Privacy & Security

Online Privacy & Security

Last Updated: August 2023

This Online Privacy Policy (the “Policy”) applies to the Exchange Bank family of financial service providers. Trust has always been the foundation of our relationship with customers. We recognize that you trust us with your personal and financial information, the privacy and security of which is a top priority for us.

The Policy describes the treatment of information that is provided by you or collected through any of our online interfaces to which a copy of the Policy is posted, including (the “Website”), Applications we have placed on third party sites such as Facebook®, Twitter® and other social media services, and Exchange Bank’s mobile applications (the “Applications,” and together with the “Website,” the “Services”). It also explains how we collect, use and share information based on users’ interactions with online advertisements, both on the Services and on online interfaces owned by third parties. Note that the Policy does not govern our privacy practices offline or with respect to information that is not provided or collected through the Services.

For additional information on this Policy or our privacy practices generally, please feel free to contact us directly.

While this Online Privacy Policy describes how we treat information, please be aware that additional terms and conditions may apply for certain parts of our Website and Applications.


1. Types Of Information We Collect

We collect two basic types of information through the Services – personal information and anonymous information. We also collect location information in connection with our mobile applications.

“Personal information” refers to information that identifies (whether directly or indirectly) a particular individual, such as information you provide on our forms, surveys, applications or similar online fields. Examples may include your name, postal address, email address, telephone number, Social Security number, date of birth or account information.

“Anonymous information” means information that does not directly or indirectly identify, and cannot reasonably be used to identify, a particular individual. Examples may include information about your Internet browser, information collected through tracking technologies (see “Online Tracking and Advertising” section below for additional information regarding our use of tracking technologies), and demographic information that you provide to us (e.g., your household income) and aggregated or de-identified data.

Mobile Application Solutions

Exchange Bank Mobile Banking Apps:

  • Require access to Images taken by device’s camera to support Mobile Remote Deposit functionality. The Camera Setting can be disabled by the user.
  • Provide access to Location Data to enable integration with Maps to identify nearby branches and ATMs. The Location Setting can be disabled by the user.
  • Provide access to External Storage to allow users to attach a file within a Secure Message. This functionality cannot be disabled by the user.
  • Provide access to the Contact List on the device (including contact list names, email addresses and phone numbers) to support Person to Person (P2P) Payments. The Contacts Setting can be disabled by the user.
  • Require access to the Phone State to support an integrated Malware / Anti-phishing Tool. This functionality cannot be disabled by the user.


2. How We Collect Your Information 

We collect personal information from you or about you when you provide this information to us directly. For example, we may obtain personal information when you request information, products, or services from us, register on the Website or an Application, respond to surveys, contact customer support or otherwise interact with us. We may also receive information about you from other online and offline sources, such as public databases, social media platforms and other third parties.

In addition, we may collect information about your activity on the Services automatically using tracking technologies, such as cookies, and pixel tags. Definitions for the tracking technologies we use, as well as information regarding how to disable them, are available in the Online Tracking and Advertising section of the Policy.

If you submit any personal information relating to other people to us or to our service providers in connection with the Services (such as names, email addresses and/or phone numbers), you represent that you have the authority to do so and to permit us to use the information in accordance with this Policy.


3. How We Use Information We Collect

Optimize, improve and maintain our sites including research and analytics of the sites, identifiers that allow us to remember when you leave and return to our sites.

Provide and improve our products and services, to better understand and serve our users.

Detect, investigate, and prevent activities that may violate our policies or be illegal or fraudulent. We comply with all applicable laws.


4. How We Share Information We Collect

We will not share your information outside the Exchange Bank family of financial service providers, except under limited circumstances, as required by law and with our advertising partners, as described in section 5 below. Please visit Privacy & Security – Exchange Bank to view applicable Exchange Bank Privacy Notices for more details. 


5. Online Tracking and Advertising

We and certain trusted service providers operating on our behalf, collect information about your activity on the Services using tracking technologies, including:

Our Cookies

We may place an cookie on your device to ensure that browser does not see repeated ads, to sequence a series of ads and to measure the number of visitors that have viewed a particular ad or visited a particular page. Your browser or device may include an instruction to prevent the collection and use of your personal information through Global Privacy Control (GPC). We recognize these controls and will acknowledge the request on our website when received. 

Other Cookies

Third parties may use identifiers to track your Internet usage across other websites and mobile applications in their networks beyond the sites. Third parties, with sufficient data from other sources, may be able to identify you. This information allows us to generally inform advertisers about the nature of our website visitors. 

You can learn more about advertising serving companies and options available to limit their collection and use of your information by visiting the following websites:

  • Apple®
  • Android®
  • Windows®
  • Facebook®
  • National Advertising Initiative
  • Digital Advertising Alliance

Opting-out of advertising networks services does not mean you will not receive advertising while using our sites or on other websites, nor will it prevent receipt of interest-based advertising from third parties that do not participate in these programs. It will exclude you from interest-based advertising through participating networks, as provided by their policies and choices. If you delete your cookies, you may also delete your opt-out preferences.

We use other websites analytics services, such as Google, Inc., to help us administer and improve the quality of our sites. Google Analytics uses cookies or other tracking technologies to help us analyze how users interact with the sites and provide us with services related to site activity and use. Google Analytics may collect information such as, browser type, time of visit, whether you are a return visitor, and any referring website. That information will be transmitted to and stored by Google, subject to their privacy policies. 

The use of analytics and advertising partners has been determined to be sharing and, in some cases, selling of information. You may opt out of the selling or sharing of personal information at

Location tracking on mobile devices.

When logging in to the mobile app, we log IP addresses for systems administration, troubleshooting and geotargeting our own advertisements. When you interact with our sites, we may collect information about your location and your device. Some of this information may be general, such as the state or city associated with your zip code, some of this information may be more precise, such as information associated with your mobile device. Location information allows us to tailor promotions to your locality. Most mobile devices allow you to control or disable the use of precise location services in the device’s settings menu.

Information collected through tracking technologies is used for many purposes including, for example, to:

  • Deliver relevant content based on your preferences, usage patterns and location
  • Monitor and evaluate the use and operation of the Services
  • Analyze traffic on the Services and on websites or mobile applications of third parties

6. Other Information Collected Automatically

Browser or Device Information: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version, and the name and version of the Services (such as the Application) you are using. We use this information to ensure that the Services function properly.

Application Information: When you download and use an application, we and our service providers may track and collect usage data, such as the date and time the Application on your device accesses our servers and what information and files have been downloaded to the Application based on your device number.

IP Address: Your IP address is a number that is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a customer logs in to internet banking, along with the time of the visit and the services used. We use IP addresses of our customers using transactional services for purposes such as identifying the general location of the user, noting any changes to the customer’s IP address for identification and security purposes, calculating usage levels, helping diagnose server problems, and for administering the Services. We do not collect IP addresses for website visitors who do not log into online banking. 


7. Linked Websites

The Services may contain links to third-party websites not controlled by Exchange Bank. We encourage you to be aware when you leave the Services and to read the privacy policies and terms of use of any such websites that may collect your personal information, as they will likely differ from those of the Services. Exchange Bank does not guarantee and is not responsible for the privacy or security of these websites, including the accuracy, completeness, or reliability of their information.

In addition, Exchange Bank is not responsible for the information collection, use and disclosure practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft or any other app developer or provider, social media platform provider, operating system provider, wireless service provider or device manufacturer.


8. Data Security

Your privacy is very important to Exchange Bank, and we are committed to protecting your personal information from unauthorized access or use. We will use reasonable organizational, physical, technical, and administrative measures to protect personal information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section below.

In addition, Exchange Bank protects customers from liability for unauthorized online transactions. Certain conditions and limitations may apply. See the Online Banking Agreement and Disclosure for details.


9. Preventing Identity Theft

In order to help us protect your personal information, it is important that you always keep your account information safe. We recommend that you consider the risk of sharing your username, password, or PIN with anyone.

Note that Exchange Bank will never initiate (unless otherwise stated for a specific product or service application), a request via email for your sensitive information (e.g., Social Security number, username, password, PIN or account number). If you receive an email asking for your sensitive information, you should be suspicious of the request and promptly contact us to report the suspicious activity.

Please be aware, however, that in certain telephone and in-person transactions we may ask for your full Social Security number, account number or other information to verify your identity before conducting the transactions you have requested. For example, we may ask for such information to verify your identity when you place a call to us, when you visit an Exchange Bank branch office or when we call you about a new product or service we believe that you will find valuable. We will never request that you disclose your personal ID, password, or PIN under any circumstances, including such telephone or in-person transactions.


10. Children’s Privacy

We do not use the Services to knowingly solicit personal information from or market to children under the age of thirteen (13) without parental consent. We request that such individuals do not provide personal information through the Services. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should promptly contact us, and we will delete such information from our files.


11. External Aggregation Services

You have the responsibility to help us protect your accounts. Consider the risk of revealing your username, password, or other credentials to any person or third party. By providing your username, password or other credentials to any person or third party (including an aggregation service) you authorize that person or third party to initiate transfers to or from your account.

Some third-party companies offer aggregation services that allow you to consolidate your financial account information from a variety of sources, such that you can view all your account information at a single online location. For example, an aggregation service might collect and consolidate your checking and savings account balances at your bank, the value of your stocks and bonds in your brokerage account and your frequent flier mileage information from an airline. In order to do so, the aggregator may request access to personal information — including identification information, account information, personal IDs, and passwords — from you for each individual website.

Please use caution when providing personal information to an aggregation service. By providing your username, password or other credentials to an aggregation service you authorize that person or third party to initiate transfers to or from your account.

Should you decide to revoke the authority you have given to an aggregation service, you should notify the aggregation service.


12. Social Media Platforms

Exchange Bank may interact with registered users of various social media platforms, including Facebook®, Instagram®, LinkedIn® and Twitter®. Please note that any content you post to such social media platforms (e.g., pictures, information or opinions), as well as any personal information that you otherwise make available to users (e.g., your profile), is subject to the applicable social media platform’s terms of use and privacy policies. We recommend that you review this information carefully in order to better understand your rights and obligations with regard to such content.


13. Retention Period

We will retain your personal information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required by law.


14. Changes to the Online Privacy Policy

We will amend this Privacy Policy from time to time and, when we do, we will post changes to our website. Your continued use of our sites and services means you accept those changes.


15. Contact Us

If you have any questions or comments about this Policy or our privacy practices generally, we encourage you to view our Privacy Policies at or contact our customer service department by completing our “Contact Us” online form, or by calling 707.524.3000 or 800.995.4066. Alternatively, you may use any of the local telephone numbers for your area that are listed in the “Contact Us” section of the Website.

In the event you notice suspicious activity on your account or believe your personal ID, password or PIN has been compromised, please contact us immediately.


16. Accessibility

If you need this information in an alternate accessible format, call us at 707.524.3000 or 800.995.4066.