Loading...
Privacy
We are committed to protecting your financial data with the highest security standards.
We are committed to protecting your financial data with high-security controls, transparent practices, and clear member rights under GLBA, CCPA, VCDPA, and GDPR frameworks.
v4.2
Mar 2026
Expanded state-specific rights and cookie controls.
v4.1
Nov 2025
Updated fraud telemetry and retention schedule language.
v4.0
May 2025
Full policy restructure for readability and transparency.
Personal Information
Account opening, profile updates, KYC checks
Financial Data
Banking activity, lending workflows
Digital Footprint
Web, mobile app, and fraud signals
Biometric Data
Opt-in authentication features
Location Data
Device consent and risk analysis
Data Flow Diagram
1. Member Channels
2. Secure Ingestion
3. Risk & Compliance Engine
4. Protected Storage
We use account activity to post transactions, issue statements, and route alerts.
| Category | Data Shared | Purpose |
|---|---|---|
| Service Providers | Identity, transaction metadata | Payments, cloud hosting, KYC |
| Credit Bureaus | Credit history, payment performance | Credit decisions and reporting |
| Marketing Partners | Limited segment data | Co-branded offers (opt-out available) |
| Regulators | Required legal records | Compliance, audits, investigations |
| Business Transfers | Contract-limited data sets | Merger/acquisition continuity |
Opt-out controls are available for eligible sharing categories in your privacy settings.
Incident response commitment: containment, member notice, and remediation updates in accordance with applicable law.
Account Data
While active + 7 years post-closure
Transaction Records
7 years
Marketing Data
Until consent withdrawn
Session Data
30 days
Cross-border processing
Children\'s privacy
Material changes are announced by email and secure message. You can subscribe for update alerts below.
Regulatory complaints
Annual privacy notice, safeguards rule, and limits on sharing nonpublic personal information.
Applies: All US States
Rights to know, delete, and opt out of sale/sharing for eligible California residents.
Applies: California
Rights to access, correction, deletion, portability, and opt out of profiling.
Applies: Virginia
Applies to EU member data processing with lawful basis, SCCs, and data subject rights.
Applies: EU/EEA
Do Not Sell or Share My Personal Information
California residents can submit a request via privacy settings or email. We honor Global Privacy Control signals where required.
Accessibility Statement: This policy is authored for WCAG 2.1 AA readability and keyboard navigation standards.
Current language: English
Need help understanding legal terms? Use tooltips and support chat in the help center.
