As a Bank as a Service provider, we collect comprehensive information to comply with banking regulations and provide our services: • Personal Identification Information: - Full legal name - Date of birth - Social Security Number (SSN) or Tax Identification Number (TIN) - Government-issued ID (driver's license, passport) - Residential and business addresses - Contact information (phone, email) • Financial Information: - Bank account details - Transaction history - Credit history and reports - Income and employment information - Business financial statements - Tax returns and documentation • Business Information (for business accounts): - Business registration documents - Articles of incorporation - EIN/Tax ID - Ownership structure - Beneficial ownership information - Business licenses and permits • Transactional Data: - Payment processing records - Transaction amounts and frequencies - Merchant category codes - Geographic locations - Device information - IP addresses • Compliance Documentation: - Source of funds documentation - Business purpose documentation - Risk assessment questionnaires - Compliance certifications - Regulatory filings

As a regulated financial institution, we are subject to various banking and financial regulations that require us to collect and maintain certain information: • Bank Secrecy Act (BSA) Requirements: - Currency Transaction Reports (CTRs) for transactions over $10,000 - Suspicious Activity Reports (SARs) - Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) - Record keeping requirements - Transaction monitoring • Anti-Money Laundering (AML) Requirements: - Customer identification program (CIP) - Risk-based customer due diligence - Ongoing transaction monitoring - Suspicious activity reporting - Compliance with OFAC sanctions • Payment Card Industry (PCI) Standards: - Secure handling of payment card data - Encryption of sensitive information - Regular security assessments - Compliance with PCI DSS requirements • Other Regulatory Requirements: - USA PATRIOT Act compliance - Fair Credit Reporting Act (FCRA) - Gramm-Leach-Bliley Act (GLBA) - State and federal banking regulations

We use your information for the following purposes: • Banking Services: - Processing banking transactions - Managing accounts and services - Facilitating money transfers - Providing banking services - Account maintenance • Regulatory Compliance: - Meeting BSA/AML requirements - Conducting customer due diligence - Monitoring for suspicious activities - Filing required regulatory reports - Maintaining compliance records - Responding to regulatory inquiries • Risk Management: - Fraud prevention and detection - Credit risk assessment - Transaction monitoring - Risk scoring and analysis - Security threat detection • Service Improvement: - Enhancing our banking services - Developing new financial products - Improving security measures - Optimizing user experience - Analyzing usage patterns

We implement comprehensive security measures to protect your information: • Technical Security Measures: - End-to-end encryption for data transmission - Multi-factor authentication - Advanced firewalls and intrusion detection - Regular security audits and penetration testing - Secure data centers with 24/7 monitoring - Regular security updates and patches • Operational Security: - Strict access controls and authentication - Employee background checks - Regular security training - Incident response procedures - Business continuity planning - Regular risk assessments • Compliance with Standards: - PCI DSS compliance - SOC 2 Type II certification - ISO 27001 standards - NIST cybersecurity framework - Federal financial institution requirements

We may share your information with: • Regulatory and Government Authorities: - Federal banking regulators - State banking authorities - Law enforcement agencies - Financial intelligence units - Tax authorities - When required by law or court order • Service Providers: - Banking partners - Technology providers - Cloud service providers - Security vendors - Compliance service providers - All subject to strict confidentiality agreements • Business Partners: - Financial institutions - Technology providers - Only with your explicit consent We do not sell your personal information to third parties.

You have certain rights regarding your information: • Access and Control: - Access your personal information - Request corrections to your data - Opt-out of marketing communications - Request account closure - Export your data • Limitations: - Some information must be retained for regulatory compliance - Certain data cannot be deleted due to legal requirements - Banking regulations may limit some rights - We may be required to maintain records for up to 5 years • Communication Preferences: - Update contact information - Choose communication methods - Set notification preferences - Manage marketing preferences

We may update this privacy policy to reflect: • Changes in banking regulations • Updates to our services • New compliance requirements • Security enhancements • Industry best practices We will notify you of significant changes through: • Email notifications • Website announcements • Account notifications • Required regulatory notices