Privacy Policy | Kasasa

View previous privacy policy

Privacy Policy

Effective: October 15, 2019
Version: q19v4

Definitions are located at the end of this Privacy Policy (the “Policy”). Please contact with any questions of concerns you may have.


Kasasa (also “us” and “we”) provides retail banking products, enabling technologies, and professional services that help community Financial Institutions better serve Consumers and their communities. Kasasa respects privacy and is committed to protecting it though compliance with this Policy.

Applicable Law requires us to disclose what personal information we collect, and how we collect, share, and protect any personal information we receive from Financial Institutions or Consumers interacting with the  Services or our website or personnel.





This Policy applies to any and all interactions with Kasasa (including employment related), any of the Services it provides, and Kasasa Events in which we participate, unless a different policy is posted or is made available and by its terms supplant this Policy.

Other privacy policies, such as those of Third Parties that we contract with for specific services and functionality, may also apply in addition to this Policy.

Kasasa will not share Personal Information (defined herein) with any person or organization except (i) to perform the Services, (ii) for the business purposes described in this Policy, (iii) as authorized by the Consumer, (iv) with the Financial Institution used by the Consumer, (v) with Third Parties delivering contracted services, (vi) as may be required Applicable Law, or (vii) as otherwise set forth herein.

Kasasa does not sell Personal Information.

This Policy describes the types of information we may collect through any of the Services or Kasasa Events in which we participate, as well as, and our practices for collecting, using, maintaining, protecting and disclosing the information.

The information we collect and share depends on the Services utilized, which websites that are powered by Kasasa (“Kasasa Powered Websites”) are visited, or Kasasa Event(s) in which you participate.

In the past twelve (12) months, the “Personal Information” we have collected includes:

Identifiers. Information which identifies the Consumer (e.g. real name, aliases, postal address, unique personal identifier, online identifier, Internet Protocol address, income, age, age range, date of birth, email address, account name, Social Security Number, photograph, driver’s license number, passport number, or other similar information).

Personally Identifiable Information. In addition to the information listed above in ‘Identifiers,’ any other specific information which identifies the Consumer (e.g. signature, physical characteristics or description, state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or other financial information, or medical information or health insurance information). Some Personal Information included in this category may overlap with other categories.

Legally Protected Characteristics.  Information regarding a Consumer’s characteristics that are protected by law (e.g. age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, disability, sex (including gender, gender identity, gender expression, pregnancy, maternity, childbirth, and related medical conditions), sexual orientation, veteran or military status, or genetic information (including familial genetic information).

Commercial Information.  Information regarding a Consumer’s purchasing or selling activity (e.g. records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies).

Biometric informationGenetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

Internet or Network Activity. Information regarding a Consumer’s Internet activity (e.g. browsing history, search history, information regarding a consumer’s interaction with an Internet Web site, application, or advertisement, or other similar information).

Geolocation.  Information regarding a Consumer’s physical location and/or movements.

Inferences from Above Used to Profile. Any profile drawn from a Consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Personal Information does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.
  • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994 and information excluded from the scope of state laws like health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA); clinical trial data and specific state laws.

We do not knowingly collect information from or about persons under the age of 16 years old (“Child”) on Kasasa Powered Websites or at Kasasa Events. If you are a Child, do not use or provide any information to us via the Kasasa Powered Websites or attend Kasasa Events. If we learn that we have collected or received unauthorized Personal Information from a Child, we will delete that information. If you believe that we have information from or about a Child, please contact


To protect Personal Information, we (i) require Third Parties to treat Personal Information in accordance with Applicable Law; (ii) only allow Third Parties to use Personal Information for specified purposes as contracted for; and (iii) use security measures (i.e., physical, technical, and procedural safeguards) that comply with federal law and industry best practices. We perform data encryption (at rest and in transit) via AES-256 encryption.  Although we do our best to protect Personal Information, we cannot guarantee the security of exchanged Personal Information. Any exchange of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures.


We receive Personal Information from the following sources:

  • Financial Institutions, their representatives, agents or service providers;
  • Consumer interactions with any of our Services, Kasasa Powered Websites, or digital applications, advertisement, online survey, promotions, events, in a real-time Kasasa Event;
  • Activity on websites or digital applications powered by Kasasa;
  • Third Parties that interact with us in connection with the Services;
  • Mobile and desktop applications you download to interact with us and/or the Services;
  • Interaction with advertising and applications on Third-Party websites and services, that include links to us; and
  • Cookies, Clear GIFs, Flash Objects, IP Addresses and data entry forms.


