Effective: October 7, 2025
Version: v25q4

Definitions are located at the end of this Privacy Policy (the “Policy”). Please contact privacy@kasasa.com with any questions of concerns you may have.

WE ARE KASASA

Kasasa (also “us” and “we”) provides retail banking products, enabling technologies, and professional services that assist community Financial Institutions in the United States of America (USA) better serve consumers and their communities. Kasasa respects privacy and is committed to protecting it though compliance with this Policy.

Applicable Law requires us to disclose what Personal Information we collect, and how we collect, share, and protect any Personal Information we receive from Financial Institutions or consumers interacting with us, our Services or our website.
PLEASE READ THIS POLICY CAREFULLY, AS IT IS INTENDED TO DISCLOSE OUR INFORMATION COLLECTION PRACTICES FOR BOTH FINANCIAL INSTITUTIONS AND CONSUMERS.

PLEASE READ THIS POLICY IN ITS ENTIRETY BEFORE USING ANY OF KASASA'S SERVICES.
PLEASE NOTE THERE IS ADDITIONAL INFORMATION SPECIFIC TO RESIDENTS OF STATES WITH CONSUMER PRIVACY LAWS AT THE END OF THIS POLICY.  
BY USING ANY SERVICES THAT WE PROVIDE TO A FINANCIAL INSTITUTION OR CONSUMER, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND UNDERSTAND THIS POLICY AND THAT YOU AGREE TO BE BOUND BY ITS TERMS.

IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS OF THIS POLICY, SIMPLY EXIT WITHOUT ACCESSING OR USING OUR WEBSITE OR ANY OF OUR SERVICES.

KASASA SERVICES ARE ONLY AVAILABLE THROUGH FINANCIAL INSTITUTIONS BASED IN THE USA AND OUR WEBSITES ARE ONLY INTENDED FOR VISITORS FROM THE USA.  KASASA DOES NOT OFFER SERVICES TO CONSUMERS IN THE EUROPEAN UNION (EU) OR UNITED KINGDOM (UK) AND DOES NOT MONITOR THE ACTIVITY OF SUCH CONSUMERS THAT ARE LOCATED IN THE EU, UK OR ANY JURISDICTION OUTSIDE OF THE USA.  IF YOU ARE LOCATED IN ANY JURISDICTION OUTSIDE OF THE USA, PLEASE DO NOT VISIT ANY KASASA POWERED WEBSITES (AS DEFINED BELOW).

APPLICABILITY

This Policy applies to any and all interactions with Kasasa (including employment related), any of the Services it provides, and Kasasa Events in which we participate, unless a different policy is posted or is made available and by its terms supplants this Policy.

Other privacy policies, such as those of third parties that we contract with for specific services and functionality, may also apply in addition to this Policy.

This Policy describes the types of Personal Information we may collect through any of the Services or Kasasa Events in which we participate, as well as, our practices for collecting, using, maintaining, protecting and disclosing such Personal Information.

INFORMATION WE COLLECT

The Personal Information we collect, and share depends on the Services utilized, the websites that are powered by Kasasa (“Kasasa Powered Websites”) visited, or the Kasasa Event(s) in which you participate. Not all Personal Information is collected about all individuals.  For instance, we may collect different information from applicants for employment or from vendors or from customers.

The following lists the Personal Information we have collected in the past twelve (12) months.

• Identifiers: Information which identifies the consumer (e.g., real name, aliases, postal address, unique personal identifier, online identifier, internet protocol address, income, age, age range, date of birth, email address, account name, social security number, photograph, driver’s license number, passport number, or other similar information). 
• Personally Identifiable Information. In addition to the information listed above in ‘Identifiers,’ any other specific information which identifies the consumer (e.g. signature, physical characteristics or description, state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or other financial information, or medical information or health insurance information). Some Personal Information included in this category may overlap with other categories.
• Legally Protected Characteristics. Information regarding a consumer’s characteristics that are protected by law (e.g. age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, disability, sex (including gender, gender identity, gender expression, pregnancy, maternity, childbirth, and related medical conditions), sexual orientation, veteran or military status, or genetic information (including familial genetic information).
• Commercial Information. Information regarding a consumer’s purchasing or selling activity (e.g. records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies).  
• Biometric information.  Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
• Internet or Network Activity.  Information regarding a consumer’s internet activity (e.g. browsing history, search history, information regarding a consumer’s interaction with an internet website, application, advertisement, or other similar information).  
• Geolocation.  Information regarding a consumer’s physical location and/or movements.
• Inferences from Above Used to Profile. Any profile drawn from a consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Personal Information does not include:

