Contact Us

Privacy Policy — How Corporate Connect Collects, Uses, and Protects Your Information

This privacy policy explains how Corporate Connect and US Bank collect, use, share, and protect the personal and financial information of operators, administrators, and authorized users of the Corporate Connect commercial banking platform. Our privacy practices comply with the Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act (CCPA), and the privacy regulations enforced by the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC). US Bank is committed to protecting your information while delivering the commercial banking services your organization requires.

This policy applies to all information collected through the Corporate Connect platform, the corporateconnect.co.com website, and related communications including email, telephone, and in-person interactions with US Bank representatives. Last updated: April 8, 2026. NMLS #401249.

Privacy Policy Key Points — April 2026

  • GLBA compliant: information collected and shared only as permitted under the Gramm-Leach-Bliley Act
  • Data collected: operator identity, contact information, device data, IP address, transaction records, session logs
  • Sharing: with service providers for transaction processing; with regulators as required by law; no sale of personal data
  • Opt-out: request to limit sharing with non-affiliated third parties for marketing via phone or privacy settings
  • CCPA: California residents may request access, deletion, and opt-out of personal information sale
  • Cookies: essential (session/auth), functional (preferences), analytics (performance), security (fraud detection)
  • Retention: transaction records 7 years per federal regulation; session logs 3 years; marketing data until opt-out

Information We Collect

Corporate Connect collects information necessary to provide commercial banking services, maintain platform security, comply with federal regulations, and improve the user experience.

Information You Provide Directly

When your organization opens a US Bank commercial banking relationship, we collect: business legal name, Employer Identification Number (EIN), state of incorporation, business address, beneficial ownership information (as required by the OCC Customer Due Diligence Rule), and authorized signer identification including name, date of birth, Social Security Number, and government-issued identification. When company administrators create operator profiles in the user management module, we collect: operator name, email address, phone number, and role designation. When operators use Corporate Connect, we collect: transaction data including amounts, payees, account numbers, dates, and authorization chains. When you contact US Bank at +1-800-344-8758, we may record and transcribe the call for quality assurance and dispute resolution.

Information Collected Automatically

Corporate Connect automatically collects technical and usage data during each session: IP address, browser type and version, operating system, device type, screen resolution, session start and end times, pages visited within the platform, actions performed (login, transaction creation, report generation, data export), RSA SecurID token serial number, and authentication timestamps. This data serves three purposes: security — detecting unauthorized access, anomalous behavior, and fraud; compliance — maintaining the audit trail required by the OCC for seven years; and performance — monitoring platform response times, error rates, and usage patterns to improve the service. Automatic collection uses session cookies and server-side logging — no third-party tracking scripts are present in the Corporate Connect platform.

How We Use Your Information

Information collected through Corporate Connect is used exclusively for purposes permitted under the Gramm-Leach-Bliley Act and applicable federal and state regulations.

Service Delivery and Transaction Processing

We use your information to: authenticate operators and maintain session security; process wire transfers, ACH payments, bill payments, payroll, and vendor payments; administer corporate card programs; generate account summaries, transaction reports, and custom reports; deliver data exports via email and SFTP; enforce dual authorization and access controls; send transaction confirmations, balance alerts, and security notifications; and respond to customer service inquiries. Without this information, we cannot provide commercial banking services through Corporate Connect.

Security, Fraud Prevention, and Compliance

We use your information to: detect and prevent unauthorized access to Corporate Connect; monitor transactions for suspicious activity under BSA/AML regulations; screen outbound payments against OFAC sanctions lists; verify beneficiary information for international payments; maintain the seven-year audit trail required by the OCC; respond to regulatory examinations and legal process; investigate and resolve fraud claims; and enforce the terms of your US Bank commercial banking agreement. These uses are mandatory under federal banking law and cannot be opted out of. Information used for security and compliance is retained for the periods required by the applicable regulation, typically seven years for transaction records and indefinitely for sanctions screening results.

Information Sharing Practices

Corporate Connect shares information only as permitted by the Gramm-Leach-Bliley Act and only with parties that have a legitimate business or regulatory need. We do not sell personal information.

