Privacy Policy

What we do

We provide a savings and deposit marketplace that helps consumers discover and open deposit products with FDIC-member banks and NCUA-insured credit unions. We support account onboarding, identity verification (KYC/AML), deposit instructions, status tracking, statements, and service communications.

Financial privacy overlay (GLBA/Reg S-P)

Some information we process is nonpublic personal information (NPI) governed by the Gramm-Leach-Bliley Act (GLBA) and Regulation S-P. Where GLBA applies, its rules govern our collection, use, and sharing. For data or uses outside GLBA, state privacy laws may apply.

No sale for money

We do not sell personal information for monetary consideration. Some state laws define "share" for cross-context behavioral advertising separately from "sell"; where applicable, you can opt out.

Role

Depending on the activity, we may act as a business/controller for our Platform or as a service provider/processor supporting financial institutions. When acting for partner banks/credit unions, their privacy notices also apply.

Personal Information You Provide

• Identification / KYC: name, date of birth, nationality, SSN/ITIN, government ID numbers/images, proof of address
• Contact details: email, phone, mailing address
• Financial / Transactional: bank account identifiers, transfer instructions, product selections, deposit amounts and terms, balances, bonus eligibility, tax forms
• Credentials & security: account login, password (hashed), 2FA tokens
• Support content: messages, uploaded documents, call/chat recordings
• Marketing preferences: referrals, promo participation, survey responses

Information Collected Automatically

• Device/usage data: IP address, device ID, browser type, operating system, pages viewed, links clicked, timestamps, diagnostics, crash logs
• Cookies/SDKs/pixels: session management, fraud detection, performance analytics, product improvement, A/B testing, advertising attribution

Information from Third Parties

• KYC/AML & fraud-prevention partners: identity verification, sanctions/PEP checks, device reputation
• Partner banks/credit unions & payment networks: information necessary to open/maintain accounts and process transactions
• Marketing/analytics partners: campaign attribution, suppression/consent management
• Public sources: sanctions lists, corporate registries, change-of-address data

Service delivery & operations

Account creation, login, KYC/AML verification, account opening with partner institutions, deposit/withdrawal facilitation, statements, dashboards, bonus calculation and payment, notifications.

Compliance & risk

Satisfy legal obligations (GLBA, BSA/AML, OFAC), audit, reporting, dispute handling, and regulator/examiner requests.

Security & fraud prevention

Detect, investigate, and mitigate suspicious activity; secure the Platform; manage incidents and vulnerabilities.

Product improvement & analytics

Measure engagement, troubleshoot issues, test features (A/B), and enhance user experience.

Communications

Operational emails/SMS (verification, confirmations, reminders), policy updates, customer support, service announcements.

Marketing (optional)

Newsletters, promotions, referrals-as permitted by law and your preferences.

Legal & rights protection

Enforce Terms, protect users and the platform, and respond to lawful requests (court orders, subpoenas).

Partner financial institutions

FDIC/NCUA-insured institutions to open, fund, and service your deposit accounts; to meet regulatory requirements.

Service providers / processors

Cloud hosting, KYC/AML, fraud prevention, email/SMS delivery, analytics, support, payment processing-bound by contracts limiting use to our instructions.

Affiliates

Entities under common control for operations consistent with this Policy.

Compliance & safety

Regulators, auditors, examiners, law enforcement, courts, tax authorities, dispute resolution forums, and to protect the rights, property, or safety of users and the platform.

Business transfers

In connection with mergers, financing, acquisitions, restructurings, or asset sales-subject to confidentiality and continued protection.

Marketing opt-out

Use unsubscribe links or manage preferences in your account settings.

Cookies & tracking

Adjust preferences in our Cookie Settings and in your browser.

Analytics & ads

See state rights for additional opt-out tools, including Global Privacy Control (GPC).

KYC/AML & transactional records

Retained for {retention_years_kym_aml} years after account closure.

Tax & accounting records

Retained for {retention_years_tax} years (e.g., for IRS requirements).

Support/chat/call logs

Retained for {retention_years_support} years.

Marketing consents/logs

Retained for {retention_years_marketing} years.

Data deletion

When information is no longer required, we will delete or de-identify it per our policies and applicable law.

Safeguards

We implement administrative, technical, and physical safeguards appropriate to the nature of the data, including encryption in transit and at rest, access controls, network monitoring, secure software development practices, and vendor due diligence.

Your responsibility

Please use a strong, unique password and enable 2FA if available. No system is perfectly secure.

Incident response

If we become aware of a security incident affecting your information, we will investigate and notify you and/or regulators as required by law.

Strictly necessary

Authentication, session continuity, fraud prevention.

Performance & analytics

Usage metrics, diagnostics, crash logs.

Functional

Remember settings and preferences.

Advertising/Attribution

Measure campaign performance; limit ad frequency; understand conversions.

Your controls

Manage settings in Cookie Settings, adjust browser settings, and use platform-level controls (e.g., iOS/Android ad settings).

Know/Access

Access the categories and specific pieces of personal information collected.

Correct

Correct inaccuracies in your personal information.

Delete

Request deletion of personal information.

Data portability

Receive a copy of your information in a portable format.

Opt out

• Sale of personal information
• Sharing for cross-context behavioral advertising
• Targeted advertising
• Certain profiling (where applicable)

Limit use/disclosure

Limit use of Sensitive Personal Information (SPI) where applicable.