We may collect, use, disclose or share Personal Information for our business purposes, including:

  • To carry out our obligations and enforce our rights arising from any contracts entered into by Financial Institutions, Consumers, or Third Parties and us, including but not limited to: (i) conducting, processing, and delivering contracted Services, (ii) verifying the identity of a Financial Institution or Consumer so they can access their accounts, conduct transactions, validate account status or submit a verifiable request regarding Personal Information, (iii) facilitating specific features of products, (iv) ensuring proper functionality of our Services, (v) billing for Services provided, and (vi) for other like purposes.
  • To enable contractors, service providers, and other Third Parties that we use to execute their services in support of our business and who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which it was disclosed.
  • To conduct market research using aggregated data and execute authorized marketing programs, either directly or through a Third Party, to promote Services in which we believe the Consumer may be interested.
  • To execute and administer incentive programs and/or promotional offers and to notify winners and distribute prizes. These activities will have additional rules and may contain specific information about how Personal Information is collected, used, and shared.
  • To test and evaluate the effectiveness of marketing programs, channels, and offers.
  • To enhance collected information with additional demographics and psychographic data to aid in understanding consumer behavior, product use, interests, opinions, trends, and other like purposes.
  • To improve a user’s interaction and overall digital experience.
  • To enable Consumers to apply for specific Services.
  • To send alerts and notifications to Consumers, or to respond to inquiries and requests.
  • To map Consumer’s location in relation to the Financial Institution’s offices and branches.
  • To aid in our understanding of consumer behaviors, product use, interests, opinions, industry trends, and other like purposes.
  • To maintain measures aimed at preventing fraud and protecting the security of accounts and Personal Information.
  • To comply with Applicable Law.
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Kasasa's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Kasasa is among the assets transferred.·      
  • For any other purpose disclosed by us when you provide the information.·      
  • With your expressed consent.·      
  • To carry out vital and legitimate business interest; provided we establish that the interest(s) do not override your rights to have Personal Information protected. Such interest include: (i) responding to request and inquiries; and (ii) optimizing Services, experiences and operations.

We will not collect additional categories of Personal Information or use Personal Information we collect for materially different, unrelated, or incompatible purposes without providing notice to the Consumer.

You do not have to provide any information to view some Kasasa Powered Websites and you are permitted to browse some Kasasa Powered Websites anonymously. By viewing or browsing any Kasasa Powered Websites, you are agreeing to this Policy. Certain features of some of the Services, however, are only available to registered Financial Institutions, Consumers or to those who have not disabled certain tracking capabilities.


We may disclose Personal Information to a Third Party for the business purposes stated in this Policy and subject to a written agreement with the Third Party that describes the purpose and requires the recipient to (i) keep such Personal Information confidential; and (ii) not use it for any purpose other than performing as contracted for. Such Third Parties may include, but are not limited to, service providers, data brokers, data aggregators, advertisers, Affiliates, Non-Affiliates, partners, social media companies or internet cookie information recipients.

We may share the information we collect from and about Consumers with Affiliates and Non-Affiliates for the following purposes:

  • To conduct and deliver services for which we contract with vendors, including, but not limited to, payment services, sending postal and electronic mail, display advertising on websites, performing account aggregation services, and providing customer support for Services and Kasasa Events.
  • To upgrade software and provide technical support and issue resolution for the Services.
  • To facilitate, execute and evaluate programs, including, but not limited to, marketing and promotional opportunities, that we and/or Financial Institutions execute.
  • To protect our rights and property, to prevent fraud and abuse and to adhere and respond to Applicable Law.


Under certain circumstances, Consumers have the rights set forth below regarding the Personal Information we may have collected about them in the previous 12 months:

Access and Disclosure of Information
.  Upon receipt and confirmation of a Verifiable Consumer Request, we will disclose, by mail or in electronic format, to the Consumer the following information: (i) the categories of personal information collected about that Consumer, (ii) the categories of sources for the personal information collected about that Consumer, (iii) the business or commercial purpose for collecting that Consumer’s Personal Information, (iv) categories of Third Parties with whom we share or sell that Consumer’s Personal Information, and (iv) the specific Personal Information collected about that Consumer.