• Publicly available information from government records.
• Deidentified or aggregated consumer information.
• Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994 and information excluded from the scope of state laws like health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA); clinical trial data and specific state laws.
  
  

CHILDREN’S PRIVACY

Kasasa Powered Websites are not designed nor intended to be attractive to use by persons under the age of 18 years old (a “Child” or “Children”). We do not knowingly collect Personal Information from or about Children on Kasasa Powered Websites or at Kasasa Events. If you are a Child, do not use or provide any Personal Information to us via the Kasasa Powered Websites or attend Kasasa Events. If we learn that we have collected or received unauthorized Personal Information from a Child, we will delete that Personal Information. If you believe that we have Personal Information from or about a Child, please contact privacy@kasasa.com.

DATA SECURITY

To protect Personal Information, we use reasonable security measures (i.e., physical, technical, and procedural safeguards) to protect information contained in our system against unauthorized access, destruction, misuse, loss, or alteration.  We may employ data encryption (at rest and in transit to and from our organization) to protect information via AES-256 encryption.  Although we do our best to protect Personal Information, we cannot guarantee the security of exchanged Personal Information. Any exchange of Personal Information is at your own risk.  If we receive instructions using your log-in information we will consider that you have authorized the instructions.  We are not responsible for circumvention of any privacy settings or security measures.

HOW WE COLLECT PERSONAL INFORMATION

We receive Personal Information from the following sources:

• Financial Institutions, their representatives, agents, or service providers;
• Consumer interactions with any of our Services, Kasasa Powered Websites, digital applications, advertisements, online surveys, promotions, events, or in a real-time Kasasa Event;
• Information we collect from job applicants directly and through the application process;
• Information we collect from employees directly and through the course of the employment;
• Activity on Kasasa Powered Websites or digital applications powered by Kasasa;
• Service providers and third parties that interact with us in connection with the Services;
• Mobile and desktop applications you download to interact with us and/or the Services;
• Interaction with advertising and applications on third-party websites and services, that include links to us; and
• Cookies, Clear GIFs, Flash Objects, IP Addresses, and data entry forms.

We also may permit third parties, including, without limitation, Google Analytics, to collect, track and analyze user information which may include online activities of Kasasa Powered Website visitors, over time and across other websites.

HOW WE USE PERSONAL INFORMATION

We may collect, use, or disclose Personal Information for our business purposes, including:

• To carry out our obligations and enforce our rights arising from any contracts entered into by Financial Institutions, consumers, or third parties and us, including but not limited to: (i) conducting, processing, and delivering contracted Services, (ii) verifying the identity of a Financial Institution or consumer so they can access their accounts, conduct transactions, validate account status or submit a verifiable request regarding Personal Information, (iii) facilitating specific features of Services, (iv) ensuring proper functionality of our Services, (v) billing for Services provided, and (vi) for other like purposes.
• To manage and oversee our staffing needs (current employees, former employees, and applicants) including legal compliance; evaluation of applicants; background checks; onboarding, training, performance reviews, compensation, and benefits administration of employees; management and monitoring of employee access to facilities, equipment and systems; audits and investigations; workforce analytics and benchmarking; health and safety and similar functions.
• To enable contractors, service providers, and other third parties that we use to execute their services in support of our business and who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which it was disclosed.
• To conduct market research using aggregated data and execute authorized marketing programs, either directly or through a third party, to promote Services in which we believe the consumer may be interested.
• To execute and administer incentive programs and/or promotional offers and to notify winners and distribute prizes. These activities will have additional rules and may contain specific information about how Personal Information is collected, used, and shared and Kasasa will provide additional notice about such programs before the collection of Personal Information for such programs, in accordance with the applicable privacy laws.
• To provide for internal business administration and operations, including troubleshooting, website customization, enhancement or development, testing, research, administration and operation of Kasasa Powered Websites and data analytics.
• To test and evaluate the effectiveness of marketing programs, channels, and offers.
• To enhance collected information with additional demographics and psychographic data to aid in understanding consumer behavior, product use, interests, opinions, trends, and other like purposes.
• To improve a user’s interaction and overall digital experience.
• To enable Consumers to apply for specific Services.
• To send alerts and notifications to Consumers, or to respond to inquiries and requests.
• To map Consumer’s location in relation to the Financial Institution’s offices and branches.
• To aid in our understanding of consumer behaviors, product use, interests, opinions, industry trends, and other like purposes.
• To maintain measures aimed at preventing fraud and protecting the security of accounts and Personal Information, and physical security of our premises through the monitoring of surveillance images.
• To comply with Applicable Law.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Kasasa's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Kasasa is among the assets transferred.
• For or any other purpose disclosed by us when you provide Personal Information.
• With your expressed consent.
• To carry out vital and legitimate business interest, provided we establish that the interest(s) do not override your rights to have Personal Information protected. Such interest include: (i) responding to requests and inquiries; and (ii) optimizing Services, experiences, and operations.

