Fortiz BankFortiz Bank

Privacy Policy

This Privacy Policy describes how Fortiz Bank, N.A. ("Fortiz," "we," "us," or "our") collects, uses, discloses, and safeguards personal information in connection with our websites, mobile applications, and banking services (collectively, the "Services"). By using the Services, you agree to the practices described in this Policy.

1. Information we collect

We collect information in three primary ways: (1) information you provide directly to us; (2) information collected automatically; and (3) information received from third parties in accordance with applicable law.

1.1 Information you provide

  • Account and identity data, such as name, email address, phone number, date of birth, government identifiers, and mailing address.
  • Financial data, such as account numbers, balances, transaction history, payment instrument details, and account preferences.
  • Support communications and survey responses, including feedback, inquiries, and call/chat recordings where permitted by law.

1.2 Information collected automatically

  • Usage data, such as pages viewed, features used, and interactions with in-app elements.
  • Device and log data, such as IP address, browser type, operating system, unique device identifiers, crash logs, and diagnostic data.
  • Location data where enabled, used to support security, fraud prevention, and location-based features.

1.3 Information from third parties

  • Identity verification partners for KYC/AML checks and sanctions screening.
  • Credit bureaus and financial institutions, in connection with loan applications and account linking.
  • Service providers and analytics partners that help us maintain and improve the Services.

2. How we use information

  • Provide, operate, and improve the Services and customer support.
  • Authenticate users and secure accounts; detect and prevent fraud.
  • Process transactions and fulfill contractual obligations.
  • Comply with legal, regulatory, and reporting obligations.
  • Communicate about products, features, and important updates.
  • Perform research and analytics to enhance user experience.

3. Legal bases for processing (EEA/UK)

Where applicable, we rely on the following legal bases: performance of a contract; compliance with legal obligations; legitimate interests (e.g., product security and improvement); and consent where required.

4. How we share information

  • With service providers under binding contracts who process data on our behalf (e.g., cloud hosting, analytics, customer support).
  • With financial partners and payment networks to process transactions.
  • With law enforcement, regulators, or other parties when required by law or to protect rights, safety, and security.
  • In connection with a business transfer, merger, or acquisition.

We do not sell your personal information. We do not permit service providers to use personal information for their own marketing.

5. Data retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations (including recordkeeping and audit requirements), resolve disputes, and enforce agreements.

6. Security

We implement organizational, technical, and physical safeguards to help protect personal information, including encryption, access controls, monitoring, and regular testing. No security method is infallible; users should also protect their credentials and devices.

7. Your choices and rights

  • Access, correct, or delete certain personal information.
  • Opt out of marketing communications at any time.
  • Depending on jurisdiction, exercise data subject rights (e.g., portability, restriction, objection). Submit requests via our Contact page.

8. International data transfers

Where personal information is transferred across borders, we implement appropriate safeguards, such as Standard Contractual Clauses, and require recipients to protect information in accordance with applicable laws.

9. Children’s privacy

Our Services are not directed to children under 13 (or other age as defined by local law). We do not knowingly collect personal information from children without appropriate consent.

10. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified via the Services or by other reasonable means. The “Last Updated” date reflects the most recent changes.

11. Contact us

Questions or requests related to this Policy can be submitted through our Contact page or by mail to Fortiz Bank, N.A., Attn: Privacy, at our listed address.

Last updated: Oct 2025