Sharing Required for Service Delivery

We share information with: Payment networks — Fedwire, SWIFT, ACH/Nacha, and CHIPS receive transaction details necessary to settle payments; Correspondent banks — intermediary banks in international wire transfer chains receive beneficiary and payment information; Service providers — technology vendors that host, maintain, or support Corporate Connect infrastructure operate under contractual confidentiality obligations and data processing agreements; Your organization — company administrators receive operator activity data, audit reports, and transaction records through the user management and reporting modules. This sharing cannot be opted out of because it is necessary to deliver the banking services you have requested.

Sharing Required by Law or Regulation

We share information with: Federal regulators — the OCC, FDIC, Federal Reserve, and FinCEN when required by law, examination, or regulatory inquiry; Law enforcement — in response to valid subpoenas, court orders, or legal process; Sanctions authorities — OFAC receives screening data for international transaction compliance; BSA/AML reporting — Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) are filed with FinCEN as required by the Bank Secrecy Act. We do not notify affected parties when filing SARs, as disclosure is prohibited by federal law. This sharing is mandatory and cannot be opted out of.

Your Rights and Opt-Out Options

Federal and state law provide you with specific rights regarding your personal information. The scope of these rights depends on your state of residence and the type of information involved.

GLBA Opt-Out Rights

Under the Gramm-Leach-Bliley Act, you may opt out of sharing your personal information with non-affiliated third parties for marketing purposes. To exercise this right, call +1-800-344-8758 and request a privacy opt-out, or navigate to Privacy Settings within Corporate Connect. Opt-out requests take effect within 30 days and remain in effect until you revoke them. Note: you cannot opt out of sharing required for transaction processing, fraud prevention, regulatory compliance, or the delivery of banking services you have requested. Joint account holders must each submit separate opt-out requests.

California Consumer Privacy Act (CCPA) Rights

California residents have additional rights under the CCPA: Right to Know — request a copy of the personal information Corporate Connect has collected about you in the preceding 12 months, including categories, sources, purposes, and third-party recipients. Right to Delete — request deletion of personal information, subject to exceptions for information required for transaction processing, fraud prevention, regulatory compliance, and legal obligations. Right to Opt-Out — Corporate Connect does not sell personal information; therefore the right to opt out of sale is not applicable. Right to Non-Discrimination — exercising CCPA rights will not result in denial of service, different pricing, or reduced service quality. Submit CCPA requests by calling +1-800-344-8758 or emailing privacy requests through the Corporate Connect help center. We verify identity before processing requests and respond within 45 days.

Cookies and Tracking Technologies

Corporate Connect uses cookies to maintain session security, remember preferences, and monitor platform performance. No advertising or third-party tracking cookies are used.

Cookie Categories

Essential cookies manage authentication sessions and maintain state between page loads. Without these cookies, operators cannot log in or navigate the platform. These cannot be disabled. Security cookies detect session hijacking, cross-site request forgery, and other attack vectors. These cannot be disabled. Functional cookies remember user preferences such as default account views, report configurations, and dashboard layouts. Disabling functional cookies resets preferences to defaults on each login. Analytics cookies collect anonymized usage data including page load times, feature utilization rates, and error frequencies. This data helps US Bank identify performance bottlenecks and prioritize improvements. Analytics cookies can be disabled through the cookie preferences panel without affecting platform functionality.

Managing Cookie Preferences

Access the cookie preferences panel through the Privacy Settings link in Corporate Connect or through your browser settings. Essential and security cookies are always active — they are required for platform operation and security. Functional and analytics cookies can be toggled on or off. Changes take effect on the next page load. Browser-level cookie blocking may prevent Corporate Connect from functioning correctly if essential cookies are blocked. Corporate Connect does not use local storage, IndexedDB, or other browser storage mechanisms beyond cookies. Session cookies expire when the browser closes. Persistent cookies expire after 90 days and are renewed on each login.

Data Retention and Security

Corporate Connect retains information for the periods required by federal banking regulation and protects it with enterprise-grade encryption and access controls throughout its lifecycle.

