Federal Privacy Notices

X1 Inc. Federal Privacy Notice

What does X1 Inc. do with your personal information?

Why?

Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

What?

The types of personal information we collect and share depend on the product or service you have with us. This information can include:

  • Social Security number and credit history
  • Account balances and transaction history
  • Payment history and employment information

How?

All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons X1 Inc. chooses to share; and whether you can limit this sharing.

Questions?

Call (650) 422-2612 or go to www.x1.co
Reasons we can share your personal information Does X1 share? Can you limit this sharing?
For our everyday business purposes–
such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
Yes No
For our marketing purposes—
to offer our products and services to you
Yes No
For joint marketing with other financial companies No We do not share
For our affiliates’ everyday business purposes—
information about your transactions and experiences
No We do not share
For our affiliates’ everyday business purposes—
information about your creditworthiness
No We do not share
For our affiliates to market to you No We do not share
For nonaffiliates to market to you No We do not share
Who we are
Who is providing this notice? X1 Inc., the servicing agent for the bank that issues your credit card.
What we do
How does X1 protect my personal information?

To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.

How does X1 Inc. collect my personal information?

We collect your personal information, for example, when you

  • Open an account
  • Give us your contact information
  • Give us your bank statement or pay stubs
  • Connect your bank
  • Use your credit card

We also collect your personal information from others, such as credit bureaus or other companies.

Why can’t I limit all sharing?

Federal law gives you the right to limit only:

  • Sharing for affiliates’ everyday business purposes—information about your creditworthiness
  • Affiliates from using your information to market to you
  • Sharing for nonaffiliates to market to you

State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.

What happens when I limit sharing for an account I hold jointly with someone else?

Your choices will apply to everyone on your account—unless you tell us otherwise.

Definitions
Affiliates

Companies related by common ownership or control. They can be financial and nonfinancial companies.

  • Currently X1 Inc. has no affiliates.
Nonaffiliates

Companies not related by common ownership or control. They can be financial and nonfinancial companies.

  • X1 Inc. does not share with nonaffiliates so that they can market to you.
Joint marketing

A formal agreement between nonaffiliated financial companies that together market financial products or services to you.

  • X1 Inc. does not jointly market.
Other important information

STATE PRIVACY LAWS

We will comply with applicable state privacy laws.

  • California Residents: We will not share your information with companies outside of X1, except for our everyday business purposes, for marketing our products and services to you, or with your consent.

  • Vermont Residents: We will not share your information with companies outside of X1, except for our everyday business purposes, for marketing our products and services to you, or with your consent. We will not disclose credit information about you within or outside X1 except as required or permitted by law.
  • Nevada Residents: We provide you this notice under Nevada state law. To be placed on our internal Do Not Call List, call (650) 422-2612. If you would like more information about telemarketing practices, you may contact us at X1 Inc., 548 Market Street, Suite 30684, San Francisco, CA 94120 or at (650) 422-2612.

    For more on this Nevada law, contact Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; Phone number: 1 (702) 486-3132; E-mail: BCPINFO@ag.state.nv.us.

Telephone Communications: All telephone communications with us or our authorized agents may be monitored or recorded.


X1 Privacy Policy

X1 Inc. ("X1," "we," "us" and/or "our") is dedicated to protecting your personal information and informing you about how we use it. This privacy policy (the "Privacy Policy" or the "Policy") is intended to provide information to our visitors and users ("you" or "your") about how we collect, protect, share and use your information when you use the X1 Card website, www.x1.co, including any subdomain thereof (the “Website”), the X1 Card mobile application (the “App”) and/or products and services offered, operated or made available by X1 (the Website, App and products and services of X1 are collectively referred to as the "Services". Reference to the Services includes any portion of the Services). Any capitalized term that is not defined in this Privacy Policy shall have the meaning given to it in the Terms of Use. This Privacy Policy outlines how and when X1 collects, protects, shares, and uses information that can identify you individually ("Personal Information"), such as your name, email or telephone number. Personal Information does not include information that is anonymous, aggregated, or can no longer be used to identify you as an individual.

