PRIVACY AND SECURITY
Last updated May 22, 2018
This XTGlobal Online Privacy Notice (Notice) applies to www.xtglobal.com, www.circulus.io and app.circulus.io. The term “XTGlobal” or “we” or “us” or “our” in this Notice refers to XTGlobal and its affiliates or subsidiaries that link to this Notice. This Notice describes how Sites may collect, use and share information from or about you and explains how information may be collected and used based on online interactions with our advertisements that appear on the Sites and third party websites. The use of information collected through our service shall be limited to the purpose of providing the service for which the Client has engaged XTGlobal.
Please note the terms and conditions of this Notice control. By using the Site, you agree to the terms and conditions of this Notice.
Collecting and Using Information
Personal Information We Collect Online
We collect the following personal information on this Site: name, postal or email addresses, telephone, fax or mobile numbers, social security number, date of birth, credit card and bank account information.
How We Use Personal Information
We may use Personal Information collected on our Site:
- to respond to your inquiries and fulfill your requests;
- to send you important information regarding the Site, changes to terms, conditions, and policies and/or other administrative information;
- to send you marketing communications that we believe may be of interest to you;
We may use Personal Information in our Service:
- to allow you to apply for products or services and evaluate your eligibility for such products or services;
- to verify your identity and/or location (or the identity or location of your representative or agent) in order to allow access to your accounts, conduct online transactions and to maintain measures aimed at preventing fraud and protecting the security of account and Personal Information;
- to allow you to participate in surveys, sweepstakes, contests and similar promotions and to administer these activities. Some of these activities have additional rules, which may contain additional information about how Personal Information is used and shared;
- to allow you to use Site tools. Please note that some tools require that you provide Personal Information to use, whereas others do not. Information that you enter into one of these planning tools may be stored for future access and use. You have the option not to save the information;
- collected through aggregation services in order to consolidate your financial account information at one online location; understand what product or service may be of interest to you; and present you with offers;
- collected through our social media pages and interactions with you to assist in verifying your identity and account status. We may combine this information with information we already have;
- for business purposes, including data analysis, audits, developing and improving products and services, enhancing the Site, identifying usage trends and determining the effectiveness of promotional campaigns;
- for risk control, for fraud detection and prevention, to comply with laws and regulations, and to comply with other legal process and law enforcement requirements;
- to allow you to utilize features within our Sites by granting us access to information from your device such as contact lists, or geo-location when you request certain services that are dependent on your physical location.
XTGlobal also collects information under the direction of its Clients, and has no direct relationship with the individuals whose personal data it processed. If you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our Service, please contact the Client that you interact with directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Clients.
We obtain credit information about you from an outside credit reporting agency to help us with customer authentication and credit-related decisions.
How Personal Information is Shared
We will share your personal information with third parties only in the ways that are described in this privacy notice. We do not sell your personal information to third parties. We may provide your personal information to companies that provide services to help us with our business activities such as shipping your order or offering customer service. These companies are authorized to use your personal information only as necessary to provide these services to us.
In certain situations, XTGlobal may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We may also disclose your personal information:
- as required by law, such as to comply with a subpoena, or similar legal process
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request,
- if XTGlobal is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information,
- to any XTGlobal affiliate, parent, subsidiary, sister, contractor and/or joint venture entity.
Our Site offers a publicly accessible blog pages. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our pages, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
User Access and Choice
Upon request XTGlobal will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at email@example.com.
If your personal information changes, or if you no longer desire our service, you may correct, update, amend, ask to deactivate your account by making the change on your member information page or by emailing our Customer Support at firstname.lastname@example.org or by contacting us by telephone or postal mail. We will respond to your request to access within 30 days.
XTGlobal has no direct relationship with the individuals (who do business with XTGlobal’s Client) whose personal data it processed. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the XTGlobal’s Client (the data controller). If requested to remove data we will respond within a reasonable timeframe.
If you have signed up to receive marketing communications from us, you may choose to stop receiving these emails by you may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, accessing the email preferences in your account settings page or you can email us.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We will retain personal data we process on behalf of our Clients for as long as needed to provide services to our Client. XTGlobal will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Information Collected and Used Through Technology
We and our third-party service providers may collect and use Other Information in a variety of ways, including:
- Through your browser: Certain information is collected by most browsers, such as your Media Access Control (MAC) address, device type, screen resolution, operating system version and internet browser type and version. We use this information to ensure Sites function properly and for security purposes.