Do Not Track Signals: Except as provided in this Policy we do not currently respond to “Do Not Track Signals” from your web browser.

Use/Processing Sensitive Personal Information

We or our partners process some Personal Information that could be classified as Sensitive Personal Information for the purposes permitted by Privacy Laws or disclosed at the time we collect this information.  We do not process or disclose this information for purposes other than the permitted purposes unless required by Applicable Law.

The following are permitted purposes under the Privacy Laws:

1. To perform the Services or provide the goods reasonably expected by you who requests those goods or Services.
2. To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted Personal Information.
3. To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions.
4. To ensure the physical safety of natural persons.
5. For short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with the business, provided that the Personal Information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside the current interaction with the business.
6. To perform Services on behalf of our business.
7. To verify or maintain the quality or safety of products or Services that we own or control, and to improve, upgrade, or enhance such products or Services.
8. To collect or process Sensitive Personal Information where such collection or processing is not for the purpose of inferring characteristics about you.

ACCESSING YOUR INFORMATION AND YOUR CHOICES

Kasasa Powered Websites do not require you to accept all the Cookies, create an account or log-in to browse some Kasasa Powered Websites anonymously. Certain features of some of the Services, however, are only available to registered Financial Institutions, consumers or to those who have not disabled certain Cookies or tracking capabilities.

You can update, amend, or delete your Personal Information at any time by logging into your account or by emailing us at privacy@kasasa.com.

You can choose not to receive promotional emails from us by “unsubscribing” using the instructions in the emails you receive from us.  This will not stop us from sending emails about your account or your transactions with us.

You can choose to delete or block Cookies by setting your browser to either reject all Cookies or to allow Cookies only from selected sites.  If you block Cookies performance of the Kasasa Powered Website may be impaired and certain features may not function at all.

DISCLOSING PERSONAL INFORMATION

From time to time, we disclose Personal Information.  This includes disclosing information to our service providers such as professional advisers, lawyers, bankers, staffing partners, auditors, and accountants, and, when required by Applicable Law, to regulators or law enforcement.

Disclosure of Personal Information for a Business Purpose.

We may disclose Personal Information to service providers and others for a business purpose. The business purposes are listed above. When we disclose Personal Information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we may have disclosed all of the categories of consumer Personal Information, as documented in Section I Information Collected, Sources, and Business Purpose for Collection of this part, to service providers (such as payment processors, mail houses, marketing partners, shipping partners, employee benefits partners; professional advisors); affiliated companies; government regulators; strategically aligned businesses; or, when required by law, regulators, or law enforcement. Not all information is disclosed to the above. Photographs or other consumer content posted by Kasasa Powered Website users are available to the public.

