Your Banking Partner
This privacy policy describes the types of personal information Sascu collects, the reasons we collect it, the limited circumstances under which we share it, and the choices you have regarding how your information is handled. Sascu is subject to the privacy provisions of the Gramm-Leach-Bliley Act (GLBA), which governs how financial institutions collect and disclose nonpublic personal information, as well as applicable state privacy laws including the California Consumer Privacy Act (CCPA) for customers who reside in California. We provide this policy to all account holders and to visitors who interact with the Sascu website and digital services. For the full text of the GLBA privacy rule and its consumer protections, visit fdic.gov.
Information We Collect
Sascu collects information directly from you when you open an account, apply for a loan, enroll in online banking, or use our digital services. This includes personal identifiers such as your name, address, Social Security number, date of birth, telephone number, and email address. When you apply for credit products, we also collect financial information including your income, employment history, assets, and existing debt obligations. Transaction and experience information — account balances, payment history, debit card purchases, deposits, and transfers — is generated as you use Sascu products and services.
We also collect technical information when you visit the Sascu website or use the mobile banking app. This includes your IP address, browser type and version, device operating system, referring and exit pages, date and time stamps, and clickstream data showing which pages you visit and in what order. When you sign in to online banking, we log the date, time, browser, IP address, and approximate geographic location of each session for security monitoring and fraud prevention purposes. None of this technical information is sold to third parties or used for purposes unrelated to account servicing, security, or regulatory compliance.
Data Collection Categories
| Category | Examples | Purpose | Retention Period |
|---|---|---|---|
| Personal Identifiers | Name, address, SSN, date of birth, phone, email, government ID numbers | Account opening, identity verification, regulatory compliance, communications | Duration of account relationship plus seven years |
| Financial Information | Income, employment history, assets, debts, credit history, account balances | Credit underwriting, account servicing, regulatory reporting | Duration of account relationship plus seven years |
| Transaction Data | Purchase records, payment history, deposits, transfers, wire details | Account statements, fraud detection, regulatory compliance | Duration of account relationship plus five years |
| Technical Data | IP address, browser type, device OS, login timestamps, geolocation data | Security monitoring, fraud prevention, website performance, session management | Twelve months from collection for most logs; ninety days for login history |
| Communication Records | Phone call recordings, chat transcripts, email correspondence, secure messages | Customer service quality assurance, dispute resolution, regulatory compliance | Three years from the date of the communication |
How We Use Your Information
Sascu uses the personal information we collect to provide, maintain, and improve the financial products and services you have requested. This includes processing transactions, sending account statements and notifications, evaluating credit applications, detecting and preventing fraud, complying with legal and regulatory obligations, and communicating with you about your accounts. We also use aggregated, de-identified data — which cannot be linked back to any individual — for internal analytics, product development, and trend analysis. When information is aggregated and de-identified, it is no longer considered personal information under this policy.
Information Sharing Practices
Sascu does not sell personal information to anyone, under any circumstances. We may share your information with third-party service providers who perform essential functions on our behalf — payment processors, check printers, statement fulfillment vendors, cloud hosting providers, and fraud detection services. These providers are contractually bound to use your information only for the specific purpose Sascu has engaged them to perform and are prohibited from retaining, using, or disclosing the information for any other purpose. We may also disclose information as required by law, such as in response to a subpoena, court order, or regulatory examination, or to prevent fraud and unauthorized transactions. For additional information about your rights regarding information sharing, the Consumer Financial Protection Bureau publishes consumer guides that explain the protections available under federal financial privacy law.
Your Rights Under GLBA and CCPA
Under the Gramm-Leach-Bliley Act, you have the right to opt out of certain information sharing with non-affiliated third parties. Sascu provides an annual privacy notice that describes the specific categories of information we collect and the entities with whom we share it, along with instructions for exercising your opt-out rights. Under the California Consumer Privacy Act, California residents have the right to request disclosure of the categories and specific pieces of personal information Sascu has collected about them, the categories of sources from which the information was collected, the business purpose for collecting the information, and the categories of third parties with whom the information was shared. California residents also have the right to request deletion of personal information, subject to certain exceptions required by law or necessary for ongoing business operations. Sascu will not discriminate against any consumer who exercises their privacy rights under applicable law.
Data Retention and Security
Sascu retains personal information for the duration of the account relationship plus the periods specified in the data collection table above, after which the information is securely disposed of in accordance with established records-retention and destruction schedules. During the retention period, information is stored on encrypted servers in physically secured data centers with access limited to personnel who require it for legitimate business purposes. All data in transit between your browser and Sascu systems is protected by 256-bit TLS encryption. Data at rest — stored in databases, file systems, and backup media — is encrypted using industry-standard encryption algorithms. Sascu conducts regular security assessments, penetration testing, and third-party audits of its information security program, and all employees receive annual privacy and data-security training.
Cookie Policy
The Sascu website uses cookies and similar technologies for essential functionality, security, and analytics. Essential cookies are required for the website to operate — they maintain your session state during online banking, remember your accessibility preferences, and support the multi-factor authentication flow. Analytics cookies collect aggregate, de-identified information about how visitors use the website — which pages are most visited, which browsers are most common, how long visitors spend on specific pages — and this data is used solely to improve site performance and content organization. Sascu does not use advertising cookies, tracking cookies from third-party ad networks, or cookies that build behavioral profiles for marketing purposes. You can configure your browser to reject all cookies or to notify you when a cookie is being set; however, essential cookies are necessary for online banking functionality, and rejecting them will prevent you from signing in.
Children's Privacy
Sascu does not knowingly collect personal information from children under the age of thirteen. Our financial products and services are designed for adults who can enter into legally binding contracts. If Sascu becomes aware that personal information from a child under thirteen has been collected without verifiable parental consent, that information will be promptly deleted. Parents or guardians who believe their child may have provided personal information to Sascu should contact us using the information in the section below.
Contact for Privacy Inquiries
If you have questions about this privacy policy, wish to exercise your rights under GLBA or CCPA, or need to report a privacy concern, contact Sascu at (866) 729-4728 during regular business hours or write to Sascu Privacy Office, 1400 Financial Parkway, Suite 300, Oak Brook, IL 60523. Include your full name, the last four digits of your account number, and a description of your inquiry. We respond to all verified privacy requests within the timeframes required by applicable law — typically thirty days for CCPA requests and forty-five days for written privacy inquiries, with a one-time extension available in complex cases.