respond to your comments and questions and otherwise provide customer service;
  • To understand and analyze patterns of use of our Services and trends;
  • To customize our advertising and marketing materials so that they are useful, relevant, valuable or otherwise of interest;
  • To help us develop new products and services and improve our existing products and services;
  • To ensure the Services function properly and to track logins;
  • For our business purposes, such as dispute resolution, audits and security, detection, prevention and mitigation of fraudulent or illegal activities; and
  • To enforce our Terms of Use or other applicable policies and for other uses that we may tell you about from time to time.

Third Party Accounts

Our service is connected by Envestnet | Yodlee. When you provide your login credentials to connect a third party account (“Data Source”) to your Spence account, Yodlee collects the financial information discussed above from the Data Source and provides it to us. Yodlee acts on our behalf in this process, which means we share the login credentials that you provide with Yodlee as one of our service providers. For more information on how Yodlee collects, uses, stores, and handles your data, please see Envestnet | Yodlee’s Commitment to its Clients and their Users ( If there is any inconsistency between Yodlee’s Commitment and this Privacy Policy regarding Yodlee’s activities, then Yodlee’s Commitment is correct.

Deidentified or Aggregated Data

We may use deidentified or aggregated data that does not identify a particular individual for any purpose, and the use and disclosure of such information is not subject to this Privacy Policy.  

How We Share Your Information with Third Parties

    • Third party service providers.  We sometimes use third-party service providers to act on our behalf, to process transactions and payments and provide other services related to the operation of our business. These service providers are only allowed to use your information in connection with the specific service they provide on our behalf.
    • Dispensaries.  To process transactions, we share your user ID (on an anonymous basis) with the dispensary where you are picking up product.
    • Legal purposes.  If required to do so by law or in the good faith belief that such action is appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
    • Corporate transactions.  With a potential or actual acquirer, successor, or assignee as part of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in bankruptcy or similar proceedings).
  • With your consent.

Spence does not share your personal information with third parties for their promotional or marketing purposes. 

Notice Regarding “Do Not Track” Signals

At this time, the Services are not able to respond to Do Not Track (DNT) signals. 

Third Party Services

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which the Services links. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.


We use certain safeguards that are designed to maintain the integrity and security of personal information that we collect.  Despite our efforts, please be aware that no security measures are perfect or impenetrable and thus we cannot and do not guarantee the security of your data. 

How You Can Access or Change Your Personal Information or Deactivate Your Account

You can review and update your personal information or deactivate your account in your user profile at any time by logging into your account. You may opt-out of receiving promotional email communications from us by following the unsubscribe options on such communications. Your personal information may persist in historical or archived copies if needed for legal or other legitimate business reasons. 

Your California Privacy Rights

California residents may exercise certain privacy rights pursuant to the California Consumer Privacy Act of 2018.  Your right to submit certain requests to us as a California resident are described below. You may designate an authorized agent to make the requests below on your behalf.  An authorized agent must submit proof to us that he or she has been authorized by you to act on your behalf, and you will need to verify your identity directly with us.

  • Verification of Requests

Please note that when submitting a request, you will be asked to provide information to verify your identity or authority to make the request before action is taken.  

We will generally try to avoid requesting additional information from you for the purpose of verification, but we may need to do so if we cannot verify your identity based on the information already maintained by us. If we request additional information to verify your identity, it will be for that purpose only, and will be deleted as soon as practical after processing the request, except as otherwise provided by law. Verification is required in order to confirm that the person submitting the request to know or request to delete is the person to whom the information relates, and to prevent unauthorized access or deletion of information. The specific steps taken to verify the identity of the requesting person may vary based on the nature of the request, including the type, sensitivity and value of the information requested, the risk of harm posed by unauthorized access or deletion, the likelihood that fraudulent or malicious actors may seek the information, the robustness of personal information provided to verify your identity, the nature of our business relationship with you, and available technology for verification. 

You may designate an authorized agent to make the requests below on your behalf. An authorized agent must submit proof to us that he or she has been authorized by you to act on your behalf, and you will need to verify your identity directly with us through the process described below. 