1. Disclosing Personal Information in Sale Arrangements
   We do not sell Personal Information for monetary consideration, but we may transfer personal information to a third party that provides us with services such as helping us with advertising, data analysis and analytics, and security, which may fall under the definition of for “other valuable consideration” and which may therefore be considered a “sale” under some of the Privacy Laws. We do not sell the Personal Information of individuals we actually know are less than sixteen (16) years of age. Please see below for opting out of having your information sold. In the preceding twelve (12) months, we may have disclosed all of the categories of consumer Personal Information, as documented in Section I Information Collected, Sources, and Business Purpose for Collection of this part, for a business purpose which falls within the definition of a ‘sale.’
    
2. Sharing Personal Information for Cross-Context Behavioral Marketing
   Sharing Personal Information means making it available to a third party so that they can use it to display targeted or cross-context behavioral advertisements to you. Cross-context behavioral or targeted advertising means that we display an advertisement to you that is selected based on Personal Information about you that we obtained or inferred over time from your activities across other companies’ websites, applications, or online services that we use to predict your preferences or interests.  Targeted advertising does not include using your interactions with us or information that you provide to us to select advertisements to show them. In the preceding twelve (12) months, we have shared the categories of Personal Information of non-minors for behavioral or cross context or targeted advertising as set forth in this Policy.

AUTOMATED DECISION-MAKING

Automated decision making refers to a decision that is taken solely based on automated processing of your Personal Information. We may use automated decision-making software for security reasons, such as to detect fraudulent or illegal actions, or to protect consumer safety. When we do so, you cannot opt out of the use of decision-making technology. We may also use automated decision-making technologies with your express consent, such as when you affirmatively elect to submit your emails or texts for scam protection review. We do not use automated decision-making technologies to produce an adverse legal effect on you or to profile you.

DATA RETENTION

We will store consumer Personal Information in a form which permits us to identify consumers, for as long as necessary for the purpose for which the Personal Information is processed.  We may retain and use such Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights, or if it is not technically reasonably feasible to remove it. We retain information consumers provide in connection with requests made under the Privacy Laws for a period of two years.

In the event that an account is deleted and/or closed at the Financial Institution or the Financial Institution terminates the use of the Services, any Personal Information will no longer be used and will be destroyed or deleted from operational Kasasa systems in accordance with Kasasa’s then-current internal policies, procedures, and timeframes.

LINKS

We may provide web links to websites unaffiliated with Kasasa, such as credit bureaus, service providers or merchants. If you follow web links to websites not affiliated or controlled by Kasasa, you should review their privacy and security policies and other terms and conditions, as they may be different from those on the Kasasa Powered Websites. Kasasa does not guarantee, and is not responsible for, the privacy or security of these websites, including the accuracy, completeness, or reliability of their information.

SOCIAL MEDIA

Kasasa provides experiences, including Kasasa Events, on social media platforms, including, but not limited to, Instagram, Facebook, Twitter, YouTube, and LinkedIn, that enable online sharing and collaboration among Financial Institutions and consumers who have registered to use them. Your participation in any Kasasa Event may be published on various social media platforms and may include photos and videos from/of the Kasasa Event. Any content posted on official Kasasa managed social media pages, such as pictures, information, opinions, videos, or any Personal Information that is made available to other participants on these social platforms, is subject to the terms of use and privacy policies of those respective platforms. Please refer to them to better understand the rights and obligations with regard to such content. You may request that Kasasa remove a photo or video in which you are easily identifiable by contacting us (see Exercising Consumer Rights below) and we will make reasonable efforts to do so.  In addition, please note that when visiting any official Kasasa social media pages, you are also subject to the additional Terms and Conditions.