If you have any financial product or service with us, including an X1 Card (defined below), we will use and share any Non-Public Information (“NPI”) as defined by the Gramm-Leach-Bliley Act (“GLBA”) that we collect from or about you related to your use of that product or service in accordance with our GLBA Privacy Notice.

Furthermore, you acknowledge that the use of any credit card offered by Coastal Community Bank, Member FDIC, through X1 (an “X1 Card”) is governed by the Cardholder Agreement that is provided to you. Coastal Community Bank’s GLBA Privacy Notice is available for review at x1.co/privacy.

This Privacy Policy covers the privacy practices of X1 only. This Policy does not apply to the practices of third party websites, services or applications, including Coastal Community Bank or other third parties with which we partner. These third party services are governed by each such third party's privacy policy. X1 is not responsible for the privacy policies and practices of websites other than that of X1, and X1 is not responsible for the failure of unaffiliated third parties to honor their privacy obligations.

We may amend this Privacy Policy at any time by posting a revised version on our Website and the App. We will attempt to give a reasonable notice period upon making any changes; however, unless otherwise stated, the revised version will be effective at the time we post it.

Residents of California

If you are a California resident, the California Consumer Privacy Act of 2018 (the “CCPA”) requires us to provide you with certain notices prior to our collection and use of personal information about you. You can find these notices below under “Your California Privacy Rights.” You should also read the rest of this Privacy Policy, which also applies to all prospective, current and former X1 customers (including residents of California).

  1. Information We Collect

    1. Information You Provide

      In general, you may visit the Website without telling us who you are or sharing any Personal Information with us. When you register for an account with X1, apply for a financial product, or use other aspects of the Services, or communicate with us, we may ask you to provide certain Personal Information, such as your name, address, email address, telephone number, or social security number. We may also collect financial information such as your income, account balance, payment history, credit history, or credit scores.

      Any Personal Information that you provide is available to us and may be available to Coastal Community Bank, as well as third-party service providers involved in the operation of the Services. Although we contractually require our third-party service providers to protect your Personal Information, please note that we do not own or control such providers and cannot guarantee their compliance.

    2. Information We Collect Automatically

      1. Usage Information. X1 may use a variety of technologies that passively or automatically collect information about how the Services are accessed and used, including your browser type, device type and manufacturer, operating system, application version, the pages served to you, the time you browse, preceding page views, and your use of particular features of the Services. This statistical data helps us understand what is interesting and relevant to users of the Services so that we can best tailor our content to you.

      2. Device Identifiers. X1 also automatically collects an IP address or other unique identifier, mobile carrier, and mobile phone number, for the computer, mobile telephone, tablet or other device (collectively "Mobile Device") you use to access the Services. A "Device Identifier" is a number that is automatically assigned to your Mobile Device when you access a web site or its servers, and our computers identify your Mobile Device by its Device Identifier. We may use a Device Identifier to, among other things, administer the Services, help diagnose problems with our servers, analyze trends, track users' web page movements, and gather broad demographic information for aggregate use.

      3. Session Trackers. In operating the Services, we may use cookies, pixel tags, other local shared objects and similar session tracking technologies ("Session Trackers"). Session Trackers help provide additional functionality to the Services, customize users' experiences with the Services and help us analyze Services' usage more accurately for research and product development purposes. We (including third parties that we work with) may place session trackers on your Mobile Device for security purposes, to facilitate navigation of the Services, and to personalize your experience while using our Services.

        If you would prefer not to accept Session Trackers when using the Services, follow the instructions provided by your website or mobile browser (usually located within the "Help", "Tools" or "Edit" facility) to modify your Session Tracker settings. Please note that if you disable Session Trackers, you may not be able to access certain parts of our Services and/or the Services may not work properly. As a result, we recommend that you leave Session Trackers turned on when accessing the Services because they allow you to take advantage of some of the Services' features.

