Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
The types of personal information we collect and share depend on the product or service you have with us. This information can include:
All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons X1 Inc. chooses to share; and whether you can limit this sharing.
|Call (650) 514-5504 or go to www.x1.co|
|Reasons we can share your personal information||Does X1 share?||Can you limit this sharing?|
For our everyday business purposes–
such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
For our marketing purposes—
to offer our products and services to you
|For joint marketing with other financial companies||No||We do not share|
For our affiliates’ everyday business purposes—
information about your transactions and experiences
|No||We do not share|
For our affiliates’ everyday business purposes—
information about your creditworthiness
|No||We do not share|
|For our affiliates to market to you||No||We do not share|
|For nonaffiliates to market to you||No||We do not share|
|Who we are|
|Who is providing this notice?||X1 Inc., the servicing agent for the bank that issues your credit card.|
|What we do|
|How does X1 protect my personal information?||
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
|How does X1 Inc. collect my personal information?||
We collect your personal information, for example, when you
We also collect your personal information from others, such as credit bureaus or other companies.
|Why can’t I limit all sharing?||
Federal law gives you the right to limit only:
State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.
|What happens when I limit sharing for an account I hold jointly with someone else?||
Your choices will apply to everyone on your account—unless you tell us otherwise.
Companies related by common ownership or control. They can be financial and nonfinancial companies.
Companies not related by common ownership or control. They can be financial and nonfinancial companies.
A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
|Other important information|
STATE PRIVACY LAWS
We will comply with applicable state privacy laws.
Telephone Communications: All telephone communications with us or our authorized agents may be monitored or recorded.
If you have any financial product or service with us, including an X1 Card (defined below), we will use and share any Non-Public Information (“NPI”) as defined by the Gramm-Leach-Bliley Act (“GLBA”) that we collect from or about you related to your use of that product or service in accordance with our GLBA Privacy Notice.
Furthermore, you acknowledge that the use of any credit card offered by Coastal Community Bank, Member FDIC, through X1 (an “X1 Card”) is governed by the Cardholder Agreement that is provided to you. Coastal Community Bank’s GLBA Privacy Notice is available for review at x1.co/privacy.
In general, you may visit the Website without telling us who you are or sharing any Personal Information with us. When you register for an account with X1, apply for a financial product, or use other aspects of the Services, or communicate with us, we may ask you to provide certain Personal Information, such as your name, address, email address, telephone number, or social security number. We may also collect financial information such as your income, account balance, payment history, credit history, or credit scores.
Any Personal Information that you provide is available to us and may be available to Coastal Community Bank, as well as third-party service providers involved in the operation of the Services. Although we contractually require our third-party service providers to protect your Personal Information, please note that we do not own or control such providers and cannot guarantee their compliance.
Usage Information. X1 may use a variety of technologies that passively or automatically collect information about how the Services are accessed and used, including your browser type, device type and manufacturer, operating system, application version, the pages served to you, the time you browse, preceding page views, and your use of particular features of the Services. This statistical data helps us understand what is interesting and relevant to users of the Services so that we can best tailor our content to you.
Device Identifiers. X1 also automatically collects an IP address or other unique identifier, mobile carrier, and mobile phone number, for the computer, mobile telephone, tablet or other device (collectively "Mobile Device") you use to access the Services. A "Device Identifier" is a number that is automatically assigned to your Mobile Device when you access a web site or its servers, and our computers identify your Mobile Device by its Device Identifier. We may use a Device Identifier to, among other things, administer the Services, help diagnose problems with our servers, analyze trends, track users’ web page movements, and gather broad demographic information for aggregate use.
If you would prefer not to accept Session Trackers when using the Services, follow the instructions provided by your website or mobile browser (usually located within the "Help", "Tools" or "Edit" facility) to modify your Session Tracker settings. Please note that if you disable Session Trackers, you may not be able to access certain parts of our Services and/or the Services may not work properly. As a result, we recommend that you leave Session Trackers turned on when accessing the Services because they allow you to take advantage of some of the Services’ features.