SCAM DETECTION SERVICES

If you use our email/text scam protection services, and only with your express consent, we and our partner providing the service will have access to the contents of the email, text, SMS, screenshot or URL that you have submitted for scam review. The information that you submit will be use to Identify trends in scam detection and protection, contribute to a database of such scams and threats, and notify you of potential scams and threats that have been identified in the community and online.  If you have opted-in to have us automatically scan your email account for scams, we will have access to all emails in the email account that you have designated for automatic review. Because of the potential sensitivity and confidentiality of the information we may process, you should only use email/text scam protection services for your personal email accounts. Using the automatic email scanning service for professional or work email accounts is prohibited without the express consent of your employer. The access you grant will include information contained in the to/from line, subject line, and contents of your emails (including attachments and photos embedded within your emails), texts and screenshots, and we use this information for the sole purpose of alerting you as to whether the content matches with existing scams or scam trends so that you may take action before opening potentially dangerous content. This scam protection review is conducted by automatic scanning and not by humans. While the content of your emails, texts and screenshots will be scanned with your express permission, we do not retain copies of your emails or texts, and the contents of your email, text or screenshots are not made available in your account. The content will be sent only to our service provider by secure transmission for scam analysis, and you will be provided a scam rating for each email/text/screenshot/URL that you submit. We do not share the contents of your communications submitted for scam review with any other third party. You may opt out of our automatic email scanning scam protection services at any time and you always have the option to submit only the specific email/text/screenshot that you are questioning for scam review. You may revoke your permission for our scam protection review product at any time, however, if you revoke this permission, we will be unable to provide our email and text scam protection services.

ADDITIONAL PRIVACY NOTICE 

Consistent with applicable law (“Privacy Laws”), we are providing additional privacy notice here.

California's "Shine the Light" law (Civil Code Section § 1798.83) permits users that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to us at privacy@kasasa.com or write us at the address below.

1. Consumer Rights and Choices 
    
   Consistent with the applicable, you may exercise the rights described in this section. Please note that some of the rights may vary depending on your state of residence.
   
   Access to Information and Data Portability Rights
   
   Consumers have the right, up to twice in a 12-month period, to request that we disclose certain information upon request about our information collection and disclosure practices.
    
   Consumers also have the right to request a copy of the specific pieces of Personal Information we collected about you. Once we receive and confirm your Verifiable Consumer Request (as defined in Making a Consumer Request below), we will disclose to you: 
    
   1. 1.  The categories of Personal Information we collected about you, the sources of the Personal Information, our business or commercial purpose for collecting the Personal Information and whether the Personal Information was disclosed for a business purpose, shared, or sold.
         
         
      2. The categories of Personal Information we disclosed for a business purpose and the categories of Personal Information we sold or shared during the prior 12 months along with the categories of recipients of such Personal Information.
         
         
      3. The specific pieces of Personal Information we collected about you during the prior 12 months, or, at your option, since January 1, 2022. Please note that this disclosure will not include data generated to help ensure security and integrity or as prescribed by regulation. We will endeavor to provide the Personal Information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.

1. 1.  Consumers’ Deletion Request Rights
      
      Consumers have the right, at any time, to request that we delete any of their Personal Information that we collected from them and retained, subject to certain exceptions. Once we receive and confirm a Verifiable Consumer Request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies. We may deny your deletion request if retaining the Personal Information is necessary for us or our service provider(s) to:
       
      1. Complete the transaction for which we collected the Personal Information, provide Services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
         
         
      2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; and to help to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for those purposes.
      3. Debug products to identify and repair errors that impair existing intended functionality.
      4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by Applicable Law.
      5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
      6. Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s ability to complete such research, if you previously provided informed consent.
      7. Enable solely internal uses that are reasonably aligned with consumer expectations, based on your relationship with us; and compatible with the context in which you provided the information.
      8. Comply with a legal obligation.
      9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
   2. Consumers’ Information Correction Rights 
      
      Consumers have the right, at any time, to request that we correct Personal Information that we hold which is inaccurate.  We will require that you provide information about yourself so that we can verify your identity before we can make any change to the Personal Information we hold about you and we will use commercially reasonable efforts to make the requested corrections.  In some cases, for instance if you have an account with us or with a Financial Institution, you can update your Personal Information by logging into your account.
   3. Consumers’ Opt-Out Rights
       
      1. Do Not Sell My Personal Information: Consumers have the right, at any time, to direct us to not sell their Personal Information.
      2. Do Not Share My Personal Information: Consumers have the right, at any time, to opt out of having your Personal Information shared with others for cross-context or behavioral advertising purposes and having their information used for targeted advertisements. When consumers opt out, we will not share their Personal Information with others that they can use to send the consumer targeted advertisements, and we will not use information we obtain over time from consumers’ activities with third party companies to show advertisements. We can still use information that we receive from your interactions with us to select advertisements we think may be of interest to you.
      3. Limit Processing of Sensitive Personal Information: Consumers have the right, at any time, to tell us not to process or disclose Sensitive Personal Information for any purpose other than the purposes disclosed at or before the time we originally collected it. 
2.  Exercising Consumer Rights
   