The following generally describes the verification processes we use:

  • Password Protected Accounts. If you have a password-protected account with us, we may use existing authentication practices to verify your identity, but will require re-authentication before disclosing or deleting data. If we suspect fraudulent or malicious activity relating to your account, we will require further verification (as described below) before complying with a request to know or delete.
  • Verification for Non-Accountholders. If you do not have, or cannot access, a password-protected account with us, we will generally verify your identity as follows:
    • For requests to know categories of personal information, we will verify your identity to a reasonable degree of certainty by matching at least two data points provided by you with reliable data points maintained by us.
    • For requests to know specific pieces of personal information, we will verify your identity to a reasonably high degree of certainty by matching at least three data points provided by you with reliable data points maintained by us. We will also require a declaration, signed under penalty of perjury, that the person requesting the information is the person whose information is the subject of the request or that person’s authorized representative. We will maintain all signed declarations as part of our records.
    • For requests to delete personal information, we will verify your identity to a reasonable degree or a reasonably high degree of certainty depending on the sensitivity of the personal information and the risk of harm posed by unauthorized deletion. We will act in good faith when determining the appropriate standard to apply. 

If there is no reasonable method by which we can verify your identity, we will state so in response to a request to know or delete personal information, including an explanation of why we have no reasonable method to verify your identity.

  • Right To Request More Information

We generally describe in this privacy policy how we collect, use, and share your personal information.  In addition to what is described above, if you are a California resident, you also have the right to request more information regarding the following, to the extent applicable in the past 12 months:

  1. The categories of personal information we have collected about you.
  2. The categories of sources from which we have collected your personal information.
  3. The business or commercial purpose why we collected or, if applicable, sold your personal information.
  4. The categories of third parties with whom we shared your personal information.
  5. The specific pieces of personal information we have collected about you.
  6. The categories of personal information that we have shared with third parties about you for a business purpose.
  7. A list of all third parties to whom we have disclosed personal information, as defined under California Civil Code Section 1798.83(e) (a/k/a the “Shine the Light Law”), during the preceding year for third-party direct marketing purposes.

You may submit a request for the information above by calling us at (855) 773-6232, emailing us at [email protected], submitting a completed form available here.

Please note that due to the different requirements of the applicable laws, our response times may vary depending on the specific type(s) of information sought. We respond to all verifiable requests for information as soon as we reasonably can, and no later than legally required

In connection with submission of your request, we will take steps to verify your identity as outlined below, and you will need to verify your identity before action is taken.

  • Right To Request Deletion Of Your Personal Information

You have the right to request that we delete your personal information collected or maintained by us, subject to certain exceptions.  Once we receive and verify your request, we will let you know what, if any, personal information we can delete from our records, and we will direct any service providers with whom we shared your personal information to also delete your personal information from their records.  There may be circumstances where we cannot delete your personal information or direct service providers to delete your personal information from their records.  For example, if we need to:  (1) retain your personal information to complete a transaction or provide a good or service; (2) detect security incidents; (3) protect against unlawful activities; (4) identify, debug or repair errors; or (5) comply with a legal obligation.  You may submit a request to delete your personal information by calling us at (855) 773-6232, emailing us at [email protected], or submitting a completed form available here. If your request is submitted online, we will contact you to confirm that you want your personal information deleted. 

  • Right to Opt-Out of Our Selling of Personal Information

We do not and will not sell your personal information to third parties.  As such, there is no need to submit a request for us to not sell your personal information.  If you have any questions, feel free to contact us at (855) 773-6232 or [email protected].

  • Right to Non-Discrimination for the Exercise of California Resident’s Privacy Rights

In addition to the rights listed above, by exercising any of the above listed privacy rights conferred by the California Consumer Privacy Act of 2018, you have the right not to receive discriminatory treatment by us.  This means that, consistent with California law, we will not deny providing goods or services to you, charge you different prices or provide a different level or quality of goods and services to you unless those differences are related to the value of your information.

Your Nevada Privacy Rights

If you reside in Nevada, you have the right to direct us to not sell your covered information, as defined in Chapter 603A of the Nevada Revised Statutes.  We do not and will not sell your personal information to third parties.  As such, there is no need to submit a request for us not to sell your personal information.  If you have any questions, please contact us at our designated request address at [email protected].

Children’s Information

Spence does not intend for children under the age of 16 to use the Services or submit information.  If we learn that we have collected personal information from a child under the age of 16, we will delete that information from our records, unless we are legally required to retain it.  Contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of 16.    

Updates to This Privacy Policy

We may make changes to this Privacy Policy. The “Effective Date” or “Last Updated” date at the top of this page indicates when this Privacy Policy was last revised. If we make material changes, we may notify you by doing one of the following: (i) posting an updated version, and the new effective date on the Services, (ii) notifying you in a banner pop-up or, or (iii) by sending you an email or other communication. We encourage you to read this Privacy Policy periodically to stay up to date about our privacy practices. Your use of the Services following these changes means that you accept the revised Privacy Policy.

Additional Information

If you have any questions regarding our privacy practices or this policy, please contact us at:

By mail at: 910 W. VanBuren St., Suite 100-317, Chicago, IL 60607

By email at: [email protected]

By online submission at: