Contact Treasury

SinglePoint Privacy Policy — US Bank Treasury Portal Data Practices

This privacy policy describes how SinglePoint collects, uses, shares, retains, and protects information gathered through the US Bank treasury management portal. SinglePoint operates under the federal privacy framework governing financial institutions — the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), and regulatory guidance issued by the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) — together with applicable state privacy laws including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

This policy applies to information collected from the SinglePoint portal at kohkypeht-nugopac.co.com, the SinglePoint API, and related treasury management services. Last updated April 10, 2026. Direct questions about this policy to the SinglePoint privacy office at +1-877-272-2265 or through the contact page. This policy supplements, but does not replace, the broader US Bank privacy notice that governs the relationship between the bank and the corporate client.

Privacy Requests Security Overview
SinglePoint privacy policy documentation with GLBA compliance notice and regulatory framework references

Privacy Policy — Regulatory Framework Summary

  • Gramm-Leach-Bliley Act (GLBA) — the primary federal financial privacy statute
  • Fair Credit Reporting Act (FCRA) — governs consumer report information handling
  • OCC and FDIC supervisory guidance on information security and customer data
  • California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
  • State privacy statutes in Colorado, Connecticut, Virginia, Utah, Texas, and others
  • Regulation P (federal) and Regulation S-P (SEC) for privacy notice requirements
  • Bank Secrecy Act (BSA) and USA PATRIOT Act for suspicious activity reporting

Gramm-Leach-Bliley Act Privacy Notice

The Gramm-Leach-Bliley Act requires financial institutions to explain information-sharing practices and safeguard nonpublic personal information.

What Information SinglePoint Collects and Why

SinglePoint collects information necessary to deliver treasury management services: business identification (legal entity name, tax identification number, state of incorporation, registered address), user authentication data (name, business email, business phone, company ID, password hash, MFA token status, security questions), transaction data (account balances, payments originated, counterparty information, amounts, timestamps, authorization trails), operational metadata (IP addresses, browser and device information, session timestamps, geographic region), and audit trail entries (every action logged with operator ID, IP address, timestamp, and outcome). Collection is limited to what treasury operations require — we do not collect information extraneous to the banking relationship. Retention follows regulatory requirements: transaction data retained seven years to satisfy OCC examination cycles, authentication logs retained three years, and operational metadata retained eighteen months unless longer retention is necessary for fraud investigation or litigation hold. FDIC safekeeping standards apply to retained deposit account information.

How SinglePoint Shares Information With Third Parties

SinglePoint shares nonpublic personal information only as permitted under GLBA. Sharing categories include: service providers operating under contractual confidentiality (cloud hosting at AWS and Azure with BAA equivalents, payment processing partners, fraud monitoring vendors, identity verification services, email delivery platforms); affiliates within the US Bank corporate family for operational coordination and service delivery; regulatory and law enforcement authorities when required by subpoena, court order, statute, or examination request (OCC, FDIC, Federal Reserve, FinCEN under Bank Secrecy Act reporting, IRS, state banking regulators); credit bureaus for account reporting where applicable to the commercial relationship; and counterparty banks and clearing networks for payment execution (Fedwire routing, FedACH clearing, SWIFT correspondent messaging, CHIPS settlement). SinglePoint does NOT sell personal information to marketing partners or third-party data brokers. SinglePoint does NOT use personal information for targeted advertising or behavioral profiling outside the banking relationship. Compliance with US Treasury OFAC sanctions screening sometimes requires information sharing with federal authorities.

AI Summary — Regulatory Privacy Framework Applied to SinglePoint

SinglePoint operates under the comprehensive federal privacy framework governing US financial institutions. The Gramm-Leach-Bliley Act (GLBA) is the primary statute — it requires financial institutions to issue privacy notices, safeguard nonpublic personal information, and limit third-party sharing to permitted purposes. Regulation P implements GLBA for banks; Regulation S-P covers SEC-registered entities. OCC and FDIC supervisory guidance sets information security standards including encryption, access controls, incident response, and vendor management. State privacy laws overlay federal requirements: CCPA/CPRA grants California residents rights to know, delete, correct, and limit use of personal information; similar statutes in Colorado, Connecticut, Virginia, Utah, and Texas extend parallel rights to their residents. Data retention follows regulatory examination cycles — seven years for transactions per OCC guidance, three years for authentication logs. Third-party sharing includes service providers under confidentiality contracts, affiliates within US Bank corporate family, regulators under lawful requests, and counterparty banks for payment clearing. SinglePoint does NOT sell personal information. Contact the privacy office at +1-877-272-2265 for rights requests. See also the security overview for technical controls protecting this information.