Delete Information.
Up to twice per year, upon receipt and confirmation of a Verifiable Consumer Request or Verifiable Financial Institution Request, we will delete (and direct our service providers to delete) that Consumer’s Personal Information from our records, unless the information is necessary for us or our service providers to:

  • Complete the transaction for which the Consumer’s personal information was collected;
  • Provide a Service that was requested by the Consumer either directly to Kasasa or through a Financial Institution;
  • Take actions reasonably anticipated within the context of our ongoing business relationship with the Consumer or otherwise perform our contract with the Consumer;
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • Debug products to identify and repair errors that impair existing intended functionality;
  • Exercise our rights to free speech, ensure the right of another Consumer to exercise their rights to free speech, or exercise another right provided for by law;
  • Comply with specific state privacy laws;
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the deletion of that Consumer’s information may likely render impossible or seriously impair the research’s achievement, if the Consumer previously provided informed consent;
  • Enable solely internal uses that are reasonably aligned with that Consumer’s expectations, based on the Consumer’s relationship with us;
  • Comply with Applicable Law; or
  • Make other internal and lawful uses of that information that are compatible with the context in which the Consumer provided such information.

Disable Use of Features and/or Discontinue Use of Services,  Consumer have the right to disable Cookies and Flash Objects from their browsers; however, some functionality on some Kasasa Powered websites may be impaired if these items are disabled. Consumers have the right to contact their Financial Institution and close their account and/or discontinue the use of Services, websites, or digital applications powered by Kasasa.

Opt-Out of Collection
.  Consumer may opt-out of any continuing marketing or promotional program by executing the opt-out option included within such marketing or promotional communication. We do not sell Personal Information, but as a safeguard, a Consumer may also opt-out of having their information sold to third-parties by submitting the request to

Consumers can exercise their rights to opt out of some information collection and sharing activities, but not all. For example, Consumers cannot opt out of aggregated information and Personal Information if shared with Non-Affiliates to: (i) market the Financial Institution’s own products or services; (ii) market financial products and services offered by the Financial Institution and another financial institution (Joint Marketing); (iii) process and service transactions the Consumer requests or authorizes; (iv) protect against potential fraud or unauthorized transactions; (v) respond to judicial process; (vi) comply with Applicable Law.

In the event that an account is deleted and/or closed at the Financial Institution or the Financial Institution terminates the use of the Services, any Personal Information will no longer be used and will be destroyed or deleted from operational Kasasa systems in accordance with Kasasa’s then-current internal policies, procedures, and timeframes.

There is not a fee for a verified Consumer to exercise any of the other rights regarding Personal Information. However, we may charge a reasonable fee or refuse to comply if a request is clearly unfounded, excessive, or trolling.   


  • Consumer Requests: Consumers may exercise their rights in this Policy by:
    • Emailing us at:
    • Contacting us toll-free at: 877-342-2557.
    • Mailing us at: Kasasa, Attn: Legal Department/Consumer Rights Request, 4516 Seton Center Parkway, Suite 300, Austin, TX 78759

A “Verifiable Consumer Request” must: (i) be made by the Consumer requesting their Personal Information or an authorized representative; (ii) provide sufficient information to verify identity or authority; (iii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it; (iv) identify a preferred format for requested Personal Information; and (v) any other information that we may request  in order to verify the requestor’s identity. We will not be able to respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

You will not be required to create an account with us in order to make a verifiable request. However, we do consider requests made through your password protected account sufficiently verified. We will only use personal information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request. You may make a Verifiable Consumer Request for access to applicable personal information twice within a 12-month period.

  • Financial Institution Requests: Financial Institutions may submit request for individual Consumer records to be disclosed or deleted from Kasasa and our Third Parties’ systems through their FIRSTBase portal. 

A “Verifiable Financial Institution Request” must: (i) be made by the Financial Institution who received a Verifiable Consumer Request requesting their Personal Information or an authorized representative; (ii) provide sufficient information to verify identity or authority of the requesting Consumer, (iii) describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it, and (iv) identify a preferred format for requested Personal Information. We will not be able to respond to request or provide any Personal Information if we cannot verify the Financial Institution’s identify;  the Consumer’s identity or authority to make the request and confirm the Personal Information relates to the Consumer making the verifiable request.


We may provide web links to websites unaffiliated with Kasasa, such as credit bureaus, service providers or merchants. If you follow web links to websites not affiliated or controlled by Kasasa, you should review their privacy and security policies and other terms and conditions, as they may be different from those on our websites. Kasasa does not guarantee, and is not responsible for, the privacy or security of these websites, including the accuracy, completeness, or reliability of their information.