      4. Web Beacons. In addition to Session Trackers, we may use web beacons (also known as "clear GIFs"), which are transparent graphic images placed on a web page or in an email and indicate that a page or email has been viewed or tell your browser to get content from another server. We use web beacons to measure traffic to or from, or use of, our online forms, tools or content items and related browsing behavior and to improve your experience when using the Services. We may also use customized links or other similar technologies to track hyperlinks that you click and associate that information with your Personal Information in order to provide you with more focused communications.

    3. Non-Personal Information

      Additionally, we may modify and combine Personal Information in a manner that does not personally identify you or any other individual and thus, no longer constitutes Personal Information. We may use this non-Personal Information, such as aggregate user statistics, demographic information, and usage information, for any lawful purpose.

    4. Information from Third Parties

      We may receive information about you from third parties, such as your financial institutions. In addition, we may receive information about you from outside records of third parties, such as credit bureaus. If you apply for a credit product from X1, we will collect information, which may include your credit history and credit scores, from credit bureaus and other partners to determine your creditworthiness and to assess risks related to your potential credit account. In addition, we may work with a third party, such as Plaid, to access and collect such data on our behalf. By providing your information to the third party, you acknowledge and agree that information accessed, collected, or transmitted by the third party for this purpose will be governed by the privacy policy of the third party. Plaid's privacy policy is available at www.plaid.com/legal. We may supplement the information we collect about you through the Services with such information from third parties in order to enhance our ability to serve you, to tailor our content to you and/or to offer you opportunities to purchase products or services that we believe may be of interest to you. If we combine such data with information we collect through the Services, such information is subject to this Privacy Policy unless we have disclosed otherwise.

  2. How We Use Information

    1. We may use the information we collect for a variety of reasons related to our operation and your use of the Services. X1 may use your personal information to facilitate activities and transactions that need to occur during the lending process. Examples of specific ways in which X1 may use your Personal Information include, but are not limited to the following:

      1. To establish that you are over the age of 18;
      2. To verify your identity and guard against potential fraud;
      3. To pull a credit report from a credit bureau, such as Experian, to help determine your creditworthiness;
      4. To determine your eligibility for a credit product offered on the Website;
      5. To enable our financial services partners to implement automatic payments and fund transfers;
      6. To contact you if there is a problem completing a transaction you requested or to discuss a problem with your account with us;
      7. To implement collection activities as needed; and/or
      8. To maintain regular communications with you concerning transactions you initiate, including but not limited to requesting information or assistance, submitting requests for services on your account, and making payments.
    2. More generally, we may use Personal Information that we collect from you or that you provide to us:

      1. To provide, maintain, protect and improve our services, to develop new ones, and to protect X1 and our users;
      2. To notify you about changes to the Services;
      3. To keep a record of your communication to help solve any issues you might be facing;
      4. For our marketing purposes to offer our products and services to you, such as advertisements, by us through third parties;
      5. To offer you tailored content giving you more relevant search results and ads;
      6. To enforce or apply our Terms of Use and any other agreements between you and X1, including for purposes of billing and collection;
      7. To fulfill any other purpose for which you provide it or otherwise give your consent; and/or
      8. To comply with any court order, law, or legal process, including retaining Personal Information or responding to any government or regulatory request.
    3. Email Communications. We may use your Personal Information to provide you with marketing or other promotional communications via mail or email. If, at any time, you would like to stop receiving these promotional e-mails, you may follow the opt-out instructions contained in any such e-mail or by contacting us as set out below. Please note that by opting out, you may prohibit X1 from informing you of offerings that may be of interest to you. It may take up to ten (10) business days for us to process opt-out requests. You will continue to receive non-promotional emails about your relationship with us.

  3. Disclosure of Personal Information

    Except as provided herein, X1 will not sell, rent or otherwise disclose Personal Information about you to third parties.

