Last Updated: January 15, 2025

1. Overview

Aurex Bank ("Aurex Bank," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information about you when you use our banking services, website, and mobile applications.

By using Aurex Bank's services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use our services.

2. Information We Collect

2.1 Information You Provide Directly

When you open an account or use our services, we collect:

  • Full legal name, date of birth, and Social Security Number or ITIN
  • Government-issued identification documents
  • Email address, phone number, and mailing address
  • Financial information including income, assets, and employment details
  • Account credentials (username, password - never stored in plaintext)
  • Communications you send to us (emails, chat logs, support tickets)

2.2 Information Collected Automatically

When you use our platform, we automatically collect:

  • Transaction history, including amount, merchant, date, time, and location
  • Device information (device type, operating system, browser type, IP address)
  • Usage data (pages visited, features used, session duration)
  • Location data (with your permission, for fraud detection and branch locating)
  • Cookies and similar tracking technologies (see Section 6)

2.3 Information From Third Parties

We may receive information about you from:

  • Credit reporting agencies (for credit assessments)
  • Identity verification services (KYC/AML compliance)
  • Employers or payroll processors (for direct deposit setup)
  • Other financial institutions (for account linking or transfer verification)

3. How We Use Information

We use your personal information to:

  • Provide, operate, and improve our banking services
  • Process transactions and maintain your account
  • Verify your identity and prevent fraud and money laundering
  • Comply with legal and regulatory requirements (Bank Secrecy Act, AML laws, etc.)
  • Communicate with you about your account, transactions, and service updates
  • Personalize your banking experience with relevant product recommendations
  • Conduct risk assessments for loan and credit applications
  • Improve our AI and analytics systems to better serve you
  • Respond to your inquiries and resolve disputes

4. Information Sharing

We do not sell your personal information to advertisers or marketing companies - ever. We may share your information in the following limited circumstances:

  • Service Providers: Trusted third-party vendors who process data on our behalf (payment processors, cloud hosting, identity verification) under strict confidentiality agreements.
  • Legal Requirements: When required by law, court order, subpoena, or regulatory authority (FDIC, OCC, FinCEN, IRS).
  • Fraud Prevention: With fraud prevention organizations and law enforcement to protect against financial crime.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets - with your data protections transferring to the successor entity.
  • With Your Consent: For any other purpose with your explicit consent.

5. Data Security

Aurex Bank employs industry-leading security measures to protect your personal information:

  • 256-bit AES encryption for all data in transit and at rest
  • Multi-factor authentication (MFA) required for all account access
  • Regular penetration testing and security audits by independent firms
  • Real-time AI fraud detection monitoring all transactions
  • ISO 27001, SOC 2 Type II, and PCI DSS Level 1 certifications maintained
  • Zero-trust security architecture with principle of least privilege access
  • 24/7 Security Operations Center (SOC) monitoring

Despite these measures, no system is 100% impenetrable. In the event of a data breach affecting your rights and interests, we will notify you within 72 hours as required by applicable law.

6. Cookies & Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Essential Cookies: Required for our platform to function (session management, security tokens). Cannot be disabled.
  • Analytics Cookies: Help us understand how users interact with our platform, allowing us to improve the experience. These do not identify you personally.
  • Preference Cookies: Remember your settings and preferences (language, display options).
  • Security Cookies: Support fraud detection and device recognition for authentication purposes.

You can manage cookie preferences through your browser settings or our Cookie Preferences panel. Disabling non-essential cookies will not affect your core banking functionality.

7. Your Rights

Subject to applicable law, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of all personal data we hold about you.
  • Right of Rectification: Correct any inaccurate or incomplete personal information.
  • Right to Erasure: Request deletion of your personal data (subject to regulatory retention requirements).
  • Right to Restrict Processing: Limit how we process your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing for direct marketing or based on legitimate interests.

To exercise these rights, contact our Privacy Team at privacy@aurexbank.com or through the app's Privacy Settings.

8. Data Retention

We retain personal data for as long as necessary to provide our services and comply with legal obligations. Specific retention periods include:

  • Transaction records: 7 years (required by Bank Secrecy Act and IRS regulations)
  • KYC/identity verification documents: 5 years after account closure
  • Communication records: 3 years
  • Marketing preferences: Until opt-out or account closure
  • Security logs: 2 years

9. Children's Privacy

Our primary banking services are intended for individuals 18 years of age and older. We offer Youth Accounts for users aged 13-17 with parental consent and co-applicant supervision. We do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected such information, we will promptly delete it.

10. International Data Transfers

As a global bank, your information may be transferred to and processed in countries other than your own. We ensure that all international data transfers are governed by appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, and that recipient countries provide adequate protection for personal data.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will notify you via email and prominently display a notice on our website and mobile app. Your continued use of our services after such notice constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions, concerns, or to exercise your rights, contact our Privacy Officer:

  • Email: privacy@aurexbank.com
  • Mail: Privacy Officer, Aurex Bank, 350 Fifth Avenue, Suite 4800, New York, NY 10118
  • Phone: +1 (800) 287-3900 (ask for Privacy Department)
  • Response Time: We respond to all privacy requests within 30 days