How Paxnova Trust operates, in writing.

This Privacy Notice describes how Paxnova Trust Bank, N.A. and our affiliates (collectively, “Paxnova Trust”) collect, use, share, and protect personal information when you visit our websites, use our mobile applications, open or maintain accounts, apply for credit, or otherwise interact with us. It is published in compliance with the federal Gramm-Leach-Bliley Act (15 U.S.C. § 6801 et seq.), the California Consumer Privacy Act as amended (Cal. Civ. Code § 1798.100 et seq.), and other applicable state and federal privacy law.

We collect personal information from you, from third parties (credit bureaus, identity-verification providers, public records), and from our own observations of your interactions with our Services. The categories of information we collect include:

• Identifiers — name, address, date of birth, taxpayer ID (SSN/EIN), driver's-license or passport number, IP address, device identifiers
• Contact information — phone, email, mailing address, preferred language
• Financial information — account numbers, balances, transaction history, credit history, income, employment
• Commercial information — products purchased, application history
• Internet activity — pages viewed, links clicked, app interactions, time stamps
• Geolocation — IP-derived city/state and (with your consent) precise mobile location
• Biometric data — voiceprints for phone authentication; on-device biometric templates remain on your device
• Audio / image — calls to our service desk (recorded with notice) and uploaded ID documents
• Sensitive categories — SSN, account credentials, government-issued ID details; collected only as needed to identify you or to deliver requested services

We process personal information to:

• Open and maintain your account, including identity verification under USA PATRIOT Act § 326
• Process transactions and meet record-keeping obligations under the Bank Secrecy Act
• Underwrite credit and verify employment/income (Regulation B, Fair Credit Reporting Act)
• Detect, prevent, and investigate fraud, money laundering, and unauthorized access
• Provide customer service, including authenticated phone, secure-message, and branch support
• Communicate with you about your account, products, and required regulatory disclosures
• Tailor your experience and, with consent, market additional products that may interest you
• Comply with court orders, subpoenas, regulatory exams, and law-enforcement requests

We share personal information in the ordinary course of running a bank. Under the Gramm-Leach-Bliley Act, we disclose the following categories:

• To process transactions, service accounts, or report to credit bureaus — sharing is permitted by law and you cannot opt out
• To our affiliates (e.g., Paxnova Trust Wealth Advisors LLC) for everyday business purposes such as cross-product servicing — you may not opt out of this sharing under federal law, but state law (such as Vermont) may grant additional rights
• To our affiliates for marketing — you can opt out (see Section 6)
• To service providers under contractual confidentiality obligations (cloud, document storage, KYC vendors, fraud-screening, mailers, card processors)
• To unaffiliated joint-marketing partners — limited and contractually restricted; you can opt out
• To regulators, law enforcement, courts, and credit bureaus as required by law

We do not sell your personal information for money or other valuable consideration, and we do not engage in cross-context behavioral advertising as defined under California law.

Depending on where you live, you may have the following rights with respect to your personal information:

• Know what personal information we have collected, used, disclosed, or sold/shared in the prior 12 months
• Access a portable copy of the personal information we hold about you
• Correct inaccurate personal information we maintain
• Delete personal information, subject to exceptions for legal record-keeping (we are required to keep most banking records for at least five years)
• Limit our use and disclosure of sensitive personal information beyond what is necessary to deliver requested services
• Opt out of sale or sharing of personal information (we do not sell; we honor opt-out requests for any sharing covered by state law)
• Receive non-discriminatory service if you exercise any right above
• Designate an authorized agent to submit a request on your behalf

To exercise a right, sign into your account and visit Settings → Privacy, email privacy@paxnovatrust.com, or call 1-800-PAXNOVA-1. We will verify your identity before responding and may take up to 45 days, with one 45-day extension where reasonable.

You may opt out of the following:

• Affiliate sharing for marketing — under the Fair Credit Reporting Act § 624
• Joint-marketing arrangements with unaffiliated third parties
• Receiving prescreened credit / insurance offers (1-888-5-OPT-OUT or optoutprescreen.com)

To opt out, sign into your account, visit Settings → Communications & Sharing, or contact us at privacy@paxnovatrust.com. Opt-outs typically take effect within 30 days.

We and authorized service providers use cookies, pixels, SDKs, and similar technologies to keep you signed in, prevent fraud, remember preferences, measure performance, and (with your consent) personalize marketing. You can manage non-essential cookies via the “Cookie settings” link in the footer or your browser settings. We honor the Global Privacy Control signal for residents of jurisdictions that recognize it.

Our Services are not directed to children under 13, and we do not knowingly collect personal information from anyone under 13 (or under 16 in jurisdictions where stricter standards apply). If you believe we have collected information from a child, please contact our Privacy Officer immediately and we will delete it.

We follow the safeguards required by the Federal Financial Institutions Examination Council (FFIEC) and the Gramm-Leach-Bliley Safeguards Rule. Controls include encryption in transit (TLS 1.2+) and at rest (AES-256), multi-factor authentication, role-based access, hardware-backed key management, continuous monitoring, and annual penetration testing by independent firms.

We retain personal information for as long as your account is open and for the periods required by law thereafter — generally five years from your last transaction under the Bank Secrecy Act, seven years for IRS-reportable records, and longer for certain anti-money- laundering records. After the required retention period we either delete or anonymize the data.

We process and store personal information in the United States. Where we transfer personal information to vendors outside the U.S. for limited service-delivery purposes, we use contractual safeguards and, where applicable, the EU Standard Contractual Clauses.

We will post material changes here and, where required by law, notify you in advance by email or in-app banner. The “Last updated” date at the top of this page indicates when the notice was last revised.

Paxnova Trust Bank, N.A.
Attn: Chief Privacy Officer
1000 N Point St, San Francisco, CA 94109
Email: privacy@paxnovatrust.com
Phone: 1-800-PAXNOVA-1