Web Beacons. In addition to Session Trackers, we may use web beacons (also known as "clear GIFs"), which are transparent graphic images placed on a web page or in an email and indicate that a page or email has been viewed or tell your browser to get content from another server. We use web beacons to measure traffic to or from, or use of, our online forms, tools or content items and related browsing behavior and to improve your experience when using the Services. We may also use customized links or other similar technologies to track hyperlinks that you click and associate that information with your Personal Information in order to provide you with more focused communications.
Additionally, we may modify and combine Personal Information in a manner that does not personally identify you or any other individual and thus, no longer constitutes Personal Information. We may use this non-Personal Information, such as aggregate user statistics, demographic information, and usage information, for any lawful purpose.
We may use the information we collect for a variety of reasons related to our operation and your use of the Services. X1 may use your personal information to facilitate activities and transactions that need to occur during the lending process. Examples of specific ways in which X1 may use your Personal Information include, but are not limited to the following:
More generally, we may use Personal Information that we collect from you or that you provide to us:
Email Communications. We may use your Personal Information to provide you with marketing or other promotional communications via mail or email. If, at any time, you would like to stop receiving these promotional e-mails, you may follow the opt-out instructions contained in any such e-mail or by contacting us as set out below. Please note that by opting out, you may prohibit X1 from informing you of offerings that may be of interest to you. It may take up to ten (10) business days for us to process opt-out requests. You will continue to receive non-promotional emails about your relationship with us.
Except as provided herein, X1 will not sell, rent or otherwise disclose Personal Information about you to third parties.
Interest Based Advertising. We may share, or we may permit third-party online advertising networks, social media companies and other third-party services, to collect, information about your use of our Website or the App over time so that they may play or display ads on our Website, the App or the Services, on other devices you may use, and on other websites, apps or services. Typically, though not always, the information we share is provided through cookies or similar tracking technologies, which recognize the device you are using and collect information, including click stream information, browser type, time and date you visited the Website and other information. We and our third-party partners may combine this information with information collected offline or from other sources. We and our third-party partners use this information to make the advertisements you see online more relevant to your interests, as well as to provide advertising-related services such as reporting, attribution, analytics and market research.
Social Media Widgets and Advertising.
Our Services may include social media features, such as the Facebook Like button, Google Plus, Twitter or other widgets. These social media companies may recognize you and collect information about your visit to our Services, and they may set a cookie or employ other tracking technologies. Your interactions with those features are governed by the privacy policies of those companies.
We display targeted advertising to you through social media platforms, such as Facebook, Twitter, Google+ and others. These companies have interest-based advertising programs that allow us to direct advertisements to users who have shown interest in our Services while those users are on the social media platform, or to groups of other users who share similar traits, such as likely commercial interests and demographics. These advertisements are governed by the privacy policies of those social media companies that provide them.
Cross-Device Linking. We, or our third-party partners, may link your various devices so that content you see on one device can result in relevant advertising on another device. We do this by collecting information about each device you use when you are logged in to our Services. We may also work with third-party partners who employ tracking technologies, or the application of statistical modeling tools, to determine if two or more devices are linked to a single user or household. We may share a common account identifier (such as an email address or user ID) with third-party advertising partners to help recognize you across devices. We, and our partners, can use this cross-device linkage to serve interest-based advertising and other personalized content to you across your devices, to perform analytics and to measure the performance of our advertising campaigns.
Interest-based advertising. To learn about interest-based advertising and how you may be able to opt-out of some of this advertising, you may wish to visit the Network Advertising Initiative (NAI) online resources, at www.networkadvertising.org/choices, and/or the Digital Advertising Alliance (DAA) resources at www.aboutads.info/choices.
Cross-device linking. Please note that opting-out of receiving interest-based advertising through the NAI’s and DAA’s online resources will only opt-out a user from receiving interest-based ads on that specific browser or device, but the user may still receive interest-based ads on his or her other devices. You must perform the opt-out on each browser or device you use.