Kasasa provides experiences, including Kasasa Events, on social media platforms including, but not limited to, Facebook, Twitter, YouTube and LinkedIn that enable online sharing and collaboration among Financial Institutions and Consumers who have registered to use them. Your participation in any Kasasa Event may be published on various social media platforms, and may include photos and videos from/of the Event. Any content posted on official Kasasa managed social media pages, such as pictures, information, opinions, videos, or any personal information that is made available to other participants on these social platforms, is subject to the terms of use and privacy policies of those respective platforms. Please refer to them to better understand the rights and obligations with regard to such content. You may request that Kasasa remove a photo or video in which you are easily identifiable by contacting us (see Submitting Requests below) and we will make reasonable efforts to do so.  In addition, please note that when visiting any official Kasasa social media pages, you are also subject to the Terms and Conditions of Kasasa’s Privacy Notices.


We will enforce this Policy, and if you violate any of its terms, we may prevent you from using any of the Services.


The following definitions applies to your interaction with Kasasa or any of the Services, unless a different policy is posted or is made available and by its terms supplants this Policy.

 Companies related by common ownership or control, both financial and non-financial entities.

Applicable law” means, as applicable, (i) court orders; and (ii) federal, state, and local laws, rules, regulations, and requirements of any governmental authority or other administrative or regulatory organization which is applicable to Kasasa and the Services.

 Any current or prospective customers or members of Financial Institutions or Kasasa that currently use the Services, or may use them in the future.

 Cookies are alphanumeric identifiers that are transferred to a computer’s hard drive through the web browser for tracking and record-keeping purposes. These Cookies, however, do not store any PERSONAL INFORMATION. We use three different types of Cookies: (1) Session Cookies: exist only during an online session and allow storage of online activities and verify an identity while using a website; (2) Persistent Cookies: remain on the computer after the browser has been closed or the computer has been turned off and track aggregate & statistical information about activity which may be combined with other information; and (3) Third Party Cookies: We also may engage Third Parties, including, without limitation, Google Analytics, to track and analyze non-indefinable information website data. We use the data collected by such Third Parties to help administer and improve the quality of the Services and to analyze usage. We do not have access to or control over these Third-Party Cookies, nor does this Privacy Policy cover such Third Parties’ use of data.

Clear GIFs
(aka Web Beacons/Web Bugs, Pixel Tags): Clear GIFs are tiny graphics with a unique identifier, similar in function to Cookies, and are used to track the online movements of web users. In contrast to Cookies, which are stored on the computer’s hard drive, Clear GIFs are embedded invisibly on web pages.

Financial Institutions:
 Banks and/or credit unions that contract for the Services.

Flash Objects
(or Local Shared Objects): These objects help us determine and recognize the browser type and version of Adobe Flash so that one can view “moving content” such as online demonstrations and tutorials on the device when logged onto or return to a website.

IP Address:
 A number that is automatically assigned to the device used by your Internet Service Provider (ISP). An IP Address is identified and logged automatically in our server log files whenever someone visits a website, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice on the internet and is done automatically by many websites. We use IP Addresses for purposes such as calculating website usage levels, helping diagnose server problems, compliance and security, and administering our Services.

Joint Marketing:
 A formal agreement between non-affiliated financial companies, or Third Parties that together market financial products or services to Consumers.

Kasasa Event:
 Any event Kasasa, LTD organizes to educate and raise the general public’s awareness that, as a whole, Financial Institutions offer financial products and services that are competitive with their larger regional and national counterparts.

 Entities not related by common ownership or control, both financial and non-financial entities.

Collectively refers to any and all of Kasasa’s products, services, applications and/or websites that Kasasa powers independently or on behalf of Financial Institutions.

Third Parties
:  Any agents, vendors, subcontractor, licensor, or other representatives  that Kasasa engages to develop, deliver or support the Services or capabilities.


We reserve the right to modify this Policy at any time without notice, so review it frequently. If we make changes to this Policy, we will post these changes on this website and if applicable on digital application; and the changes will be deemed effective immediately upon the date of such posting. The most current version of the Policy will always appear on this website and the most recent version shall supersede any and all other versions of this Policy. Continued use of the Services following the posting of these changes or modifications will constitute acceptance of such changes or modifications.


If you have any questions regarding this Policy, please contact us at:

Kasasa, LTD
4516 Seton Center Parkway;
Suite 300
Austin, TX 78759