Online Privacy Policy

Effective Date March 01, 2026

We have developed this Online Privacy Policy to explain how Credit Union of Southern California, a federal credit union (CU SoCal) collects, uses, and discloses information through our website, mobile applications, and online services, and to direct you to additional privacy notices that apply depending on your relationship with us and the nature of the information involved. CU SoCal is committed to protecting the privacy of our members and website visitors.

This Online Privacy Policy applies to individuals and businesses who visit our website (www.cusocal.org), use our mobile application (CU SoCal Mobile Banking) that run on smartphones, tablets, and other devices, and access Online Banking or other online services that link to this policy. Unless otherwise stated, references to our “website” include our Online Banking services available through CU SoCal Mobile Banking. References to “we,” “us,” or “our” mean CU SoCal. References to “you,” “your,” or “yours” mean members and website visitors.

By using our website or CU SoCal Mobile Banking, you agree to the terms of this Online Privacy Policy and consent to our online data collection and use practices as described herein. If you do not agree with our policies and practices, your choice is not to use our website.

This Online Privacy Policy focuses on our online information collection, tracking and using policies and data security technology.

Additional privacy disclosures apply in certain contexts and are provided in separate notices under separate tabs on our Online Privacy Policy page and in the links identified below:

• Federal Privacy Notice (GLBA). Our Federal Privacy Notice (Federal Privacy Policy Dec-2025.pdf) explains how we collect, use, and share personal information of individuals who apply for or obtain our financial products and services for personal, family, or household purposes, as well as joint account holders and beneficiaries, in accordance with the Gramm-Leach-Bliley Act (“GLBA”) and applicable state financial privacy laws.
• California Consumer Privacy Act (“CCPA”) Privacy Policy. Our CCPA Privacy Policy (https://www.cusocal.org/legal/privacy-policy/ccpa-privacy-policy/) applies to California residents where the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”), applies to Credit Union. The personal information collected, used, and disclosed under the CCPA varies depending on an individual’s relationship with us. Information subject to the GLBA and the California Financial Information Privacy Act (“CalFIPA”)—such as information collected from consumers who obtain our financial products and services for personal, family, or household purposes—is excluded from the CCPA and is instead addressed in our Federal Privacy Notice. To exercise the rights please visit and review our CCPA policy page (https://www.cusocal.org/legal/privacy-policy/ccpa-privacy-policy/) under the section displaying “Your privacy Rights”

INFORMATION WE COLLECT ONLINE

We may collect personal information that you voluntarily provide through our website or CU SoCal Mobile Banking, such as your name, mailing address, email address, telephone number, or other identifying information. We may also collect information from your digital interactions with our website such as such as IP addresses, browser and device information, usage data, mobile identifiers, location data (if enabled), and similar information that may be aggregated or otherwise not directly identify you.

HOW WE COLLECT INFORMATION ONLINE

You may visit our website to find out about products and services and check rates, without giving us any personal information. We may use software tools and/or “cookies” to track and gather information about your browsing activities in order to authenticate your requests, analyze website usage, target areas for improvement, create marketing programs to benefit our members or potential members that visit our site.

1) Use of Cookies and Similar Tracking Technologies
The use of cookies and similar tracking technologies (including pixels or clear GIFs, tags, and web beacons) is a common internet practice. Cookies are small text files containing small amounts of information which are downloaded to your computer, smartphone, tablet or other mobile device when you visit a website. Cookies are useful in a number of ways, including allowing a site or mobile app you use to recognize your device, save your settings on a site or mobile app, facilitate navigation, display information more effectively and to personalize the user’s experience. Cookies are also used to gather statistical information about how sites and mobile apps are used in order to continually improve design and functionality and assist with resolving questions regarding the sites and mobile app.

• Cookies set by us are called first-party cookies. We may also have third-party cookies, which are cookies from a domain different than the domain of the website you are visiting, for our advertising and marketing efforts. There can be first-party and/or third-party cookies within any of the below Categories of Cookies.
• Cookies have a duration period. Cookies that expire at the end of a browser session are called “session” cookies. Cookies that are stored longer are called “persistent” cookies. There can be session and/or persistent cookies within any of the below Categories of Cookies. Persistent cookies are stored on your system and can be accessed again for multiple visits. Persistent cookies usually have an expiration date and will be automatically deleted from your system at that time.

• Below is a list of the types of cookies that may be used on our sites. We classify cookies into the following categories:
• Strictly Necessary Cookies. These cookies are necessary for the sites to function and cannot be switched off in our systems. Without these cookies, the sites and mobile apps will not work properly. Examples include setting your privacy preferences, setting your language preferences or logging in a secured area requiring authentication. Strictly necessary cookies may also detect transmission errors or data loss or distribute network traffic across different servers to ensure accessibility. You can set your browser to block or alert you about these cookies, but that will cause some parts of the site to not work.
• Targeting Cookies. These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. They don’t store directly personal information but may be based on uniquely identifying your browser or internet device. By opting out of targeting cookies, you may still see the same number of ads as before, but they may be less relevant because they will not be based on your interests.
• Performance Cookies. These cookies allow us to count visits and traffic sources so we can measure and improve performance of our site. They help us know which pages are most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore do not personally identify the visitor. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
• Functional Cookies. These cookies enable our site to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

How to Control and Delete Cookies

2. Location Data
When allowed by you, our mobile app collects your location data to provide you with location-based services, such as identifying branches and ATMs near you, and location-based messages and offers. Location access can be allowed once, only while using the app, or you can choose to not allow location data to be collected.

3. IP Addresses
If you log on to our online banking page, you pass through a “firewall” used for security purposes and the Internet Protocol (IP) address associated with the computer you are using may be identified. The IP address does not identify you personally. In certain instances, it may also obtain other information about your computer to better identify you as an online user. This information may be retained in case it is needed for security or protection of member information.

4. Social Media.
We may collect information, such as your likes, interests, feedback, and preferences when you interact with our official pages on social media websites such as Facebook, X, LinkedIn, YouTube, and Instagram or from our social media partners (but only if you choose to share with them and they, in turn, share that information with us). Please refer to the policies of those companies to better understand your rights and obligations with regard to your activity on those websites.

HOW WE USE INFORMATION WE COLLECT
We do not and will not sell your personal information. We share your information as required to meet legal and regulatory obligations. We share your personal information that you have provide to us in connection with applying for membership and/or financial products with us (“personally identifiable financial information”) with affiliates and third parties in accordance with the practices set forth in the Federal Privacy Notice.

With respect to other information that we collect from you online, which includes personal information as well as online activity data that does not personally identify you or your household, we use such information for a variety of reasons, including:

• to present our website and its contents to you;
• to enable you to use online tools or perform certain online transactions;
• to service and manage your account, including responding to or updating you on inquiries, or to contact you about your accounts or feedback;
• to offer you special CU SoCal products and services and deliver advertisements to you in the form of banner ads, interstitial pages (ads that appear as you sign in or sign out of your online accounts) or other promotions;
• to analyze whether our ads, promotions, and offers are effective;
• to help us determine whether you might be interested in new products or services, and to improve existing products and services;
• to verify your identity and/or location to allow access to your accounts and conduct online transactions;
• to manage fraud and data security risk;
• to personalize and optimize your website browsing and app experiences by examining which parts of our website you visit or which aspect of our apps you find most useful;
• to comply with federal, state or local laws; civil, criminal or regulatory investigations; or other legal requirements;
• to share with trusted third parties who are contractually obligated to keep such information confidential; and
• to use it only to provide the services we have asked them to perform.

We disclose your personal information and non-personally identifiable online activity data to third parties for only for our business purposes and to comply with our legal requirements. The general categories of third parties that we share with are as follows:

• our third-party service providers;
• other companies to bring you co-branded services, products or programs;
• third parties that help us advertise our products or services;
• third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you;
• third parties or affiliates in connection with a corporate transaction, such as a sale, consolidation or merger of our company or affiliated business; and
• other third parties to comply with legal requirements such as the demands of applicable subpoenas and court orders; to verify or enforce our terms of use, our other rights, or other applicable policies; to address fraud, security or technical issues; to respond to an emergency; or otherwise, to protect the rights, property or security of our customers or third parties.

App Permissions: Depending on your device or app permission settings, the app may have access to the following information from your mobile device: Contacts (may have access to your contact information), location (may include precise or approximate location), stored information and photos/media/files (the app may be able to read, modify, or delete the contents of your USB storage), camera (may allow the app to take pictures and videos), Wi-Fi connection information (view your Wi-Fi connections to connect and disconnect from Wi-Fi), phone (may directly call phone numbers), and other information (for example, the app may be able to receive data from the Internet, prevent your device from sleeping, identify your network connections, and obtain full network access).