Mobile advertising. You may also be able to limit interest-based advertising through the settings on your mobile device by selecting "limit ad tracking" (iOS) or "opt-out of interest based ads" (Android). You may also be able to opt-out of some – but not all – interest-based ads served by mobile ad networks by visiting youradchoices.com/appchoices and downloading the mobile AppChoices app.
Some of these opt-outs may not be effective unless your browser is set to accept cookies. If you delete cookies, change your browser settings, switch browsers or computers, or use another operating system, you will need to opt-out again.
We use Google Analytics to recognize you and link the devices you use when you visit our Website or the Services on your browser or mobile device, login to your account on our Services, or otherwise engage with us. We may share a unique identifier, like a user ID or hashed email address, with Google to facilitate the Services. Google Analytics allows us to better understand how our users interact with our Service and to tailor our advertisements and content to you. For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google’s site "How Google uses data when you use our partners’ sites or apps" located at www.google.com/policies/privacy/partners. You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Ad-On here tools.google.com/dlpage/gaoptout.
We may also utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the Doubleclick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to the Services. You may control your advertising preferences or opt-out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at google.com/ads/preferences or by vising NAI’s online resources at www.networkadvertising.org/choices.
We may share your Personal Information with unaffiliated, third parties that provide certain services on our behalf, including, but not limited to data storage, analytics, platform administration, identity verification, credit bureaus, collection agencies, servicers, payment processing, and/or other services. These third parties may have access to Personal Information or non-Personal Information in order to perform their functions on our behalf. However, these third parties are only permitted to use your Personal Information for the purpose for which it has been provided or to administer, service or process transactions that you have authorized, and may not disclose it to any other third party except at our express direction and in accordance with this Policy.
As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or our assets, Personal Information collected through the Services may be disclosed to such entity as one of the transferred assets. Also if any bankruptcy or reorganization proceeding is brought by or against us, all such information may be considered an asset of ours and as such may be sold or transferred to third parties.
We may share your Personal Information for our everyday business purposes, such as to process transactions, maintain accounts, or as otherwise permitted by law.
At your direction or request, we may share your Personal Information with specified third parties.
If you wish to modify, verify, correct, or update any of your Personal Information collected through the Services, you may do so by logging into your account with us and updating your account information on your dashboard at any time or by emailing us at email@example.com. Some information regarding your credit application cannot be changed due to laws or legal requirements, and in those cases we may not be able to accommodate your request. Please note that X1 may continue to use your de-identified data after you delete any of your Personal Information.
In accordance with our routine record keeping, we may delete certain records that contain Personal Information you have submitted through the Services. We are under no obligation to store such Personal Information indefinitely and disclaim any liability arising out of, or related to, the destruction of such Personal Information. In addition, you should be aware that it is not always possible to completely remove or delete all of your information from our databases without some residual data remaining because of backups and other reasons.
We will retain your Personal Information as long as needed to provide you services, comply with our legal obligations, resolve disputes, or enforce our agreements.
X1 has,and requires third-party service providers that may have access to Personal Information to have, administrative, technical, and physical safeguards in place in our respective physical facilities and in our respective computer systems, databases, and communications networks that are reasonably designed to protect information contained within such systems from loss, misuse, and alteration. The measures we use may include:
Protecting Account Numbers: After you have entered your account numbers, we will never display your account number on our App or Services.
Secure, Off-Site Hosting: We store your personal and sensitive financial data such as Social Security numbers and bank account information in a virtual private cloud hosted by Amazon Web Services.
Defining Service Access points: Personal Information can only be read or written through defined service access points, the use of which is password-protected and limited to only those employees or third parties who have a need to know.
Enabling Secure Socket Layer ("SSL") certificate technology: We equip our servers with SSL certificate technology to provide a safe and secure channel to visit the X1 Website.
Ensuring data encryption: SSL also ensures that all data entered into the Website or App is encrypted. For further encryption protection, we require a 128-bit secure browser for logins and transactions.
