Privacy Policy
Last updated: December 1, 2025
This Privacy Policy describes how Forward Technology, Inc. DBA Worthy ("we," "us," or "our") collects, uses, discloses, protects, and retains your personal information when you access or use our credit-monitoring services, credit analysis tools, referral/affiliate offers, and any related education/coaching services (collectively, the "Services"). By using the Services, you agree to the terms of this Privacy Policy and our Terms of Service. If you do not agree with this policy, please do not use the Services.
1. Information We Collect
1.1 Information You Provide
We collect information you directly provide when you enroll, use, or interact with our Services, including:
- Your name, address, email address, phone number, date of birth, Social Security number (or other government ID), citizenship or residency status, and other identifiers.
- Your credit profile data, information you supply about your financial goals or credit history, coaching/referral preferences, and your responses to questionnaires or surveys.
- Payment and billing information if you purchase any paid aspect of the Services or affiliated product offer.
- Communications you send us (e-mail, chat, support requests, feedback, forum posts if applicable).
1.2 Information We Automatically Collect
When you use our Services, we may automatically collect information about your device, usage, and interactions, including:
- IP address, browser type, operating system, and device identifiers.
- Usage data (pages visited, features used), logs, error reports, crash logs.
- Location data if/where permitted.
- Cookies, web beacons and similar technologies to support the Services, enhance user experience, and deliver offers or referrals.
1.3 Credit & Consumer-Report Data
Because our Services include credit-monitoring and analysis, we obtain and process credit report data, consumer-reporting agency data, credit-score information, alerts about changes or events in your credit report, and other data about your credit profile or identity (for example: new accounts, inquiries, public records, collections, tradeline changes). We use this data to provide you with educational tools, alerts, offers, coaching/referral matches, and other Services.
We collect and use this data under permissible purposes and applicable laws (including the Fair Credit Reporting Act) as applicable.
2. How We Use Your Information
We use your information for a variety of business and operational purposes, including:
- Providing and administering the Services to you (including account setup, monitoring, alerts, coaching tools, referral offers).
- Matching you with products, offers or referrals for affiliated third-party products (where you have opted-in or allowed us to do so) and determining eligibility for offers.
- Personalizing your experience, generating insight, coaching recommendations, and simulators (for example, estimating impacts of credit decisions).
- Communication and marketing: sending you alerts, educational materials, promotional offers, updating you about new features or affiliated products.
- Fraud detection, identity-theft monitoring, security, and compliance with legal/regulatory obligations.
- Improving our Services, internal analytics, research, product development, and aggregated de-identified reporting.
- Legal and business purposes: investigating issues, enforcing our Terms of Service, responding to law-enforcement or regulatory requests, mergers/acquisitions, transfers of business.
3. Disclosure of Your Information
We may disclose or share your information as follows:
- To credit-reporting agencies and other third parties who supply data necessary to monitor your credit profile or enable alerts.
- To third-party service providers, vendors, contractors and agents who perform services on our behalf (host, cloud, data-analytics, marketing, etc.) under confidentiality obligations.
- To affiliated businesses, partners or third parties providing referral/offers (only when you have opted in for such offers).
- To comply with legal obligations, respond to subpoenas, regulatory requests, or investigations; or to protect our rights, property or safety of users.
- In connection with a merger, acquisition, sale of assets, reorganization, or financing (your data may be transferred to successor entity).
- With your consent or as you direct (for example, you ask us to share data with a particular third-party).
We will not sell your personal data for monetary consideration to unaffiliated third parties unless you have expressly opted in (or as required by applicable laws/disclosures).
4. Your Privacy Rights
Depending on your jurisdiction and applicable law, you may have the following rights regarding your personal information:
- The right to access or obtain a copy of the personal information we hold about you.
- The right to correct or update your personal information.
- The right to request deletion of your personal information (subject to legal/contractual retention obligations).
- The right to object to or restrict certain processing of your information.
- The right to opt-out of marketing communications or affiliate product offers.
- The right to withdraw consent where processing is based on consent, to the extent permitted by law.
