The Types of Information We Collect
Through your use of the Services, we may collect personal information from you in the following ways:
(a) Personal Information You Provide to Us.
- We may collect personal information from you, such as your first and last name, address, e-mail, telephone number, and social security number when you create an account.
- We will collect the financial and transaction information necessary to provide you with the Services.
- If you provide feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, in order to send you a reply.
- We also collect other types of personal information that you provide voluntarily, such as any information requested by us if you contact us via email regarding support for the Services.
(b) Personal Information Collected from Third Parties. We may collect certain information from identity verification services and consumer reporting agencies, including credit bureaus, in order to provide some of our Services.
(c) Personal Information Collected Via Technology. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our Services, our communications and other online services, such as:
- Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, network information (e.g., WIFI, LTE, 5G), and general location information such as city, state or geographic area.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
- Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, and helping us understand user activity and patterns.
- Local storage technologies, like HTML5 and Flash, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
- Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
- Location Information. If you have enabled location services on your phone and agree to the collection of your location when prompted by the Services, we will collect your location information when you use the Services; for example, to provide our fraud detection services. If you do not want us to collect this information, you may decline the collection of your location when prompted or adjust the location services settings on your device.
How We Use Your Information Collected in the App
(a) General Use. In general, we use your personal information collected through your use of the Services to respond to your requests as submitted through the Services, to provide you the Services you request, and to help serve you better. We use your personal information, in connection with the App, in the following ways:
- facilitate the creation of, and secure and maintain your account;
- identify you as a legitimate user in our system;
- provide improved administration of the Services;
- provide the Services you request;
- improve the quality of experience when you interact with the Services;
- send you administrative e-mail notifications, such as security or support and maintenance advisories; and
- send offers, and other promotional materials related to the Services.
(b) Compliance and protection. We may use your personal information to:
- comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities;
- protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
- audit our internal processes for compliance with legal and contractual requirements and internal policies;
- enforce the terms and conditions that govern the Service; and
- prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
(c) Creation of Non-Identifiable Data. The App may create de-identified information records from personal information by excluding certain information (such as your name) that makes the information personally identifiable to you. We may use this information in a form that does not personally identify you to analyze request patterns and usage patterns to enhance our products and services. We reserve the right to use and disclose non-identifiable information to third parties in our discretion.
Additional Information Requested by Mobile App
Please take a moment to read and understand what personal information your banking app might collect under certain circumstances and how this information is used.
Exchange Bank’s Mobile Application may request access to information stored on your device such as location, camera, contacts, or other features you are enrolled in to enrich and simplify your own user experience and improve our services, as well as provide additional security to protect your account.
It is important for you to understand that:
- Before granting access to this information, you will be prompted to give the application that permission.
- If you do not wish to grant that permission, you may decline.
- If you later change your mind, those permissions can be updated in your device’s settings.
Some possible examples of information your app may request access to are:
- Location: Your location is used to prevent fraudulent activity and to display locations near you.
- Contacts: Allowing access lets you add contacts to use with features that allow you to send money via your mobile app. We will only add the contacts you choose and that information will not be shared.
- Camera: This app uses your camera to capture check images, take picture of receipts, scan ID, scan authorized QR codes and to conduct video chat.
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings. The application information is retained in accordance with state and federal record retention laws. Please contact us to determine specific timeframes for your personal stored information and if that information may be deleted
|Email and Text Security
|Never provide sensitive information through email or text, such as, but not limited to,
· Online Banking Credentials,
· Multifactor Authentication (MFA) Code,
· Social Security Number,
· Account Number or
· PIN numbers.
We will never ask you to send this information through email or text.
|Protect your computer from criminal attacks. Visit our Customer Education Page.
|Cookies are files created and used by the websites you visit to store your login state, remember your site preferences, or personalize content. When a user registers a browser or device, a cookie is saved within the user’s browser, and a corresponding record is held within the online banking system. When a user next logs in on the browser or device, the system checks for the saved cookie and, if it finds it, allows the user to bypass MFA. If the cookie expires or is removed from either the user’s browser/device or the registration is cleared from online banking system, the user will be prompted to go through the MFA process and re-register their device. For Maximum Security, we recommend Do Not Register Device.
|Exchange Bank’s Mobile Apps periodically collect, transmit, and use geolocation information for enabling features such as, but not limited to, card use and alerts to prevent fraudulent activity, but only if the end user expressly authorizes collection of such information. Geolocation information can be monitored on a continuous basis in the background only while the feature(s) are being used or not at all, depending on the end user’s selection. The end user can change his/her/their location permissions at any time in their device settings.
|Links to Third Party Sites
|The information and disclosures contained in this Policy apply only to our Apps. Our Apps may contain links to third party websites. When you click on a link to any other website or location, you will leave the App and go to another site and another entity may collect personal information from you. The App’s link to any other website or location is for your convenience and does not indicate our endorsement of such other website or locations or its content. If you link to a third-party website from our Apps, the third-party website will not be governed by this Policy. We recommend that you review the internet or online privacy notice for any third-party website you visit.
|Many websites and apps use Google services to improve their content. When they integrate Google services, these sites and apps share information with Google. We use Google Analytics to better understand how users are visiting and using our sites. Google Analytics collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site. Google Analytics collects the IP address assigned to you on the date you visit this site, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Although Google Analytics plants a cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google.
|Children’s Online Privacy
|COPPA, the Children’s Online Privacy Protection Act, protects children under the age of 13 from the collection of personal information on the Internet. This financial institution respects the privacy of children. We do not knowingly collect names, email addresses, or any other personally identifiable information from children. We do not knowingly market to children, nor do we allow children under 13 to open online accounts.
Effective Date: June 14, 2023