    1. Third-Party Advertisers and Interest-Based Advertising

      1. Interest Based Advertising. We may share, or we may permit third-party online advertising networks, social media companies and other third-party services, to collect, information about your use of our Website or the App over time so that they may play or display ads on our Website, the App or the Services, on other devices you may use, and on other websites, apps or services. Typically, though not always, the information we share is provided through cookies or similar tracking technologies, which recognize the device you are using and collect information, including click stream information, browser type, time and date you visited the Website and other information. We and our third-party partners may combine this information with information collected offline or from other sources. We and our third-party partners use this information to make the advertisements you see online more relevant to your interests, as well as to provide advertising-related services such as reporting, attribution, analytics and market research.

      2. Social Media Widgets and Advertising.

        1. Our Services may include social media features, such as the Facebook Like button, Google Plus, Twitter or other widgets. These social media companies may recognize you and collect information about your visit to our Services, and they may set a cookie or employ other tracking technologies. Your interactions with those features are governed by the privacy policies of those companies.

        2. We display targeted advertising to you through social media platforms, such as Facebook, Twitter, Google+ and others. These companies have interest-based advertising programs that allow us to direct advertisements to users who have shown interest in our Services while those users are on the social media platform, or to groups of other users who share similar traits, such as likely commercial interests and demographics. These advertisements are governed by the privacy policies of those social media companies that provide them.

      3. Cross-Device Linking. We, or our third-party partners, may link your various devices so that content you see on one device can result in relevant advertising on another device. We do this by collecting information about each device you use when you are logged in to our Services. We may also work with third-party partners who employ tracking technologies, or the application of statistical modeling tools, to determine if two or more devices are linked to a single user or household. We may share a common account identifier (such as an email address or user ID) with third-party advertising partners to help recognize you across devices. We, and our partners, can use this cross-device linkage to serve interest-based advertising and other personalized content to you across your devices, to perform analytics and to measure the performance of our advertising campaigns.

    2. Your Choices

      1. Interest-based advertising. To learn about interest-based advertising and how you may be able to opt-out of some of this advertising, you may wish to visit the Network Advertising Initiative (NAI) online resources, at www.networkadvertising.org/choices, and/or the Digital Advertising Alliance (DAA) resources at www.aboutads.info/choices.

      2. Cross-device linking. Please note that opting-out of receiving interest-based advertising through the NAI's and DAA's online resources will only opt-out a user from receiving interest-based ads on that specific browser or device, but the user may still receive interest-based ads on his or her other devices. You must perform the opt-out on each browser or device you use.

      3. Mobile advertising. You may also be able to limit interest-based advertising through the settings on your mobile device by selecting "limit ad tracking" (iOS) or "opt-out of interest based ads" (Android). You may also be able to opt-out of some – but not all – interest-based ads served by mobile ad networks by visiting youradchoices.com/appchoices and downloading the mobile AppChoices app.

      4. Some of these opt-outs may not be effective unless your browser is set to accept cookies. If you delete cookies, change your browser settings, switch browsers or computers, or use another operating system, you will need to opt-out again.

    3. Google Analytics and Advertising.

      1. We use Google Analytics to recognize you and link the devices you use when you visit our Website or the Services on your browser or mobile device, login to your account on our Services, or otherwise engage with us. We may share a unique identifier, like a user ID or hashed email address, with Google to facilitate the Services. Google Analytics allows us to better understand how our users interact with our Service and to tailor our advertisements and content to you. For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google's site "How Google uses data when you use our partners' sites or apps" located at www.google.com/policies/privacy/partners. You can learn about Google Analytics' currently available opt-outs, including the Google Analytics Browser Ad-On here tools.google.com/dlpage/gaoptout.

      2. We may also utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the Doubleclick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to the Services. You may control your advertising preferences or opt-out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at google.com/ads/preferences or by vising NAI's online resources at www.networkadvertising.org/choices.