To exercise your rights, please contact us at privacy@askworthy.ai or via your account settings (if applicable). We may require identity verification and will respond within applicable timelines.
5. Data Retention
We retain your personal information only as long as necessary for the purposes set out in this Privacy Policy, to provide the Services to you, and to comply with legal/regulatory obligations. Once no longer required, we will securely delete, anonymize or aggregate your information.
For credit-report data or alerts, we will retain data in accordance with our monitoring contract obligations, regulatory requirements, and legitimate business needs.
6. Security
We employ reasonable organizational, technical, and administrative safeguards designed to protect your personal information from unauthorized access, use, disclosure, alteration or destruction. These measures include encryption (in transit and at rest), authentication, access-controls, secure infrastructure, and regular review of our security practices. However, no method of transmission over the Internet or electronic storage is 100 % secure. We cannot guarantee absolute security of your information.
7. International Transfer
Our Services are intended for U.S. residents (and U.S. territories). If we transfer your personal information to jurisdictions outside the U.S. (for example, our service providers abroad), we will implement appropriate protections and safeguards to ensure the transferred data continues to benefit from adequate privacy protections consistent with this policy.
8. Children's Privacy
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected such information, we will take steps to delete it.
9. Affiliate & Referral Offers / Third-Party Products
Because part of our business involves offering affiliate or referral opportunities or upsold products through third-parties, we include the following:
- We may share some of your information (such as basic profile, eligibility data or consented information) with third-party partners for the purpose of presenting you with offers or referrals — only if you have opted in or given us consent.
- You should review separate privacy or terms provided by those third-party partners when you click or accept an offer. We do not control those third-parties' actions or their privacy practices.
- Our offering of referral/affiliate opportunities does not mean we endorse or guarantee the services/products of the partner. Your relationship and agreement is directly with the partner when you accept an offer.
10. Changes to This Privacy Policy
We may update or modify this Privacy Policy at any time. When we do, we will post the revised version on our website and update the "Last updated" date. If changes are material, we will provide notice per applicable law (e.g., via e-mail or in your account). Your continued use of our Services after changes constitutes acceptance.
11. California Privacy Policy & Notice (CCPA/CPRA) For California Residents
This section supplements the Worthy Privacy Policy and applies only to California residents. It is provided pursuant to the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA").
California law requires us to disclose the categories of personal information we collect, the purposes for which we collect it, and the categories of third parties with whom we share it. Because we collect different types of information depending on how you use Worthy's Services, not every category listed below will apply to every user.
We may disclose any of these categories to government entities or other third parties as required by law, to protect against fraud or illegal activity, or to comply with legal obligations.
Worthy does not sell personal information for monetary consideration, and has not sold personal information in the past 12 months. Worthy may "share" personal information for cross-context behavioral advertising only if you opt-in (and you may opt-out at any time).
Categories of Personal Information Collected & Categories of Recipients
Category 1 — Identifiers
Includes: name, alias, postal address, email address, account name, IP address, unique identifiers.
Categories of Recipients:
- Consumer reporting agencies (for credit monitoring)
- Affiliates or subsidiaries
- Service providers (IT, hosting, cloud, analytics, support)
- Data analytics providers
- Internet service providers
- Operating systems & platforms
- Third-party product partners who provide financial or credit-related offers
- Payment processors (if you purchase paid products)
- Professional service firms (law firms, auditors)
Category 2 — Government-Issued Identification
Includes: Social Security number (required for credit monitoring), driver's license number, state ID number, passport number.
Categories of Recipients:
- Consumer reporting agencies (for credit monitoring)
- Affiliates or subsidiaries
- Identity verification providers
- Other service providers
Category 3 — Financial Information
Includes: credit card number, bank account number, payment information (only if you purchase paid products), and information contained in your credit report.
Categories of Recipients:
- Affiliates or subsidiaries
- Consumer reporting agencies
- Payment processors
- Other service providers
Category 4 — Protected Classification Characteristics
Includes: age/date of birth.