No method of electronic transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security of your Personal Information. You also play a role in protecting your Personal Information. Please safeguard your username and password for your account with us and do not share them with others. If we receive instructions using your log-in information, we will consider that you have authorized the instructions. You agree to notify us immediately of any unauthorized use of your account with us or any other breach of security related to the Website or the Services. We reserve the right, in our sole discretion, to refuse to provide the Services, terminate your account with us, and to remove or edit content.
Do Not Track ("DNT") is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. We do not use technology that recognizes DNT signals from your web browser.
Neither the Website, the App, nor the Services are directed to children under 13 years of age and we do not knowingly collect Personal Information from children under 13. If we become aware that a child under 13 has provided us with Personal Information, we will make reasonable efforts to delete such information from our files.
We collect personal information about prospective, current and former X1 customers. In particular, we have collected the following categories of personal information from consumers in the last twelve (12) months:
|Identifiers||Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, current or past job history, or other similar identifiers.|
|Characteristics of protected classifications under California or federal law||Age (40 years or older), marital status, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), veteran or military status.|
|Commercial Information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories.|
|Internet or other similar network activity||Information regarding a consumer’s interaction with the X1 website, application, or advertisements.|
|Professional or employment-related information||Current or past job history.|
The CCPA does not apply to:
Publicly available information from government records.
De-identified or aggregated consumer information.
Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA) or the Gramm-Leach-Bliley Act (GLBA).
We collect this information from the sources described above under “Information We Collect.”
We use personal information about you for the business and commercial purposes described above under: “How We Use Information.” X1 has not sold any personal information within the last twelve (12) months. We share personal information with the categories of third parties described in the “Disclosure of Personal Information” section above.
California residents have certain rights regarding their personal information. If you are a California resident, subject to certain limitations and exceptions, you have the right to:
Request we disclose to you the following information covering the 12 months preceding your request:
the categories of personal information about you that we collected;
the categories of sources from which the personal information was collected;
the purpose for collecting personal information about you;
the categories of third parties to whom we disclosed personal information about you and the categories of personal information that was disclosed (if applicable) and the purpose for disclosing the personal information about you; and
the specific pieces of personal information we collected about you;
Request we delete personal information we collected from you; and
Opt out of any sales of personal information that may be occurring (none currently);
Be free from unlawful discrimination for exercising your rights under the CCPA
We will generally respond to your request within 45 days if we are able to verify your identity. We will notify you if our response will take longer than 45 days. Requests for specific pieces of personal information may require additional information to verify your identity.
In some instances, we may not be able to honor your request. For example, we will not honor your request if we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. Additionally, we will not honor your request where an exception applies, such as where the disclosure of personal information would adversely affect the rights and freedoms of another consumer or where the personal information that we maintain about you is not subject to your rights under the CCPA.
We will advise you in our response if we are not able to honor your request. In addition, if you request access to the specific pieces of personal information we have collected about you, we will not provide social security numbers, driver’s license numbers or government issued identification numbers, financial account numbers, account passwords or security questions and answers, or any other specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.
If you are a California resident, you may make a request to exercise your rights under the CCPA by either of the following methods:
The Services are governed by and operated in, and in accordance with the laws of, the United States, and are intended for the enjoyment of residents of the United States. If you use the Website or the Services, or otherwise provide us with data, from outside the United States, you acknowledge and agree that your Personal Information may be transmitted outside your resident jurisdiction. In particular, please note that your Personal Information may be stored and processed in the United States. The laws pertaining to the collection, use, disclosure and protection of Personal Information in the United States may be more or less stringent than the laws of other countries. By using the Website or the Services, you (a) acknowledge that the Website and the Services are subject to the laws of the United States; (b) consent to your Personal Information being stored and processed in the United States and handled as described in this Policy; and (c) waive any claims that may arise under the laws of the country where you reside, are a citizen, and/or from where you access the Website or the Services.
If you have any questions or concerns about this Policy, please contact us at:
548 Market Street
San Francisco, California 94120
Telephone: (650) 514-5504