Privacy Policy

We are Kasasa, LTD. (“Kasasa”), including our affiliates and service providers, as well as certain of our licensors and service providers (collectively, including us, CSID, a part of Experian Information Solutions, Inc. ("Experian") and its subcontractors and licensors, “Kasasa”, “we”, “us” and “our”) and we respect individual privacy and values the confidence of our clients, consumers and/or users. We provide consulting, rewards-management, marketing and retail banking products and/or services to community financial institutions and their consumers, clients, members, account holders and/or end users, including, without limitation, Kasasa Protect which combines multiple layers of protection and offers comprehensive protection that reviews your credit and non-credit identity records in order to protect your identity.

Federal law also requires us to tell you what personal identifiable information we collect, how we collect, share, and protect your personal information. Please read this notice carefully to understand what information we collect, what we do with it, who we share it with and your rights regarding your personal information.

PLEASE READ THIS PRIVACY POLICY IN ITS ENTIRETY BEFORE USING ANY OF OUR SERVICES OR SITE(S). BY USING ANY SUCH SERVICES OR SITE(S) YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND UNDERSTAND THIS POLICY AND THAT YOU AGREE TO BE BOUND BY ITS TERMS. IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS OF THIS PRIVACY POLICY, SIMPLY EXIT THIS PAGE WITHOUT ACCESSING OR USING OUR SITE OR ANY OF OUR SERVICES.

The following privacy policy ("Policy") applies to your interaction with Kasasa and any of its products, services, applications and / or online sites that we own or control, and Kasasa Events in which we participate, unless a different policy is posted or is made available to your and by its terms supplants this Policy.

Other privacy policies, such as those of third parties that we contract with for specific services and functionality, may also apply in addition to this Policy.

Under no circumstances will Kasasa provide, sell or share any PIIwith any person or organization except (i) for the purpose of providing you with the services you have requested and for administering our relationship with you, internal business purposes and statistical analysis, (ii) as authorized by you, (iii) with your financial institution(s), (iv) as may be required by law or court order, or (v) as otherwise set forth herein. This Privacy Policy describes the standards we adhere to in handling information about you and any personal information you submit through any of our products, services, applications and / or online sites we own or control, or Kasasa Events in which we participate.

This Policy incorporates by reference the applicable Terms and Conditions (“Terms”), including their limitation of liability and damages.

The types of information we collect and share about you depends on the Kasasa powered products, services, applications and online site(s) you use or visit or Kasasa Event in which you participate. This information can include but is not limited to the following:

Information which identifies the Consumer (e.g. name, address, email address, telephone number, income, age/age range/date of birth, Social Security Number, photograph, or any other information which is personally identifiable).

Information gathered via an individual's use of an online product, service, application or web site (e.g. browser type, IP address, online navigation, demonstration viewings)

Information that we may create or compile from various sources, including but not limited to accounts and transactions. This information contains no identifiable elements and is used for our general business and marketing purposes.

Information provided by the user during the application process (e.g. name, date of birth, address, email address, telephone number, national identifier or social security number, credit card details, income, age / age range or photograph)

Information resulting from the financial product or service transaction (e.g. payment history, loan or deposit balances, credit card purchases)

Information from other sources about the user obtained in connection with providing the financial product or service (e.g. information from the user's credit report or from court records)

To protect the information listed above from unauthorized access and use, we use security measures that comply with federal law. These measures include physical, electronic, and procedural safeguards.

When you submit information to Kasasa through our web site, you should be aware that your information is transmitted across the Internet and that no method of transmission over the Internet is 100% secure. Although we take reasonable security measures to protect your information when we receive it, you also need to ensure you take appropriate steps to protect your information.

We will obtain assurances from any agents we may use to help provide this service that they will safeguard personal information consistently with this Privacy Policy, which assurance will require the agent to provide the same level of protection as is required by applicable federal law.

Using cookies, clear gifs, Flash objects, IP Addresses and data entry forms, we may collect information from and about you via a variety of sources and as the result of various interactions you may have with Kasasa.

For example, we collect information when you register for, subscribe to or submit an application for or use one of our products, services, applications and/or online sites, including, without limitation, Kasasa Protect.

We also collect information about you when you respond to an advertisement, participate in an online survey or promotion or in a real-time Kasasa Event and when you utilize the Contact Us form on one of our online sites.

We may also from time to time make various resources, information and services available to you through our online sites and we may collect information in connection with providing such resources, information and / or services.

Note: You do not have to provide any information to view some of our online site(s) and you are permitted to browse some of our online site(s) anonymously. Certain features of some of our products, services, applications and/or online site(s), including, without limitation, Kasasa Protect, however, are only available to registered users.