    4. Third party partners and service providers.

      We may share your Personal Information with unaffiliated, third parties that provide certain services on our behalf, including, but not limited to data storage, analytics, platform administration, identity verification, credit bureaus, collection agencies, servicers, payment processing, and/or other services. These third parties may have access to Personal Information or non-Personal Information in order to perform their functions on our behalf. However, these third parties are only permitted to use your Personal Information for the purpose for which it has been provided or to administer, service or process transactions that you have authorized, and may not disclose it to any other third party except at our express direction and in accordance with this Policy.

    5. Business transfers.

      As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or our assets, Personal Information collected through the Services may be disclosed to such entity as one of the transferred assets. Also if any bankruptcy or reorganization proceeding is brought by or against us, all such information may be considered an asset of ours and as such may be sold or transferred to third parties.

    6. Legal disclosures.

      X1 may transfer and disclose information, including your Personal Information, information about how the Services are accessed and used, to third parties to comply with a legal obligation; when we believe in good faith that the law requires it; at the request of governmental authorities conducting an investigation; to verify or enforce our Terms of Use or other applicable policies; to respond to an emergency; or otherwise to protect the rights, property, safety or security of third parties, users of the Services or the public.

    7. For everyday business purposes.

      We may share your Personal Information for our everyday business purposes, such as to process transactions, maintain accounts, or as otherwise permitted by law.

    8. With your permission.

      At your direction or request, we may share your Personal Information with specified third parties.

  4. Updating Your Personal Information and Information Retention

    1. If you wish to modify, verify, correct, or update any of your Personal Information collected through the Services, you may do so by logging into your account with us and updating your account information on your dashboard at any time or by emailing us at support@x1.co. Some information regarding your credit application cannot be changed due to laws or legal requirements, and in those cases we may not be able to accommodate your request. Please note that X1 may continue to use your de-identified data after you delete any of your Personal Information.

    2. In accordance with our routine record keeping, we may delete certain records that contain Personal Information you have submitted through the Services. We are under no obligation to store such Personal Information indefinitely and disclaim any liability arising out of, or related to, the destruction of such Personal Information. In addition, you should be aware that it is not always possible to completely remove or delete all of your information from our databases without some residual data remaining because of backups and other reasons.

    3. We will retain your Personal Information as long as needed to provide you services, comply with our legal obligations, resolve disputes, or enforce our agreements.

  5. Security of your Personal Information

    1. X1 has,and requires third-party service providers that may have access to Personal Information to have, administrative, technical, and physical safeguards in place in our respective physical facilities and in our respective computer systems, databases, and communications networks that are reasonably designed to protect information contained within such systems from loss, misuse, and alteration. The measures we use may include:

      1. Protecting Account Numbers: After you have entered your account numbers, we will never display your account number on our App or Services.

      2. Secure, Off-Site Hosting: We store your personal and sensitive financial data such as Social Security numbers and bank account information in a virtual private cloud hosted by Amazon Web Services.

      3. Defining Service Access points: Personal Information can only be read or written through defined service access points, the use of which is password-protected and limited to only those employees or third parties who have a need to know.

      4. Enabling Secure Socket Layer ("SSL") certificate technology: We equip our servers with SSL certificate technology to provide a safe and secure channel to visit the X1 Website.

      5. Ensuring data encryption: SSL also ensures that all data entered into the Website or App is encrypted. For further encryption protection, we require a 128-bit secure browser for logins and transactions.

    2. No method of electronic transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security of your Personal Information. You also play a role in protecting your Personal Information. Please safeguard your username and password for your account with us and do not share them with others. If we receive instructions using your log-in information, we will consider that you have authorized the instructions. You agree to notify us immediately of any unauthorized use of your account with us or any other breach of security related to the Website or the Services. We reserve the right, in our sole discretion, to refuse to provide the Services, terminate your account with us, and to remove or edit content.

