Privacy Policy

Last Updated: August 1, 2024

1. Introduction and Purpose

Bank Shot, LLC (the "Company", "we", "us", and "our") is committed to protecting the privacy and security of the personal information we collect, use, share, and otherwise process as part of our business practices. We also believe in transparency, and we are committed to informing you about how we treat the information we collect, use, share, store, and process.

This Privacy Policy (the "Policy") describes our practices regarding your personal information when you use the Bank Shot mobile application (the "App"), visit our website, www.getbankshot.com (the "Site"), or the Bank Shot Portal located at https://admin.checkimg.com/login (the "Portal") (the App, Site, and Portal are collectively referred to as the "Platforms").

Please read this Policy carefully to understand how we treat your personal information and your choices and rights. If you do not agree with the terms and conditions of this Policy, you should not use the Company's services or use any of its platforms. Your use of the Company's services or use of any of its platforms expressly indicates that you agree to the terms and conditions set forth in this Policy.

THE PLATFORMS ARE INTENDED FOR USERS LOCATED IN THE UNITED STATES AND THEY ARE NOT INTENDED FOR USERS LOCATED IN OTHER COUNTRIES, INCLUDING THE EUROPEAN UNION AND THE EUROPEAN ECONOMIC AREA.

2. What Information Do We Collect?

“Personal information” is information that identifies you as an individual or relates to an identifiable individual. Subject to your consent if required by law, we may collect the following categories of personal information:

  • User Registration
  • Business Customer Account Information
  • Location Information
  • Device Permissions
  • Customer Support, Communications, Product Research, Training, and Feedback
  • Bank Account Information
  • Property Information
  • Other Users
  • Device Data & Usage
  • Platform Use

Data Anonymization and Aggregation: Subject to your consent if required by law, we may anonymize or aggregate personal information about you so that you are not identified or identifiable from it, in order to use the anonymized or aggregated data, for example, for statistical analysis including analysis of trends, to carry out actuarial work, to tailor products and services and to conduct risk assessments and analysis of costs and charges in relation to our products and services. We may disclose anonymized or aggregated data to our global affiliates and with other third parties. This Notice does not restrict Bankshots' use or disclosure of any anonymized or aggregated information.

Where we maintain or use de-identified information, we will continue to maintain and use the de-identified information only in a de-identified fashion and will not attempt to re-identify the information.

3. Collection Process

We collect the types of information covered by this Notice from:

  • You when you provide it directly to us;
  • With your consent, automatically when you navigate through or upload to the Company's platforms; and
  • With your consent, from third-party business partners such as financial institutions and payment processing vendors.

4. Information Retention

We retain and use your information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to operate our business, and to enforce our agreements. We may delete your information if we believe it is incomplete, inaccurate, or that our continued storage of it is contrary to our objectives or legal obligations. When we delete data, it will be removed from our active cloud-based servers and databases, but it may remain in our electronic archives for a period of time pursuant to our contractual obligations or when it is not practical or possible to delete it. To the extent permitted by law, we may retain and use anonymous, de-identified, or aggregated information for performance reporting, benchmarking, and analytic purposes and for operational improvement.

5. How Do We Use Your Information?

To the extent permitted by applicable law, we may use the information described above in order to:

  • Operate and improve our operations, business, software, services, and Platforms;
  • Provide you with services, content, customer service, and functionality;
  • Honor our terms of service and contracts;
  • Manage our relationship with you;
  • Maintain our databases and backups, including records of our communications with you;
  • Ensure the privacy and security of our Platforms and services;
  • Detect fraud and prevent loss;
  • Support and improve our Platforms, including evaluations of functionality, features, and software;
  • Improve our customer service;
  • Communicate with you and respond to your feedback, requests, questions, or inquiries;
  • Promote our services;
  • Contact you about other products and services;
  • Improve our marketing efforts, including by providing more tailored advertising;
  • Assess the success of marketing campaigns;
  • Analyze use of the Company's platforms and our services and prepare aggregate traffic information;
  • Recognize your device and remember your preferences and interactions;
  • Provide you with a more personal and interactive experience on the Company's platforms;
  • Determine and track user interests, trends, needs, and preferences;
  • Facilitate corporate mergers, acquisitions, reorganizations, dissolutions, or other transfers;
  • Obtain and maintain insurance coverage, manage risks, and obtain professional advice;
  • Accomplish any other purpose related to and/or ancillary to any of the purposes and uses described in this Notice for which your information was provided to us;
  • Accomplish another purpose described to you when you provide the information, for which you have consented, or for which we have a legal basis under law;
  • Comply with federal, state, or local laws;
  • Comply with a civil, governmental, or regulatory inquiry, order, subpoena, summons, or process;
  • Cooperate with law enforcement agencies;
  • Exercise or defend legal rights or claims; and
  • Create, use, retain, or disclose de-identified or aggregated data.

