Privacy Policy

Effective Date: April 1, 2026

Cubi LLC ("Cubi," "we," "our," or "us") is committed to protecting the privacy of our customers, their members and customers, and visitors to our website. This Privacy Policy describes how we collect, use, disclose, and safeguard information in connection with our website (heycubi.com), our analytics platform (app.heycubi.com), and related services (collectively, the "Services").

1. Information We Collect

1.1 Information You Provide

• Contact Information: Name, email address, institution name, role, and phone number when you request a walkthrough, create an account, or contact us.
• Account Information: Login credentials and profile details for platform users.
• Communications: Messages, feedback, and correspondence you send to us.

1.2 Institution Data

When a financial institution ("FI") engages Cubi, we process data from the FI's core banking system to power analytics dashboards. This data may include account-level and member-level information. This data belongs to the FI. Cubi acts as a data processor on behalf of the FI and does not sell, share, or use institution data for any purpose other than providing the Services to that FI.

1.3 Automatically Collected Information

• Usage Data: Pages visited, features used, and interactions within the platform.
• Device & Browser Data: IP address, browser type, operating system, and device identifiers.
• Cookies & Analytics: We use analytics tools to understand how visitors interact with our website. See Section 5 below.

2. How We Use Information

• To provide, maintain, and improve the Services.
• To process walkthrough requests and communicate with prospective customers.
• To send alerts, notifications, and reports that platform users have configured.
• To monitor platform health, detect errors, and ensure data pipeline reliability.
• To comply with legal obligations and respond to lawful requests.

3. How We Share Information

We do not sell personal information. We may share information in the following circumstances:

• With the FI: Institution data is accessible only to authorized users of that FI. We do not share one FI's data with another.
• Service Providers: We use third-party providers for infrastructure, authentication, email delivery, and analytics. These providers are contractually bound to use data only for the purposes we specify.
• Legal Requirements: We may disclose information when required by law, regulation, legal process, or governmental request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, information may be transferred as part of the transaction.

4. Data Security

We implement industry-standard security measures including AES-256 encryption at rest and in transit, tenant-level data isolation, signed authentication tokens, and audit logging of administrative actions. While no system can guarantee absolute security, we are committed to protecting the confidentiality and integrity of all data we process.

5. Cookies & Analytics

Our website uses analytics services to collect aggregated, anonymized usage data such as page views, referral sources, and browser information. This helps us understand how visitors find and use our site. Our analytics tools do not use cookies for cross-site tracking.

The Cubi platform (app.heycubi.com) uses session cookies necessary for authentication and does not serve advertising or use third-party tracking cookies.

6. Data Retention

We retain institution data for the duration of our agreement with the FI. Upon termination, FI data is deleted within 90 days unless a longer retention period is required by law or requested by the FI. Contact information from walkthrough requests is retained for legitimate business purposes and can be deleted upon request.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access, correct, or delete personal information we hold about you.
• Object to or restrict certain processing activities.
• Withdraw consent where processing is based on consent.
• Request a copy of your data in a portable format.

To exercise any of these rights, contact us at contact@heycubi.com.

8. GLBA Compliance

Cubi processes nonpublic personal information ("NPI") on behalf of financial institutions subject to the Gramm-Leach-Bliley Act. We maintain administrative, technical, and physical safeguards consistent with the requirements of GLBA and applicable regulatory guidance. Our platform is designed so that member-level data is accessible only to authorized users within the originating institution.

9. Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify affected customers via email or a notice on our website. The "Effective Date" at the top reflects the most recent revision.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:
Cubi LLC
contact@heycubi.com