  6. Do-Not-Track Settings

    Do Not Track ("DNT") is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. We do not use technology that recognizes DNT signals from your web browser.

  7. Children Under 13

    Neither the Website, the App, nor the Services are directed to children under 13 years of age and we do not knowingly collect Personal Information from children under 13. If we become aware that a child under 13 has provided us with Personal Information, we will make reasonable efforts to delete such information from our files.

  8. Your California Privacy Rights

    This notice for California residents under the CCPA supplements the information provided in the rest of this Privacy Policy, which also applies to you. Any terms defined in the CCPA have the same meaning when we use them here.

    We collect personal information about prospective, current and former X1 customers. In particular, we have collected the following categories of personal information from consumers in the last twelve (12) months:

    CCPA Category Examples
    Identifiers Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, current or past job history, or other similar identifiers.
    Characteristics of protected classifications under California or federal law Age (40 years or older), marital status, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), veteran or military status.
    Commercial Information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories.
    Internet or other similar network activity Information regarding a consumer’s interaction with the X1 website, application, or advertisements.
    Professional or employment-related information Current or past job history.

    The CCPA does not apply to:

    We collect this information from the sources described above under “Information We Collect.”

    We use personal information about you for the business and commercial purposes described above under: “How We Use Information.” X1 has not sold any personal information within the last twelve (12) months. We share personal information with the categories of third parties described in the “Disclosure of Personal Information” section above.

    Your Rights and Choices under the CCPA

    California residents have certain rights regarding their personal information. If you are a California resident, subject to certain limitations and exceptions, you have the right to:

    We will generally respond to your request within 45 days if we are able to verify your identity. We will notify you if our response will take longer than 45 days. Requests for specific pieces of personal information may require additional information to verify your identity.

    In some instances, we may not be able to honor your request. For example, we will not honor your request if we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. Additionally, we will not honor your request where an exception applies, such as where the disclosure of personal information would adversely affect the rights and freedoms of another consumer or where the personal information that we maintain about you is not subject to your rights under the CCPA.

    We will advise you in our response if we are not able to honor your request. In addition, if you request access to the specific pieces of personal information we have collected about you, we will not provide social security numbers, driver’s license numbers or government issued identification numbers, financial account numbers, account passwords or security questions and answers, or any other specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.

    How to Exercise Your Rights under the CCPA

    If you are a California resident, you may make a request to exercise your rights under the CCPA by either of the following methods:

  9. Consent to Processing and Transfer of Information

    The Services are governed by and operated in, and in accordance with the laws of, the United States, and are intended for the enjoyment of residents of the United States. If you use the Website or the Services, or otherwise provide us with data, from outside the United States, you acknowledge and agree that your Personal Information may be transmitted outside your resident jurisdiction. In particular, please note that your Personal Information may be stored and processed in the United States. The laws pertaining to the collection, use, disclosure and protection of Personal Information in the United States may be more or less stringent than the laws of other countries. By using the Website or the Services, you (a) acknowledge that the Website and the Services are subject to the laws of the United States; (b) consent to your Personal Information being stored and processed in the United States and handled as described in this Policy; and (c) waive any claims that may arise under the laws of the country where you reside, are a citizen, and/or from where you access the Website or the Services.

  10. Changes to this Policy

    This Policy is the sole authorized statement of X1's practices with respect to the collection of Personal Information and the subsequent use and disclosure of such information. X1 may revise this Policy from time to time without prior notice to you, and any changes will be effective immediately upon the posting of the revised Privacy Policy on the Website and the App. You should bookmark and periodically review this page to ensure that you are familiar with the most current version of this Policy. You can determine when this Policy was last revised by checking the "Last Updated" legend at the top of the Policy.

  11. Questions About This Privacy Policy

    If you have any questions or concerns about this Policy, please contact us at:

    X1 Inc.
    548 Market Street
    Suite 30684
    San Francisco, California 94120
    Email: support@x1.co
    Telephone: (650) 422-2612