Appeal

Appeal if we deny your request (in states that require an appeals process).

Submit a request

Use https://usatestenv.xyz, contact@usatestenv.xyz, or XXXX-XXXXXXX.

Verification

We may need information to verify your identity and residence (and agent authorization, if applicable).

Authorized agents

Must provide proof of authority; we may also require direct confirmation from you.

Opt-out shortcuts

Use {do_not_sell_or_share_url} and adjust cookies at{cookie_preferences_url}.

Global Privacy Control (GPC)

Where required, we treat a valid GPC signal as an opt-out of sale/sharing for the browser session.

Response timing

We aim to respond within the timelines required by applicable law (often 45 days, with permitted extensions).

Non-discrimination

We will not discriminate against you for exercising your privacy rights (subject to permitted differences, e.g., where information is needed to provide a requested service).

Notice at Collection

We collect personal information for the purposes described in Section 3, retain as in Section 6, and disclose as in Section 4. We do not sell personal information for money. We may "share" certain data for cross-context behavioral advertising as permitted by law and your settings.

Sensitive Personal Information (SPI)

We use SPI only for necessary and permitted purposes (e.g., KYC/AML, security, compliance). You can limit our use viahttps://usatestenv.xyz or contact@usatestenv.xyz.

Opt-out of Sharing & Targeted Ads

Use {do_not_sell_or_share_url} or send a GPC signal; also adjust cookie settings at {cookie_preferences_url}.

Shine the Light (Cal. Civ. Code §1798.83)

You may request information about our disclosure of personal information to third parties for their direct marketing by emailingcontact@usatestenv.xyz with subject "Shine the Light Request."

California Consumer Rights

You may know/access, correct, delete, port, opt out of sale/sharing/targeted ads, limit SPI, and are entitled to non-discrimination. See Section 10 for instructions.

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA)

Generally provide rights to access, correct, delete, portability; opt out of sale, targeted ads, and certain profiling; and require an appeals process. Appeal by emailing contact@usatestenv.xyz with subject "Privacy Appeal."

Oregon (OCPA), Texas (TDPSA), Iowa (ICDPA), Montana (MCDPA)

Provide similar rights and appeals processes as listed above.

Delaware (DPDPA), Tennessee (TIPA)

Provide similar rights and appeals processes as listed above.

Nevada (NRS 603A)

Nevada residents may opt out of the sale of "covered information" by emailing contact@usatestenv.xyz with subject "Nevada Opt-Out." (We do not sell for money.)

GLBA exclusion

These state laws typically exclude GLBA-regulated data. Where GLBA applies, your rights are governed by GLBA/Reg S-P and our GLBA Notice.

Age requirement

The Platform is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

Parental notice

If you believe a child provided personal information to us, contactcontact@usatestenv.xyz and we will delete it as required by law.

Material terms disclosure

If we offer bonuses, referrals, or promotions involving personal information, we will disclose the material terms (categories of data, incentive value, opt-in method, and how to withdraw) at the time of participation.

Voluntary participation

Participation is voluntary, and you may withdraw at any time via your account settings or contact@usatestenv.xyz.

U.S.-based operations

We operate in the United States. If you access the Platform from outside the U.S., your information may be transferred to and processed in the U.S. or other jurisdictions with different data protection laws than your home country.

Third-party policies

The Platform may link to third-party sites or services (including partner banks/credit unions). Their privacy practices are governed by their own policies; we encourage you to review them.

Do Not Track (DNT)

There is no accepted industry standard for DNT signals, so we do not respond to DNT.

Global Privacy Control (GPC)

Where required by law, we treat a valid GPC signal as an opt-out of sale/sharing for the browser session.

Updates

We may update this Policy periodically. Material changes will be posted to the Platform with an updated Effective date.

Additional notice

If required by law, we will provide additional notice and/or seek consent.

Privacy inquiries

For questions or to exercise your privacy rights, please contact us at contact@usatestenv.xyz, XXXX-XXXXXXX, https://usatestenv.xyz, or our mailing address listed at the top of this Policy.

Accessibility assistance

If you need this Policy in an alternative format, please emailcontact@usatestenv.xyz or call XXXX-XXXXXXX.

Personal information / Personal data

Information that identifies, relates to, or could reasonably be linked with a person or household.

Nonpublic personal information (NPI) (GLBA)

Personally identifiable financial information provided by a consumer to a financial institution, resulting from a transaction or service, or otherwise obtained in connection with providing a financial product or service.

Sensitive personal information (SPI)

Government identifiers (SSN), financial account numbers, precise geolocation, account credentials, and similar data.

Sale

Disclosure of personal information for valuable consideration (not necessarily money).

Share (CPRA)

Disclosure of personal information for cross-context behavioral advertising.

Targeted advertising

Ads based on tracking your activities across unaffiliated sites and apps.

Service provider / Processor

A vendor that processes personal information for us under a binding contract limiting its use to our instructions.

Sold for money

No.

Shared for cross-context behavioral advertising

Potentially, as permitted and subject to your opt-out; see{ do_not_sell_or_share_url } and GPC.

Targeted advertising

Potentially; you can opt out (see Section 9).

Automated decision-making

We do not use solely automated decisions that produce legal or similarly significant effects without human involvement.

Sensitive PI usage

Used only for necessary and permitted purposes (KYC/AML, security, compliance).