6. How Do We Disclose or Share Your Information?

Where permitted by applicable law, we may disclose the information described above in the following contexts:

  • Business Customers
  • Corporate Affiliates
  • Acquisitions and Similar Transactions
  • Disclosures with Your Consent
  • Legal Obligations and Rights (Subpoenas, Court Orders, and Warrants)
  • Third Parties
  • Service Providers
  • Professional Advisors
  • Deidentified or Aggregated Data

7. How Long Do We Store and Use Your Information?

We retain and use your information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to operate our business, and to enforce our agreements. We may delete your information if we believe it is incomplete, inaccurate, or that our continued storage of it is contrary to our objectives or legal obligations. When we delete data, it will be removed from our active cloud-based servers and databases, but it may remain in our electronic archives for a period of time pursuant to our contractual obligations or when it is not practical or possible to delete it. To the extent permitted by law, we may retain and use anonymous, de-identified, or aggregated information for performance reporting, benchmarking, and analytic purposes and for operational improvement.

8. How Do We Protect Your Information?

We have put physical, technical, and administrative safeguards in place to protect the information you share with us from accidental loss, use, alteration, disclosure, or from being accessed in an unauthorized manner.

While our security measures seek to protect the personal information in our possession, no security system is perfect, and no data transmission is 100% secure. As a result, while we strive to protect your information, we cannot guarantee or warrant the security of any information transmitted to or from our Platforms. Any transmission of information via the internet or other electronic means is at your own risk. We cannot guarantee that your information will remain secure in all circumstances.

The safety and security of your personal information also depend on you. Where you use a password for access to the App, Site, or Portal, you are responsible for keeping the password confidential. Do not share your password with anyone. You should also take care with how you handle and disclose your personal information and should avoid sending personal information through unsecure email. If a data breach compromises your personal information, we will notify you and any applicable regulator when we are required to do so by applicable law.

9. Third-Parties Sites and Services

This Policy only applies to our Platforms, and it does not apply to any third-party websites or applications.

The Platforms may contain links to, and media or other content from, third parties. These links are to external resources and third parties that have their own privacy policies. Because of the dynamic media capabilities of the Platforms, it may not be clear to you which links are to external, third-party resources. If you click on an embedded third-party link, you will be redirected away from the Platforms to the external third-party website. You can check the URL to confirm that you have left the Platforms.

We cannot and do not (1) guarantee the adequacy of the privacy or security practices employed by or the content and media provided by any third parties or their websites, (2) control third parties' independent collection or use or your information, or (3) endorse any third-party information, products, services, or websites that may be reached through embedded links on the Platforms.

Some third parties may use automated data collection technologies to collect information about you when you browse the Internet. The information they collect about your online browsing activities over time and across different websites and other online services may be associated with your personal information and used to provide you with targeted content. We do not control these third parties' technologies or how they may be used. If you have any questions about targeted content, you should contact the responsible party directly or consult their privacy policies.

10. Cookie & Related Technologies

A "cookie" is a small file created by a web server that can be stored on your device (if you allow) for use either during a particular browsing session (a "session" cookie) or a future browsing session (a "persistent" or "permanent" cookie). "Session" cookies are temporarily stored on your hard drive and only last until they expire at the end of your browsing session. "Persistent" or "permanent" cookies remain stored on your hard drive until they expire or are deleted by you. Local shared objects (or "flash" cookies) are used to collect and store information about your preferences and navigation to, from, and on a website. First-party cookies are set by the website you're visiting, and they can only be read by that site. Third-party cookies are set by a party other than that website.

In addition to cookies, there are other automatic data collection technologies, such as Internet tags, web beacons (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that can be used to collect data as users navigate through and interact with a website.

We use cookies and similar technologies for purposes such as to improve website, mobile application, and portal functionality, to measure and track how users interact with those platforms, to market to users, to authenticate users, to store and maintain user preferences and settings, and to otherwise tailor communications with users.

11. Your Rights & Choices Regarding Personal Information

Please use the "Contact Us" details provided at the end of this Notice to exercise your rights and choices concerning the handling of your information. We honor such requests when we are required to do so under applicable law.

11a. Email Opt-Out We may send you emails about our services and other updates. If you no longer wish to receive communications from us via email, you may opt-out by clicking the "unsubscribe" link at the bottom of our emails, if applicable, or by submitting a request via the "Contact Us" details at the end of this Policy and providing your name and email address so that we may identify you in the opt-out process. Once we receive your instruction, we will promptly take corrective action. Please note that users on the App cannot opt out of receiving transaction emails related to their account.

11b. Accuracy and Updating Your Information Our goal is to keep your information accurate, current, and complete. If any of the information you have provided to us changes, please let us know via the "Contact Us" details at the end of this Policy. For instance, if your email address changes, you may wish to let us know so that we can communicate with you. If you become aware of inaccurate personal or business information about you, you may want to update your information. We are not responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal or business information that you provide to us.