Categories of Recipients:
- Consumer reporting agencies
- Affiliates or subsidiaries
- Service providers
Category 5 — Commercial Information
Includes: products or services purchased, obtained, or considered; credit-coaching activity; referral/offer interaction history.
Categories of Recipients:
- Affiliates or subsidiaries
- Data analytics providers
- Service providers
- Third-party product partners who provide financial or credit-related offers
Category 6 — Internet or Other Network Activity
Includes: browsing history, search history, activity on Worthy's website/app, interactions with emails, cookies, and advertisement interactions.
Categories of Recipients:
- Internet service providers
- Data analytics providers
- Operating systems & platforms
- Service providers
- Third-party product partners who provide financial or credit-related offers
Category 7 — Audio, Electronic, or Visual Information
Includes: customer-service call recordings (if applicable).
Categories of Recipients:
- Service providers
- Professional service firms
Category 8 — Professional or Employment-Related Information
(Only if you apply for a job with us.)
Categories of Recipients:
- Affiliates or subsidiaries
- Service providers
- Professional service firms
Category 9 — Inferences
Includes: insights derived from your credit data, simulator inputs, user preferences, predicted credit-behavior segments, and offer-eligibility assessments.
Categories of Recipients:
- Affiliates or subsidiaries
- Data analytics providers
- Service providers
- Third-party product partners who provide financial or credit-related offers
Category 10 — Additional Personal Information (California Customer Records Statute)
Includes: signature or other data you provide in forms, if applicable.
Categories of Recipients:
- Affiliates or subsidiaries
- Service providers
Your Rights under the CCPA/CPRA
As a California resident, you have the following rights (subject to certain limitations):
- Right to Know: Access the categories and specific pieces of personal information we have collected about you.
- Right to Delete: Request deletion of your personal information.
- Right to Correct: Request we correct inaccurate personal information.
- Right to Opt-Out of Sharing: Opt-out of cross-context behavioral advertising (if applicable).
- Right to Limit Use of Sensitive Personal Information: Limit the use of data such as SSN to the purposes allowed by law.
- Right to Non-Discrimination: You will not be discriminated against for exercising your rights.
You or your authorized agent may submit a request by contacting us at:
Email: privacy@askworthy.ai
Phone: +1 (754) 273-8381
18 West 18th Street
6th Floor
New York, NY 10011-4652
We will verify your identity before processing certain requests and respond within the timeframes required by California law.
Sensitive Personal Information Statement
We only use "sensitive personal information" (e.g., Social Security number) for the purposes permitted under CCPA/CPRA, including:
- Providing you with credit monitoring and credit-report access
- Verifying your identity
- Detecting fraud or preventing illegal activity
- Maintaining the security and integrity of our systems
We do not use sensitive personal information to infer characteristics about you unless necessary to provide the Services and permitted by law.
12. Other State Privacy Rights
Information unique to California residents can be found in Section 11. Certain additional states also provide consumers with privacy rights relating to their personal information. While the specific rights available to you may vary depending on your state of residence, Worthy allows all eligible users to exercise the privacy choices described below, to the extent required by applicable law.
Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Delaware, and others as those laws become effective) may have some or all of the following rights:
- Right to Know / Access: You may request confirmation of whether we process your personal information and request access to that information.
- Right to Correct: You may request that we correct inaccuracies in your personal information.
- Right to Delete: You may request that we delete personal information we have collected from you, subject to legal and operational exceptions.
- Right to Opt-Out: You may have the right to opt out of certain processing activities, including targeted advertising, the sale of personal information (if applicable), or certain profiling activities.
- Right to Appeal: If we deny your request, you may have the right to appeal our decision.
To exercise any of these rights, you may contact us at privacy@askworthy.ai, through your account settings, or via the contact methods listed in this Privacy Policy.
We will authenticate your identity and respond within the timeframe required under your state's law.
Worthy does not discriminate against users for exercising their privacy rights.
13. Contact Us
If you have questions or concerns about this Privacy Policy or our practices, please contact us at:
Worthy Privacy Team
18 West 18th Street
6th Floor
New York, NY 10011-4652
Email: privacy@askworthy.ai
Phone: +1 (754) 273-8381