   
   1. Making a Consumer Request:
      
      1. Access, Portability, Correction and Deletion: To exercise the access, portability, correction, and deletion rights, consumers may contact us by emailing us at: privacy@kasasa.com, contacting us toll-free at: 877-342-2557, or mailing us at: Kasasa, Attn: Legal Department/Consumer Rights Request, 6504 Bridge Point Parkway, Suite 500 Austin, Texas 78730. We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected Personal Information). We may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be. Any disclosures we provide will only cover the 12-month period preceding receipt of your request, but you may request that to expand the 12-month period to cover information collected since January 1, 2022, and we will honor that expanded request unless doing so would involve a disproportionate effort. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We will only use Personal Information provided in a Verifiable Consumer Request to verify the requestor’s identity or authority to make the request.
      2. Opt-Out Rights: To opt out of the sale of your Personal Information, the sharing of your Personal Information, or to ask us to limit processing of your Sensitive Personal Information, you may submit a request to us by clicking the following appropriate link: “Do Not Sell or Share My Personal Information" or “Limit Sensitive Information Processing”. You may also call us toll free at 877-342-2557.  
         
         You may also opt out by activating a user-enabled global privacy control, such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicates or signals your choice to opt-out of the sale and sharing of Personal Information. When we receive such a signal, we will stop setting third party, analytics, or advertising partner cookies on your browser. This will prevent the sale or sharing of information relating to that specific device through cookies to our advertising or analytics partners. This option does not stop all sales or sharing of your information because we cannot match your device’s identification or internet protocol address with your personally identifiable information like your name, phone number, email address or ZIP Code. If you delete cookies on your browser, any prior do not sell or do not share signal is also deleted and you should make sure that your user-enabled setting is always activated. 
         
         A “Verifiable Consumer Request” must: (i) be made by the consumer requesting their Personal Information or an authorized representative; (ii) provide sufficient information to verify identity or authority; (iii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it; (iv) identify a preferred format for requested Personal Information; and (v) any other information that we may request in order to verify the requestor’s identity. We will not be able to respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.  
         
         
   2. Using an Authorized Agent: 
      
      You may submit a request through someone holding a formal power of attorney.  Otherwise, California consumers may submit a request using an authorized agent only if: (i) the person is registered with the Secretary of State to do business in California; (ii) you provide the authorized agent with signed written permission to make a request; (iii) you verify directly with us that you have authorize the person to make the request on your behalf; (iv) you verify your own identity directly with us and (v) your agent provides us with proof that they are so authorized.  We will require the agent to submit proof to us that they have been authorized to make requests on your behalf.
   3. Our Responses:
       
      We will acknowledge receipt of your request for access, portability, correction or deletion within 10 business days and will endeavor to respond within forty-five days of receipt of your request, but if we require more time (up to an additional forty-five days) we will notify you of our need for additional time.
      
      For requests that we not sell or share your Personal Information or limit processing or Sensitive Personal Information we will comply with your request promptly, but at least within 15 business days. Once we receive your request, we will wait at least 12 months before asking you to reauthorize Personal Information sales or sharing.
      
      We do not charge a fee to process or respond to your Verifiable Consumer Request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. 
   4. Non-Discrimination:
      
      We will not discriminate against you as a result of your exercise of any of your consumer rights. 
   5. Financial Institution Requests:
       
      Financial Institutions may submit requests for individual Consumer records to be disclosed or deleted from Kasasa and our third parties’ systems through their FIRSTBase portal.
      
      A “Verifiable Financial Institution Request” must: (i) be made by the Financial Institution who received a Verifiable Consumer Request requesting their Personal Information or an authorized representative; (ii) provide sufficient information to verify identity or authority of the requesting Consumer, (iii) describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it, and (iv) identify a preferred format for requested Personal Information. We will not be able to respond to requests or provide any Personal Information if we cannot verify the Financial Institution’s identify; the Consumer’s identity or authority to make the request and confirm the Personal Information relates to the Consumer making the verifiable request.
      