In order for Kasasa to conduct our business and properly support our community financial institution clients and their respective consumers, we must collect and at times share information about individuals who utilize the products, services, applications and/or online sites we power. We collect information from and about you for the following general business and marketing purposes:

• General Business Purposes
• To conduct, process and deliver Services to our community financial institutions and their participating accountholders
• To identify browsers and type of access device to enable content and information to be appropriately displayed to the user in order to improve the users online experience
• To ensure the proper functioning of our products, services, applications and online sites
• To facilitate the aggregation of accounts and the transmission of financial data for banking and personal finance management purposes
• To analyze user activity and related data to identify trends, audit software processes and enhance our products, services, applications and online sites
• To verify a user's identity so they can access their accounts, conduct transactions validate account status and manage their accounts
• To send participating users authorized alerts and messages (via SMS or email) about their accounts
• To enable users to apply for products and services that may be of interest to them and to evaluate their eligibility for such products and services
• To respond to user inquiries and requests
• To inform users of changes in terms, conditions and / or policies regarding our Services
• To maintain measures aimed at preventing fraud and protecting the security of account and Personal Identifiable Information
• To access and monitor various data sets that you request us to monitor as part of your identity protection service and for the prevention and detection of fraud.
• To provide you access to the requested products and/or services
• To comply with laws, regulations, and other legal and / or law enforcement requirements
• General Marketing Purposes:
• To conduct market research
• To enhance collected information with additional demographic and psychographic data to aid in understanding consumer behavior, product use, interests, opinions and trends
• To execute marketing programs either directly or through a third party to promote products and services we believe the user may be interested in
• To execute and administer promotional offers and to notify winners and distribute prizes. These activities will have additional rules and may contain specific information about how personally identifiable information is collected, used and shared.
• To facilitate "tell-a-friend" referrals whereby a user can enter another individual's contact information for the purposes of introducing that individual to a product, service or institution that they may be interested in. We do not store your information or your friend's information. It is used solely to send an email to that individual and the individual has the option of opting out of receiving any additional emails.
• To evaluate the effectiveness of all marketing programs and promotional offers

We may share the information we collect from and about you with for the following purposes:

• Non-Affiliated Third-Party Vendors / Providers:
• To conduct and deliver Services that we contract out to other vendors such as payment processing, sending postal and electronic mail, performing account aggregation services and providing customer support for our products, services and applications and online sites and Kasasa Events.
• To provide you with our identity protection service and for the prevention and detection of fraud. These companies are authorized to use your personal information only as necessary to provide these services to you.
• To upgrade software and provide technical support and issue resolution for our Services.
• To facilitate, execute and evaluate marketing and promotional programs that we or our community financial institution clients execute.
• To protect our rights and property, to prevent fraud and abuse and to adhere and respond to required laws, court orders and / or other legal requirements

You can opt out of some information collection and sharing activities but not all. For example, consumers cannot opt out with non-personal and nonpublic personal information if shared with nonaffiliated third parties to:

• Market the financial institution's own products or services
• Market financial products and services offered by the financial institution and another financial institution (joint marketing)
• Provide the requested products and/or services
• Process and service transactions the consumer requests or authorizes
• Protect against potential fraud or unauthorized transactions
• Respond to judicial process
• Comply with federal, state, or local legal requirements

• Opt out of any continuing marketing or promotional programs by executing the opt-out option included within a marketing or promotional communication
• Disabling “Cookies” and “Flash Objects” from your browser. Note, some functionality on some of our online sites will be impacted or rendered unavailable if these items are disabled. Industry standards are evolving and we may not separately respond to or take any action with respect to a "do not track" configuration setting in your internet browsers.
• Delete and / or close your account

Note: You do not have to provide any information to view some of our online site(s) and you are permitted to browse some of our online site(s) anonymously. Certain features of some of our products, services, applications and online site(s), however, are only available to registered users and to those who have not disabled the tracking items listed above.

We will take reasonable steps to ensure that all personal information is relevant to its intended use, accurate, complete, and current. We will use this data to access and monitor various data sets that you request us to monitor as part of your identity protection service and for the prevention and detection of fraud. When you close your account, we may continue to share information about you according to our legal and regulatory requirements. We will keep your personal information only as long as we need it for the purposes for which we collected it, or as required or permitted by law and our compliance and regulatory requirements.

If your personally identifiable information changes, or if you no longer desire our service, you may correct, update, amend, or deactivate it by making the change on our subscriber profile page or by contacting us through one of the methods listed below.

• You may request a copy of the information we hold about you so you can correct or amend information that may be inaccurate or incomplete by writing to the contact listed below. In addition, we will ask you to provide sufficient evidence of your identity for your own protection so we can ensure that information is being released to the correct person. We will respond to your request to access within 30 days.
• To request the deletion of your information, please contact us through one of the methods listed below. In some cases, our business requirements and legal obligations may prevent us from being able to delete your information. If we are unable to delete your information we will let you know if we are unable to do so and why.

We may provide links to third party websites, such as credit bureaus, service providers or merchants. If you follow links to websites not affiliated or controlled by Kasasa, you should review their privacy and security policies and other terms and conditions, as they may be different from those of our Sites. Kasasa does not guarantee and is not responsible for the privacy or security of these websites, including the accuracy, completeness, or reliability of their information.