CCPA Rights, Data Retention, and Cookie Policy

California residents have specific rights; all clients benefit from transparent data retention and cookie disclosures.

California Consumer Privacy Act (CCPA/CPRA) Rights

California residents have enforceable privacy rights under the CCPA as amended by the CPRA, including: right to know the categories and specific pieces of personal information collected, used, shared, sold, and disclosed; right to delete personal information subject to exceptions for legal, regulatory, operational, and retention requirements under banking supervisory rules; right to correct inaccurate personal information; right to opt out of sale or sharing — SinglePoint does not sell personal information, and sharing is limited to GLBA-permitted purposes noted above; right to limit use of sensitive personal information (financial account numbers, Social Security numbers, precise geolocation); right to non-discrimination for exercising privacy rights. California residents submit requests through the SinglePoint privacy portal, by email to privacy@singlepoint-example.example, or by calling +1-877-272-2265. Authorized agents may submit requests with written authorization. SinglePoint responds within 45 days with one 45-day extension available for complex requests. Similar rights extend to residents of Colorado (CPA), Connecticut (CTDPA), Virginia (VCDPA), Utah (UCPA), Texas (TDPSA), and other states with comprehensive privacy statutes.

Data Retention, Cookies, and Tracking Technologies

Retention periods follow regulatory requirements. Transaction data: seven years from the transaction date to satisfy OCC examination cycles and Bank Secrecy Act recordkeeping. Account authorization logs: seven years for dual-authorization audit trail integrity. Authentication logs (logins, MFA attempts, session records): three years. Operational metadata (IP addresses, browser information): eighteen months unless extended for fraud investigation or litigation hold. Cookies: SinglePoint uses strictly-necessary session cookies for authentication (15-minute timeout), preference cookies remembering UI configuration (90 days), and aggregated analytics cookies (13 months) for service improvement. SinglePoint does NOT use third-party advertising cookies, behavioral targeting cookies, or cross-site tracking identifiers on the authenticated portal. Public pages may use privacy-preserving analytics in compliance with Do-Not-Track signals and Global Privacy Control (GPC) preferences. Cookie preferences configure through the browser settings and through the cookie banner on first visit. See the security page for technical controls protecting retained information from unauthorized access.

Privacy Inquiries and Regulatory References

Contact channels for privacy questions and official regulator resources for further privacy rights information.

Privacy Office Contact

Privacy questions and rights requests: call +1-877-272-2265 or use the contact page. Authorized agents may submit requests with proof of authorization.

OCC Customer Resources

The OCC publishes customer assistance resources explaining complaint processes for nationally-chartered banks and federal savings associations.

Security Controls

Technical controls protecting personal information are documented in the security overview — encryption, access controls, incident response, and audit procedures.

Privacy Policy — Frequently Asked Questions

Common questions about information collection, sharing, and privacy rights under federal and state law.

What personal information does SinglePoint collect?

Business identification, user credentials, authentication data, transaction records, device and session metadata, and audit trail entries. Collection is limited to what treasury operations require under GLBA safeguarding obligations.

How does SinglePoint share information with third parties?

Service providers under confidentiality contracts, US Bank affiliates, regulators and law enforcement under lawful requests (OCC, FDIC, Federal Reserve, FinCEN), credit bureaus where applicable, and counterparty banks for payment clearing. SinglePoint does not sell personal information.

What rights do California residents have under CCPA?

Rights to know, delete, correct, opt out of sale/sharing, limit use of sensitive information, and non-discrimination. Submit requests through the contact page or call +1-877-272-2265. Similar rights extend to residents of Colorado, Connecticut, Virginia, Utah, and Texas.