      
3.  Appealing Denied Requests
   
   If we have denied your Consumer request, you have the ability to file an appeal with us.  To file an appeal with us, contact us by emailing us at: privacy@kasasa.com, contacting us toll-free at: 877-342-2557 or mailing us at: Kasasa, Attn: Legal Department/Consumer Rights Request, 6504 Bridge Point Parkway, Suite 500 Austin, Texas 78730.  We will respond to you in writing within 45 days explaining the reasons for our decisions. 

NOTICE TO RESIDENTS OF NEVADA

We do not transfer Personal Information for monetary consideration. If you would like to tell us not to sell your information in the future, please email us at privacy@kasasa.com with your name, postal address, telephone number and email address with “Nevada do not sell” in the subject line.

ENFORCEMENT

We will enforce this Policy, and if you violate any of its terms, we may prevent you from using any of the Services.

DEFINITIONS

The following definitions applies to your interaction with Kasasa or any of the Services, unless a different policy is posted or is made available and by its terms supplants this Policy.

• Applicable law: As applicable, (i) court orders or subpoenas; and (ii) federal, state, and local laws, rules, regulations, and requirements or requests of any governmental or quasi-governmental authority or other administrative or regulatory organization which is applicable to Kasasa and the Services.

• Cookies: Cookies are alphanumeric identifiers that are transferred to a computer’s hard drive through the web browser for tracking and record-keeping purposes. We use three different types of Cookies: (i) Session Cookies: exist only during an online session and allow storage of online activities and verify an identity while using a website; (ii) Persistent Cookies: remain on the computer after the browser has been closed or the computer has been turned off and track aggregate & statistical information about activity which may be combined with other information; and (iii) Third Party Cookies: We also may permit third parties, including, without limitation, Google Analytics, to set Cookies to collect, track and analyze user information and website data. We use the data collected by such third parties to help administer and improve the quality of the Services and to analyze usage. We do not have access to or control over these Third-Party Cookies, nor does this Policy cover such third parties’ use of data.

• Clear GIFs (aka Web Beacons/Web Bugs, Pixel Tags): Clear GIFs are tiny graphics with a unique identifier, similar in function to Cookies, and are used to track the online movements of web users. In contrast to Cookies, which are stored on the computer’s hard drive, Clear GIFs are embedded invisibly on web pages.

• Financial Institutions: Banks and/or credit unions that contract for the Services.

• Flash Objects (or Local Shared Objects):These objects help us determine and recognize the browser type and version of Adobe Flash so that one can view “moving content” such as online demonstrations and tutorials on the device when logged onto or return to a website.

• IP Address: A number that is automatically assigned to the device used by your internet service provider (ISP). An IP Address is identified and logged automatically in our server log files whenever someone visits a website, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice on the internet and is done automatically by many websites. We use IP Addresses for purposes such as calculating website usage levels, helping diagnose server problems, compliance, and security, and administering our Services.

• Kasasa Event: Any event Kasasa organizes, hosts or otherwise participates in.

• Personal Information: Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

• Service(s): Collectively refers to any and all of Kasasa’s products, services, applications and/or websites that Kasasa powers independently or on behalf of Financial Institutions.

CHANGES TO THIS POLICY

We reserve the right to modify this Policy at any time without notice, so review it frequently. If we make changes to this Policy, we will post these changes with an updated Effective Date on this website and if applicable on digital application; and the changes will be deemed effective immediately upon the date of such posting. The most current version of the Policy will always appear on this website and the most recent version shall supersede any and all other versions of this Policy. Continued use of the Services following the posting of these changes or modifications will constitute acceptance of such changes or modifications.

CONTACT US

If you have any questions regarding this Policy, please contact us at:

Kasasa, LTD
6504 Bridge Point Parkway
Suite 500
Austin, Texas 78730
privacy@Kasasa.com

Download/print a PDF version of our Privacy Policy.