Kasasa provides experiences, including Kasasa Events, on social media platforms including, but not limited to, Facebook, Twitter, YouTube and LinkedIn that enable online sharing and collaboration among users who have registered to use them. Your participation in any Kasasa Event may be published on various social media platforms, and may include photos and videos from / of the Event. Any content you post on official Kasasa managed social media pages, such as pictures, information, opinions, videos or any Personal Information that you make available to other participants on these social platforms, is subject to the Terms of Use and Privacy Policies of those respective platforms. Please refer to them to better understand your rights and obligations with regard to such content. In addition, please note that when visiting any official Kasasa social media pages, you are also subject to the Terms.

We will enforce this Policy, and if you violate any of its terms, we may prevent you from using any of our products, services, applications and online sites including Kasasa Protect Services and its Site.

DEFINITIONS:

The following definitions applies to your interaction with Kasasa or any of its products, services, applications and / or sites that we own or control, unless a different policy is posted or is made available to you and by its terms supplants this Policy.

• Affiliates: Companies related by common ownership or control. They can be financial and non-financial companies.
• Aggregated and Non-Identified Information: Data that we may create or compile from various sources, including but not limited to accounts and transactions. This information, which does not identify individual account holders, is used for our business purposes, which may include offering products or services, research, marketing or analyzing market trends, and other purposes consistent with applicable laws
• Consumers: Any current or prospective customers or members of Financial Institutions that use, or may use in the future, the Services.
• Cookies: Cookies are alphanumeric identifiers that we transfer to your computer's hard drive through your web browser for record-keeping purposes. These cookies, however, do not store any personally identifiable information such as your name, email address or phone number. We use three different types of cookies:

Session Cookies: exist only during an online session and allow us to process your online activities and verify your identity as you move through one of our online sites.

Persistent Cookies: remain on your computer after you have closed your browser or turned off your computer and allow us to track aggregate & statistical information about user activity which may be combined with other user information.

Third Party Cookies: We also may engage third parties, including, without limitation, Google Analytics, to track and analyze non-personally identifiable Website data. We use the data collected by such third parties to help us administer and improve the quality of the Website and Services and to analyze usage. We do not have access to or control over these third party cookies nor does this Privacy Policy cover such third parties' use of data.

• Clear Gifs (aka Web Beacons/Web Bugs, Pixel Tags): Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on your computer's hard drive, clear gifs are embedded invisibly on Web pages.
• Flash Objects: Also known as Local Shared Objects, these objects help us determine and recognize your browser type and version of Adobe Flash so that you can view "moving content" such as online demonstrations and tutorials and your device when you log onto or return to one on our online sites.
• IP Address: Your IP Address is a number that is automatically assigned to the device that you are using by your Internet Service Provider (ISP). An IP Address is identified and logged automatically in our server log files whenever a user visits an online site, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice on the internet and is done automatically by many web sites. We use IP Addresses for purposes such as calculating Site usage levels, helping diagnose server problems, for compliance and security purposes and administering our online sites.
• Joint Marketing: A formal agreement between non-affiliated financial companies that together market financial products or services to you.
• Kasasa Event: Any event promoting Kasasa products including events sponsored in whole or in part by, Kasasa, LTD.
• Non-Affiliates: Companies not related by common ownership or control. They can be financial and non-financial companies.
• Non-Public Personal Information: Information that consists of personally identifiable financial information that is not publicly available information; and lists, descriptions, or other groupings of individual consumers that were either:
• Created using: Personally identifiable financial information that is not publicly available information, or
• Contain personally identifiable financial information that is not publicly available information.
• Personal identifiable information or PII: Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. PII typically refers to information such as name, address, phone number, email address, date of birth, various identification numbers such as social security numbers, etc.
• Services: Collectively refers to the products, services, applications and online sites that Kasasa powers on behalf of our community financial institutions or independently on our own.

California residents may request a list of certain third parties to which we have disclosed personal information about you for direct marketing purposes. You may make one request per calendar year. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. You may request this information in writing by contacting us at Kasasa, LTD, Attn: Compliance Manager, 6504 Bridge Point Parkway, Ste. 500, Austin, TX 78759 or emailing us at compliance.help@kasasa.com. Please allow up to thirty (30) days for a response.

We reserve the right to modify this Policy at any time and at our sole discretion, so please review it frequently. If we make material changes to this Policy, we will notify you here by posting these changes on this Site and the changes will be deemed effective immediately upon the date of such posting. The most current version of the Privacy Policy will always appear on this site and the most recent version shall supersede any and all other versions of this Policy. Continued use of the Services and/or Site(s) following the posting of these changes or modifications will constitute acceptance of such changes or modifications. PLEASE PRINT AND RETAIN A COPY OF THIS AGREEMENT FOR YOUR RECORDS.

If you have any questions regarding this Policy, please contact us at:

Kasasa, LTD
6504 Bridge Point Parkway
Suite 500
Austin, TX 78759
compliance.help@kasasa.com