- Using cookies: Cookies are pieces of information stored directly on the device you are using. Cookies we use do not contain or capture unencrypted Personal Information. Cookies allow us to collect information such as browser type, time spent on the Site, pages visited, language preferences, and your relationship with us. We use the information for security purposes, to facilitate navigation, to display information more effectively, to personalize/customize your experience while visiting the Site, and to recognize your device to allow your use of our online products and services. We collect statistical information about the usage of the Site in order to continually improve the design and functionality, to monitor responses to our advertisements and content, to understand how account holders and visitors use the Site and to assist us with resolving questions regarding the Site. We also utilize cookies for our online advertising purposes. Please see the Advertising section below for more information. You can refuse to accept these cookies and most devices and browsers offer their own privacy settings for cookies. You will need to manage your cookie settings for each device and browser you use. However, if you do not accept these cookies, you may experience some inconvenience in your use of the Site and some online products and services. For example, we will not be able to recognize your device and you will need to answer a challenge question each time you log on. You also may not receive customized advertising or other offers from us that may be relevant to your interests and needs.
- Using pixel tags, web beacons, scripts, clear GIFs or other technologies: These may be used in connection with some Site pages, and HTML-formatted email messages to measure the effectiveness of our communications, the success of our marketing campaigns, compile statistics about usage and response rates, and to assist us in resolving account holders’ questions regarding use of our Site. XTGlobal and companies performing analytical services on our behalf may use these technologies to analyze trends, administer the site, track users’ movements around the site and gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
- Flash objects: We use Local Storage, such as HTML5, to store content information and preferences. Third parties with whom we partner to provide certain features on our website or to display advertising based upon your web browsing activity also use HTML5 to collect and store information. Various browsers may offer their own management tools for removing HTML5
- Log Files: As is true of most web sites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information we collect about you. Your IP Address is a number that is automatically assigned to the device that you are using by your Internet Service Provider (ISP). An IP Address is identified and logged automatically in our server log files whenever a user visits the Site, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice on the internet and is done automatically by many web sites. We use IP Addresses for purposes such as calculating Site usage levels, helping diagnose server problems, for compliance and security purposes and administering the Site.
- Aggregated and De-identified Data: Aggregated and De-identified Data is data that we may create or compile from various sources, including but not limited to accounts and transactions. This information, which does not identify individual account holders, is used for our business purposes, which may include offering products or services, research, marketing or analyzing market trends, and other purposes consistent with applicable laws.
XTGlobal advertises on pages within the Sites as well as on other websites and mobile apps not affiliated with XTGlobal. Information collected by us or our advertising service providers through cookies and other technologies includes the number of people who look at each of the pages on the Sites, search engine referrals, browsing patterns within the Sites, and responses to advertisements and promotions on the Sites and on websites where we advertise.
Advertising on our Sites
XTGlobal advertises our products and services on pages within the Sites. These advertisements may take the form of banner ads, splash ads (ads that appear as you sign on or sign off of your online accounts), and other formats.
Relationship based advertising
XTGlobal may customize content and advertisements for our products and services on the Sites we own. In order to make the content and advertising as informative and useful as possible, we may use information about your relationship with us (such as types of accounts, transactional information or the state in which you bank).
Online Behavioral Advertising
We also use advertising service providers to help us determine which of our advertisements are most likely to be of interest to you using certain Other Information such as web pages visited, search keywords entered, or your activities on our Site. We limit access and collection of information for specific purposes by advertising service providers.
Advertising on third party sites
XTGlobal contracts with advertising companies to advertise our products and services on websites and mobile apps not affiliated with us. We may use Aggregated and De-identified Data and information provided by you to these third party websites to select which of our advertisements or offers may appeal to you, display them to you and monitor your responses. Third Party websites are not subject to XTGlobal Privacy Notices. Please visit the individual websites for additional information on their data and privacy practices and opt-out policies.
Online Behavioral Advertising
Some of our customized ads are behavioral advertising, and may be served using data collected through cookies and other technologies by third party websites. Cookies placed on our behalf by these companies, do not contain or capture Personal Information. We limit companies that place our ads from using information for any purpose other than to assist us in our advertising efforts.
XTGlobal’s Mobile Applications for U.S. accounts (“Applications”) allows you to access your account balances and pay bills on your mobile device. This Notice applies to any personal information or other information that we may collect through the Applications.
Linking to other sites
We may provide links to third party websites, such as credit bureaus, service providers or merchants. If you follow links to websites not affiliated or controlled by XTGlobal, you should review their privacy and security policies and other terms and conditions, as they may be different from those of our Sites. XTGlobal does not guarantee and is not responsible for the privacy or security of these websites, including the accuracy, completeness, or reliability of their information.
You may also use your Intuit account to log into your XTGlobal account. If you are an Intuit QuickBooks user, you may choose to import information to your XTGlobal account.
Social media sites
To protect Personal Information from unauthorized access and use, we use security measures that comply with applicable federal and state laws. These measures may include device safeguards and secured files and buildings as well as oversight of our third party service providers to ensure information remains confidential and secure.
