Privacy Policy

We collect information you provide directly during enrollment and through the ongoing operation of your accounts. This includes legal name, government-issued identification, residential address, date of birth, tax identification numbers, employment data, source-of-wealth declarations, and contact information.

We also collect operational data generated by your use of our services: device identifiers, IP address, browser fingerprint, geolocation derived from network metadata, authentication telemetry, and a complete record of transactions executed through Chase-Bank rails.

Information is used to open and service accounts, verify identity under Know-Your-Customer and Anti-Money-Laundering obligations, detect and prevent fraud, perform sanctions screening, provide personalized advisory, communicate operationally with you, and comply with applicable law.

We do not sell personal information. We do not rent contact lists. We do not share your data with third-party advertisers, ever.

We process personal data under the bases of contractual necessity (operating your accounts), legal obligation (financial regulation, tax reporting, sanctions enforcement), legitimate interest (fraud detection, network security), and consent (optional features, marketing communications).

We share information with regulated processors that act on our written instruction: cloud infrastructure providers under SOC 2 controls, card networks for transaction settlement, identity-verification bureaus, payment system operators (Fedwire, SWIFT, ACH, SEPA), and external auditors under confidentiality.

We disclose information to government authorities only under valid legal process, and only to the extent we are legally compelled to do so. Where the law permits, we notify the account holder.

Data may be processed in the United States, Switzerland, the European Union, the United Kingdom, and Singapore. Cross-border transfers are governed by Standard Contractual Clauses, the Swiss-U.S. Data Privacy Framework, and equivalent safeguards approved by the relevant supervisory authorities.

Account records are retained for the life of the relationship and for a minimum of seven years following closure, as required by financial recordkeeping law. Authentication telemetry is retained for 24 months. Marketing preferences are retained until withdrawn.

Depending on your jurisdiction, you have the right to access, correct, port, restrict, or erase your personal data; to withdraw consent; and to lodge a complaint with a supervisory authority. To exercise these rights, contact your relationship director or write to privacy@chsbank.example.

We protect personal data with AES-256 encryption at rest, TLS 1.3 in transit, FIDO2 hardware-bound authentication, behavioural biometrics, and an internal access regime governed by least-privilege and dual-control review.

Material changes to this policy will be communicated in writing to active clients at least 30 days before they take effect. The current version is always posted on this page with its effective date.