Retention Periods

Transaction records: seven years from the date of transaction, as required by OCC regulations and the Bank Secrecy Act. Audit trail entries: seven years from the date of the logged action. Account opening documents: seven years after account closure, including beneficial ownership records. Session logs: three years from the session date. Cookie data: 90 days for persistent cookies; session cookies expire on browser close. Customer service records: five years from the date of interaction. Marketing preferences: retained until you modify or revoke them. When retention periods expire, data is securely deleted using NIST SP 800-88 compliant media sanitization procedures.

Security Measures

Information stored in Corporate Connect is protected by: 256-bit TLS encryption for all data in transit; AES-256 encryption for all data at rest; hardware security modules (HSMs) for encryption key management; role-based access controls limiting employee access to the minimum necessary; multi-factor authentication for all administrative access to backend systems; real-time intrusion detection and prevention systems; SOC 2 Type II audited security controls; PCI DSS compliant infrastructure for corporate card data; annual penetration testing by independent security firms; and 24/7 security operations center monitoring. US Bank is FDIC insured and regulated by the OCC. See the security page for additional detail.

Children's Privacy and International Users

Additional privacy considerations for specific user categories.

Children's Privacy

Corporate Connect is a commercial banking platform designed for business use by authorized corporate operators. The platform is not directed at individuals under the age of 18, and we do not knowingly collect personal information from children. If you believe that a minor has provided personal information through Corporate Connect, contact +1-800-344-8758 and we will delete the information promptly.

International Considerations

Corporate Connect operates within the United States and is subject to US federal and state privacy laws. Information collected through the platform is stored and processed in the United States. If you access Corporate Connect from outside the United States, your information will be transferred to and processed in the United States. By using Corporate Connect, you consent to this transfer. US Bank does not represent that Corporate Connect complies with the privacy laws of jurisdictions outside the United States. International subsidiaries that use Corporate Connect through a US-based parent company should consult their legal counsel regarding cross-border data transfer requirements.

Changes to This Privacy Policy

US Bank may update this privacy policy to reflect changes in our practices, technology, legal requirements, or regulatory guidance.

Material changes to this privacy policy will be communicated through: an in-app notification within Corporate Connect at least 30 days before the changes take effect; an email to company administrators on record; and an updated effective date at the top of this page. Continued use of Corporate Connect after the effective date constitutes acceptance of the updated policy. Prior versions of this privacy policy are available upon request by contacting +1-800-344-8758. If you disagree with changes to the privacy policy, contact your US Bank relationship manager to discuss your options.

Contact Us About Privacy

For questions about this privacy policy, to exercise your opt-out or CCPA rights, or to report a privacy concern, contact US Bank through any of these channels: Phone: +1-800-344-8758 (Monday-Friday, 7:00 AM-7:00 PM CT). Mail: US Bank Privacy Office, 800 Nicollet Mall, Minneapolis, MN 55402. Online: Submit a privacy request through the Corporate Connect help center. Regulatory complaints: If you believe your privacy rights have been violated, you may also file a complaint with the OCC or the FDIC.

Your Privacy Matters to Corporate Connect

US Bank is committed to protecting the personal and financial information entrusted to us through Corporate Connect. If you have questions about our privacy practices or want to exercise your opt-out rights, call +1-800-344-8758 or visit the Corporate Connect privacy settings.

Contact Us Security Details

Frequently Asked Questions About Privacy

Answers about data collection, information sharing, opt-out rights, and cookie usage in Corporate Connect.

What personal information does Corporate Connect collect?

Operator name, email, phone, IP address, device data, session activity, and transaction records. For account opening: business name, EIN, beneficial ownership, authorized signer ID. Collection complies with the Gramm-Leach-Bliley Act and OCC requirements.

How can I opt out of information sharing?

Call +1-800-344-8758 or use Privacy Settings in Corporate Connect to opt out of sharing with non-affiliated third parties for marketing. Takes effect within 30 days. Cannot opt out of sharing required for transaction processing, fraud prevention, or regulatory compliance.

Does Corporate Connect use cookies?

Yes. Essential (session/auth) and security (fraud detection) cookies are required and cannot be disabled. Functional (preferences) and analytics (performance) cookies can be managed through the cookie preferences panel. No advertising or third-party tracking cookies are used. See security for additional protections.