Our fraud prevention and security systems protect you with the latest encryption technology and secure email communications. Computer anti-virus protection detects and prevents computer viruses from entering our computer network systems while firewalls block unauthorized access by individuals or networks.
We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Web site, you can contact us at email@example.com
XTGlobal uses encryption technology, such as Secure Socket Layer (SSL), on its website to transmit sensitive information, such as financial information. This protects data in 3 key ways:
- Authentication ensures that you are communicating with us and prevents another computer from impersonating XTGlobal
- Encryption scrambles transferred data so that it cannot be read by unauthorized parties
- Data integrity verifies that the information you send to XTGlobal is not altered during the transfer. The system detects if data was added or deleted after you sent the message. If any tampering has occurred, the connection is dropped.
Using other aggregation websites
Other companies offer aggregation websites and services that allow you to consolidate your financial account information from different sources (such as your accounts with us or with other financial institutions) so that you can view all your account information at one online location. To do this, an aggregation provider may request access to Personal Information, such as financial information, usernames and passwords. You should use caution and ensure that the aggregator company has appropriate policies and practices to protect the privacy and security of any information you provide or to which they are gaining access. We are not responsible for the use or disclosure of any Personal Information accessed by any company or person to whom you provide your Site username and password.
If you provide your Site username, password or other information about your accounts with us to an aggregation website, we will consider that you have authorized all transactions or actions initiated by an aggregation website using access information you provide, whether or not you were aware of a specific transaction or action. If you decide to revoke the authority you have given to an aggregation website, we strongly recommend that you change your password for the Site to ensure that the aggregation website cannot continue to access your account.
Making sure information is accurate
Keeping your account information accurate and up to date is very important. If your account information is incomplete, inaccurate or not current, please use the Contact Us option on our Site, or call or write to us at the telephone numbers or appropriate address for changes listed on your account statements, records, online or other account materials. You can also speak to a customer representative or account representative.
Protecting individual health information
To the extent that we receive, maintain, or process an individual’s protected health information, XTGlobal may disclose that information electronically as authorized by and in accordance with applicable federal and/or state law.
Updates to this Privacy Notice
We may update this Notice to reflect changes to our information practices. If we make any significant changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. Please review this Notice periodically. If we make changes to the Notice, we will revise the “Last Updated” date at the top of this Notice.
Toll Free: (866) 446-2910
Direct: (972) 755-1800
2701 North Dallas Pkwy Ste 550
Plano, TX 75093
App.Circulus.io Security Policy
The Circulus Security Policy applies to the security policies, safeguards and procedures as implemented throughout the Circulus web application housed on app.circulus.io. The terms “Circulus,” “we,” “us,” and “our” in this document refer to Circulus and its affiliates or subsidiaries that link to this document. Circulus recognizes that protecting our customer’s data is a fundamental and paramount priority, and the details below outline our security and access controls in place to ensure the highest levels of online security:
- The site is hosted on cloud servers, to which only approved internal personnel are granted access on a limited and role-based basis. Access to these servers are approved by multiple Circulus department heads. All system access is removed immediately upon employee separation or within 90 days when an employee role changes. Access to physical assets is restricted to authorized personnel only.
- All customer and vendor data is stored with a unique identifier, and is accessible solely from within the Circulus application. Only after successful login is the customer and vendor data visible to the corresponding user. Our internal technical and support team may access customer data, in order to resolve user issues and assist with user requests.
- The Circulus servers are hosted at a SSAE 16 SOC 1 Type II level facility, with complete infrastructure monitoring and management administered by the 3rd party service provider. All network and system-level vulnerabilities are addressed within a timely manner, according to vendor service level agreements (SLA). Any issues with custom-built software is managed and addressed directly by internal technical support.
- For security purposes, sensitive information is encrypted prior to saving it in the Circulus databases. Only upon a successful account login of a verified and legitimate user is the data decrypted for access.
- Only users validated through Experian’s Precise IDSM service are permitted to utilize the bank account integration capabilities of the Circulus platform.
- Password strength requirements include an 8-character minimum, including at least 1 alpha, 1 numeric and 1 special character for the Circulus SMB platform. For Enterprise platform, the password policy adheres to the client password policy.
- Emails and attachments sent to the Circulus platform from customer or vendors are processed through spam algorithms and virus scanning prior to insertion into the Circulus platform. Anti-virus software is installed on all servers to prevent virus attacks.
- The security and integrity of transmitted data between browser and server is ensured by deploying Secure Sockets layer (SSL) certificates on our web servers.
- Dedicated firewall protects unwanted internet traffic from reaching our servers.