These app permission settings allow you to access or use certain features within the app. For example, in order to locate the nearest branch to you, the app may need access to your precise location. You may change your app permission settings. By changing your app permission settings, you may affect your ability to access or use certain features on the app. Additionally, you may be able to log into the app using your device’s log in features such as using a passcode or your fingerprint. These device log in features are facilitated through your device and we have no control over such features, which you can change by accessing your device settings and preferences.

Confirm Your Information Is Accurate: Keeping your account information up-to-date is important. If you are an enrolled in online services or CU SoCal Mobile Banking, you may review and maintain your information by logging in with your username and password. You may also contact us by phone at 866- CU- SoCal (866.287.6225), by writing to us at CU SoCal, 8101 E. Kaiser Blvd, Suite 300, Anaheim, CA 92808 or by visiting us in person at any CU SoCal branch.

Security: Protecting the confidentiality, security and protection of your personal information and financial information is our highest priority. We value your trust, and we understand that handling of your financial information with care is one of our most important responsibilities. Our policies, procedures and protections are always evolving to adapt to new strategies used by fraudsters. Our security measures include ensuring that our website, online services, CU SoCal Mobile Banking, are hosted on secure servers, have SSL certificates, device safeguards and secured files and buildings as well as oversight of our third-party service providers that have access to your personal information and limiting our employees’ access to your personal information on a need to know basis.

What You Can Do to Help Protect Your Information: We are committed to protecting your privacy. We suggest you follow these guidelines:

• Protect your account numbers, card numbers, personal identification numbers (PINs), and Passwords. Never keep your PIN with your debit or credit card which would provide free access to your accounts if your card is lost or stolen.
• Use caution when disclosing your account numbers, social security numbers, and other confidential information to other persons. If someone calls you, explains the call is on behalf of Credit Union of Southern California and asks for your account number, you should beware. Our staff will have access to your information and will not need to ask for it.
• It is important that we have your current information so we may reach you. If we detect potentially fraudulent or unauthorized activity or use of any account, we will attempt to contact you immediately. If your address, phone number or email changes, please let us know.

Linking to Other Websites: The website, online services or CU SoCal Mobile Banking may contain links to third party websites. Although these links were established to provide you with access to useful information, we do not control and are not responsible for any of these websites or their contents. We do not know or control what information third-party websites may collect regarding your personal information. We provide these links to you only as a convenience, and we do not endorse or make any representations about using such third-party websites or any information, software or other products or materials found there, or any results that may be obtained from using them. We encourage you to review the privacy statements of websites you choose to link to from the website so that you can understand how those websites collect, use, and share your information. We are not responsible for the security or privacy practices of the linked websites.

Chat Sessions: Please note that chat sessions may be monitored and/or recorded for quality assurance. We contract with third parties to provide routine data recordation and storage for this purpose only. You agree and consent to such monitoring and recording through your continued use of chat. If you prefer another method of communication, please feel free to contact us via the additional options provided in the “Contact Us” link on our website or visit one of our branches for further assistance.

Protecting Children’s Privacy: We respect the privacy of children and comply with the practices established under the Children’s Online Privacy Protection Act (COPPA). We do not knowingly collect or retain personally identifiable information from consumers under the age of thirteen. For more information about COPPA please visit the Federal Trade Commission website: www.ftc.gov.

Data Retention: We may retain your personal information and online activity data even if you decide to terminate your membership with us, close your accounts with us, and/or delete our app or cease or website based on the following:

• Laws and regulations. We are a regulated financial institution that is subject to laws and regulations governing our retention of information pertaining to our members, applicants for credit union membership, loans and other financial products and services. We are also an employer and, thus, we are subject to labor laws governing how long we must retain information about applicants for employment and current and former employees. Therefore, applicable laws and regulations will govern how long we retain information pertaining to you.
• Fraud Prevention and Security: We will retain information that we need for fraud prevention and security purposes.
• Contracts. We will retain information for as long as necessary to comply with our contractual obligations to you, our service providers and other third-parties, as permitted by law.
• Legal Claims and Defenses. We may retain information for such period as necessary or advisable to preserve legal claims and defenses.

Contact Us: If you have any questions regarding this Policy, call us at 866 CU SoCal (866.287.6225), by writing to us at CU SoCal, 8101 E. Kaiser Blvd, Suite 300, Anaheim, CA 92808.

Updates to this Policy: From time to time, we may change this Online Privacy Notice. The effective date of this Online Privacy Notice, as indicated above, reflects the last time this Policy was revised. Any changes to this Policy will become effective when we post the revised Policy on our website. Your use of the website, online services, electronic banking or CU SoCal Mobile Banking following these changes means that you accept the revised Online Privacy Notice.