11c. Complaints If you believe your rights relating to your personal or business information have been violated, please contact us via the "Contact Us" details provided at the end of this Notice.

11d. The Children's Online Privacy Protection Act ("COPPA") COPPA as well as other data privacy regulations, restrict the collection, use, or disclosure of personal information from and about children on the Internet. Our platforms and services are not directed to children aged 13 or younger, nor is information knowingly collected from children under the age of 13. No one under the age of 13 may access, use, or provide any information to the Company or the Company's platforms. If you are under 13, please do not use or provide any information to the Company. If we learn that we have collected or received personal information from a child under the age of 13 without a parent's or legal guardian's consent, we will take steps to stop collecting that information and delete it. If you believe we might have any information from or about a child under the age of 13, please contact us via the "Contact Us" details provided at the end of this Notice.

11e. Nevada Residents You may submit a verified request to us at support@getbankshot.com to request that we not make any sale (as defined under Nevada law) of any covered information (as defined under Nevada law) that we have collected or will collect about you. Please provide your name and contact information in your request. We will respond to your request in accordance with Nevada law.

12. Tracking Technologies and User Consent

We use cookies and similar tracking technologies to collect information about your online activities over time and across different websites and online services. We use CookieYes to manage user consent for these technologies.

When you visit our website, you will see a consent banner powered by CookieYes. This banner provides detailed information about the types of cookies we use and allows you to:

  • Accept all cookies
  • Reject all cookies
  • Customize your cookie preferences

You can change your consent preferences at any time by clicking on the Cookie Settings link in the footer of our website. 

13. Legal Compliance and Case References

We are committed to complying with all applicable privacy laws, including the California Invasion of Privacy Act (CIPA). Our practices are informed by recent legal precedents, such as Levings v. Choice Hotels Int'l (2024 WL 1481189), which emphasized the importance of explicit user consent and transparency in data collection.

We use CookieYes to ensure compliance with these laws by managing user consent for cookies and tracking technologies. We regularly review and update our privacy practices to ensure compliance with the latest legal requirements and to protect our users' privacy.

14. User Rights and Control

You have the right to:

  • Access the personal information we hold about you.
  • Request the correction or deletion of your personal information.
  • Withdraw consent for data processing at any time.

To manage your cookie preferences, you can use the CookieYes consent banner on our website. You can also change your preferences at any time by clicking on the Cookie Settings link in the footer of our website.

To exercise other rights or for more information, please contact us at 3490 Piedmont Rd NE Suite 1350 Atlanta, GA 30305 support@getbankshot.com. We will respond to your request in accordance with applicable laws and within the timeframe specified by those laws.

15. Contact Us

You may direct questions or comments about this Notice, access or correct the personal information we hold about you, or make a complaint about how we have handled your personal information by contacting us using the information below, and we will do our best to assist you:

Bank Shot Support Team

3490 Piedmont Rd NE Suite 1350 Atlanta, GA 30305 

support@getbankshot.com 

678-842-4255

16. Specific State Rights

Depending on your state of residence in the United States of America, you may have other rights regarding the collection, use, storage, and deletion of your personal information.

16a. Vermont We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, financial information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures.

16b. California The California law provides California residents with specific rights regarding their personal information. This section describes those rights and explains how to exercise those rights.

16.1 Right to Know and Data Portability You have the right to request that we disclose certain information to you about our collection and use of your personal information every year. (the "right to know"). Once we receive your request and confirm your identity, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: sales, identifying the personal information categories that each category of recipient purchased; and disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
  • The specific pieces of personal information we collected about you (also called a data portability request).

16.2 Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the "right to delete"). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will delete or de identify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

16.3 Exercising Your Rights to Know or Delete

To exercise your rights to know or delete described above, please submit a request to:

Bank Shot Support Team 

3490 Piedmont Rd NE Suite 1350 Atlanta, GA 30305 

support@getbankshot.com 

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information. You may only submit a request to know twice within a 12-month period. Your request to know or delete must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

We will only use personal information provided in the request to verify the requestor's identity or authority to make it.

16.4 Response Timing and Format

We will confirm receipt of your request within fourteen (14) business days. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

17. Changes to this Policy

We may add to, change, update, or modify this Policy to reflect any changes to how we treat your information or in response to changes in law. Should this Policy change, we will provide the updated version to you. Any such changes, updates, or modifications will be effective immediately upon posting. The date on which this Policy was last modified is identified at the beginning of this Policy.

You are expected to, and you acknowledge and agree that it is your responsibility to, carefully review this Policy prior to using the Company's services or its platforms, and from time to time, so that you are aware of any changes. Your continued use of the Company's services and Platforms will constitute your acceptance of and agreement to such changes and to our collection and sharing of your information according to the terms of the then-current Policy. If you do not agree with this Policy and our practices, you should not use the Company's services or Platforms.